Over half of UK businesses (of all sizes) reported a cyber breach or attack in 2019, according to research conducted by the insurance firm, Hiscox, and reported by the BBC.
These figures are somewhat higher than the government's survey figures, published slightly earlier in 2019, which found that around a third of businesses were suffering cyber attacks, with the most common attacks being phishing, impersonation of others on email, and malware.
Malware – short for ‘malicious software’ is often at the root of any cybercrime. Our guide covers this in more detail below. Malware is used in different ways. While in some cases, it can simply be designed to cause disruption or chaos, most often, it’s used by criminals who want to steal valuable data.
There are 3 main ways cyber criminals attempt to steal confidential data: by phishing, vishing, and smishing. We turned to Ankura's Rob Jones for help explaining these 3 crimes, as well as malware. Rob shared this expert advice on what you should look out for and what you can do about them.
Phishing is where cyber criminals trick people via email into providing them with confidential information. They do this by pretending to be a business that the recipient would be likely to trust.
For example, they may send an email pretending to be your bank who needs your passwords, or pretending to be an ecommerce store asking for you to update your payment details.
Phishing emails may also contain attachments that, when clicked on, adds something on to the user’s computer that then copies their confidential data. This is known as ‘malware phishing’.
As a rule, don’t click on any links or open any attachments that are sent via email, unless you are 100% certain that the sender is genuine.
If you're not sure, look up the sender's name and email address on the internet before you open anything from them.
Also look them up by adding the word 'scam' to your search terms. This may be helpful in uncovering reported fraud from others about this sender; although just because you cannot find anything on them, does not mean that this they are a legitimate source.
Only visit websites you know to be reputable.
Another form of phishing is known as ‘pharming’, which is where the user is redirected to a fraudulent website or web-based service, where they unsuspectingly give their details to a scammer masquerading as a company they know and trust.
What to look out for
Check if the email address is exactly the same as the one that has contacted you before. Take a look at the wording of the email itself, including its subject-heading – are there any very specific personal details?
For example, genuine emails are likely to include details such as your account/customer reference number. They are also less likely to greet you by your full name.
Also, is the tone particularly over the top? For example, uppercase letters throughout, multiple exclamation marks, words like ‘urgent’?
And take a look at their logo – does it look different to the one you’re familiar with, or is it a low-quality, blurry image? Poor spelling and odd sentence structure should also arouse your suspicion.
These details are often a giveaway sign of the email not being from a genuine company.
If you see a button or hyperlink asking you to verify your details or update your account, or an attachment, be wary – these links may be malware.
And if you think you’ve been a victim of fraud, contact your bank immediately.
This is similar to phishing – but rather than fraudulently using email to gain confidential information, the telephone is used instead.
Here, criminals phone people under the guise of a company that’s trusted (e.g. their bank or utility company) and ask them to provide their confidential details – even details like PIN numbers, which even banks aren’t actually allowed to ask for.
What to look out for
Is the number you’re being called from listed on the company’s website? If not, it could be that the caller isn’t genuine.
If you’re asked to provide confidential information over the phone by someone who has called you, simply end the call without giving any information. Call the number listed on the company’s website to report the call and confirm whether it was genuine.
If you were right to be suspicious, the company can then take steps to help prevent these criminals from carrying on this activity.
Smishing is like phishing and vishing – but rather than using emails or phone calls, text messages are used instead.
This typically happens in one of two ways: either the text message asks you to phone a number and then you’re asked to give details over the phone, or the text message asks you to visit a website that’s designed to put a virus on to the phone or computer you visit the website from.
What to look out for
Similar to phishing, pay attention to the tone of the text message. It’s very unlikely that a genuine company would use unnecessary uppercase letters or numerous exclamation marks to mark something as urgent.
In addition, double-check whether you have ever given your mobile number to the company that the message is claiming to be from.
It’s a good idea to delete the text from your phone and to contact the company by the phone number on their website to report what has happened.
Want to access this guide?
Already have a Farillio account? SIGN IN
Get unlimited access to 100s of legal resources by signing up to Farillio today.
- Manage your legal documents online
- Well written legal templates by our partners
- Guides to help you understand law
- Legal help available every step of the way