Phishing attacks are as dangerous as any other malicious act performed by internet hackers and are becoming increasingly sophisticated.
Here’s our guide to what to be aware of.
As more of the general public are becoming educated on cyber security and taking steps to reduce the chance of falling victim to an attack, said attackers are introducing new methods to lower people’s guards.
A staggering one in five people fall victim to scams every year and nearly 50% of adults have been targeted by a scam. Phishing is a method cyber criminals use to steal sensitive information by making the victim believe they are a trustworthy entity. It’s usually over email, but can involve websites and social media accounts, or even old-fashioned mail through your letterbox. Attackers are able to fake their identity by using techniques such as email spoofing and can register an email address that looks very similar to one you would trust.
Effective phishing isn’t about being highly technical, but about being aware of the human condition and understanding how to lower someone’s guard merely through an email subject line. This is why there is a continuous evolution in phishing methods employed to catch people off guard.
In the past, avid anglers would use scare tactics to retrieve sensitive information from unsuspecting victims, using approaches such as “your account will be deactivated if…” to grab people’s attention – a form of cyber extortion we’ve since been desensitised to. Consequently, phishing campaigns have recently started to leverage the emotional effect charities have on the public. Figures from Action Fraud, the national reporting centre for fraud and cyber crime, show that almost £350,000 of charitable donations ended up in the pockets of criminals over the festive period in 2019.
Beware of the fakers
Televised disasters like the Grenfell Tower fire or the 2018 Florida school shooting were catalysts for cyber criminals, allowing them to tug at the heartstrings. With the speed at which news – real or fake – propagates through social media, along with the help of Twitter bots being used to interfere with trending hashtags, phishers were able to use these tragic events to their advantage.
In 2020, Action Fraud reported that it had received reports of a scam email, purporting to be from HM Government, asking for donations to the NHS as part of a “nationwide appeal in efforts against coronavirus”. The Charity Commission also warned that the pandemic has created environments that are enabling charity fraud.
Fake donation emails and charity websites have started to become the norm for phishers, causing problems for more than just the victim. Donors are made to think they’re contributing to a legitimate cause, completely unaware that their donation is going into the pocket of fraudsters, not towards helping those in need.
The best way to protect yourself is to remain vigilant when reading an email, instant message or a social media post about helping those less fortunate. Make sure you have up-to-date virus protection software, don’t click on any links or open attachments if you don’t know where they have come from, and make regular backups.
If you want to donate to an organisation, it’s best to go directly to their website. Use websites like gov.uk’s Charity Commission or Give.org, which allow you to research organisations, providing peace of mind that you’re giving to legitimate charities that aren’t going to disappear once you’ve clicked 'send donation'.
If you come across what you think is a fake charity that is trying to scam you, the best thing to do is report it. For the charities who suspect they may have fallen victim to cyber fraud, Harvey Grenville, Head of Investigations and Enforcement at the Charity Commission, advises that they “report it immediately to Action Fraud and to the Commission. You can visit charitiesagainstfraud.org.uk for advice and top tips on how to protect your charity against cyber-fraud.”
It’s important that phishing attempts are reported, not just deleted. Working as a community will help to fix this problem and ensure everyone’s donations are sent to legitimate charities instead of scammers.