With human error the leading cause of data breaches, the Information Commissioner’s Office (ICO) has produced a handy toolkit to help businesses communicate the importance of information security to all employees. One of the tips included in the toolkit is designed to stop staff from falling victim to phishing attacks.
As well as helping to reduce instances of cybercrime in the workplace, these tips should also be followed to stop people from falling victim to phishing attacks in their private lives.
Tip: Phishing email? Don’t get caught hook, line and sinker.
What is phishing?
Phishing fraudsters contact you using emails, texts, and other forms of communication. They disguise themselves as someone you trust. Their goal is to trick you into giving them your personal information (e.g. usernames, passwords, credit card details, etc.) and steal from you.
The impact of phishing can be devastating. Victims can go on to suffer from distress and/or psychological trauma because of having their details stolen and used in fraudulent activity. Existing mental health conditions can also be exacerbated. So, even if you get your money back, the impact of phishing can be devastating.
Typical phishing scams include:
- Where fraudsters contact you posing as your bank.
- Where fraudsters contact you pretending to be an organisation (e.g. Apple or Microsoft) and encourage you to let them access your computer.
- Where scammers send a fake email from a service you use (e.g. PayPal, Amazon, etc.). These emails divert you to a fake page that encourages you to enter your confidential details (e.g. login and passwords).
- Where scammers send you a fake email from a person or company you know and trust. Often these emails include your personal information to reassure you that they are genuine and lure you into opening a malicious email attachment or clicking on a dangerous link.
- Where scammers pretend to be from someone in the same company as you in a bid to steal the private data of your customers.
Phishing is a very serious crime and victims often suffer both financial loss and distress.
At Keller Postman UK, our data breach lawyers help people to make successful phishing claims to compensate for their loss and distress.
Check out these tips on how to spot phishing attacks and prevent cybercriminals from stealing your information.
- Beware of emails with poor spelling and grammar. This is one of the most common signs that an email isn’t legitimate. However, phishing scammers are getting more sophisticated, and sometimes it’s almost impossible to tell a fake email from a real one.
- Roll over hypertext links (without clicking them) to see if the actual URL differs from the one displayed.
- Hover your mouse over the email address in the ‘from’ field to see if the website domain matches that of the organisation the email claims to be from.
- If you get an email warning you that your account has been closed or put on hold, go to the organisation’s website (via Google, not the email) and contact them to make sure the email is legitimate. Do this regardless of how authentic the message appears to be.
- If you receive an email informing you that you’ve won a prize (or the lottery) do not provide any personal information without checking that this is genuine. If you cannot remember entering the competition is it probably a scam.
- Do not respond to emails asking you to make a charitable donation. If you’d like to donate to a charity, do so by visiting their website directly.
- If you receive an email that looks in any way suspicious, never click to download the attachment, as it could be malware.
- If you are in any doubt, DO NOT click on any links or open any attachments. Instead, you should go to the organisation’s website directly (not via the email) and contact them to make sure the email is legitimate.
If you have been the victim of phishing, or attempted phishing, you should contact Action Fraud ASAP. If you have lost money as a result of the scam, you must also report it as a crime.
Phishing scam compensation after a data breach
You might be eligible for phishing compensation if an organisation has failed to protect your personal data.
Phishing often happens following a data breach. Criminals use the data exposed in breaches (e.g. names, account info and other personal data) to trick people into believing they are genuine.
Stolen data is easy to buy on the dark web, so if you are the victim of a data privacy violation, it is quite likely that different criminals could be trying to use your data against you.
Stolen data is also used in batches over time, so the impact of a data breach might not be immediately apparent.
IF YOU ARE THE VICTIM OF A PHISHING SCAM BECAUSE OF POOR DATA PROTECTION PROCESSES, WE CAN HELP YOU TO CLAIM COMPENSATION FROM THE ORGANISATION RESPONSIBLE.