How contractors can recognise a phishing scam
It was reported last year that scams were on the rise during lockdown, going up by a massive 66%. This has shown no sign of abating and, in fact, very recently eight men were arrested in connection with a text scam which saw people receive messages supposedly from Royal Mail asking them to pay a customs charge on a parcel. The link on the text would take customers to a fake version of Royal Mail’s site and use it to steal personal and bank details.
The practice, known as “smishing” is a form of the more commonly known phishing, which itself is a cybercrime that lures people into giving personal data so that criminals can steal their money, identity, or passwords. People fall prey to phishing scams every single day but there are ways to spot them and avoid becoming a victim yourself.
Look for typos
We’re all human and we all make typos from time to time (even those of us on the Kingsbridge content team), but you really wouldn’t expect an official email or message from Royal Mail, HMRC, or your bank to be riddled with spelling and grammar mistakes, would you? If you can see easily avoidable typos cropping up in a message, this is a clear red flag that it should be sent straight to your spam folder.
Was the message expected?
When you see a text supposedly from Royal Mail telling you that you need to pay a small fee to retrieve a parcel, it’s all too easy to click on the link as many people did only recently. However, stop and think before you click.
Are you expecting a parcel? If you are, is it even coming via Royal Mail? Would it actually be coming through customs or is it coming from a UK-based supplier? If the answers to those questions don’t add up, don’t click the link.
Check the contact details
The contact details for an email or text can be a dead giveaway as to whether it’s a phishing scam or not. If it’s an email, you would expect the message to be sent from an organisation’s email address with the correct domain name and formatting. If instead, it comes from a personal email address then it’s likely a scam.
No legitimate company would ever have emails go out from personal accounts. If it’s a text, again, take a look at who it’s from. Many businesses and organisations now automatically display their name, so the text will say it’s from HM GOV, NHS Booking or RoyalMail, for example. If it’s coming from a random mobile number, this is a red flag that it’s not genuine.
Don’t click on attachments and links
Always be wary of attachments and links. As a rule of thumb, don’t open the attachment unless it’s from a known person or it’s something you’re expecting. As for links, don’t click until you’ve checked. If the link is appearing as a hyperlink or button, you can hover over it with your mouse to see the full link.
If you’re on a phone or tablet, hold down on the button or link and a pop up will appear with the details. If the link doesn’t look genuine or features unusual spellings or domains, don’t click, send it to spam instead.
Don’t trust cold calls
If you get a call from someone claiming to be your bank telling you there has been fraudulent activity on your account, the best course of action is to hang up (and if they tell you not to do this, then alarm bells should start ringing).
Call the fraud team for your bank on the number that you have for them, and they will be able to confirm if the call was genuine or not. Treat all cold calls with suspicion. If you don’t recognise a number, or the number is unavailable, you could always just not answer.
A genuine caller will leave the message, and you could always Google the number – there are plenty of sites out there that let you know if callers are legitimate or not.
Get cyber cover
Of course, being vigilant is incredibly important, but it’s only one way to keep your data safe and it’s not completely infallible. If cybercriminals were able to successfully access your data, as a contractor it could cause problems for you both personally and professionally (not to mention for your clients).
To counteract this, Kingsbridge’s cyber liability insurance covers your business interruption costs, system and data rectification costs, regulatory defence and penalties, cyber extortion and ransom costs. It also gives you access to ReSecure, a dedicated 24-hour helpline and specialist cyber incident report service, giving you protection and peace of mind.
You can find out more about cyber liability insurance on our website.