Guest blog: Tis the Season to be Cautious

Wayne Harris is an IT security expert and compliance officer at ITCS. He discusses why Welsh businesses and individuals should be especially cautious about fraud and phishing attacks at this time of year.

As the festive season approaches rapidly, we see an increase in cyber-crime, phishing attacks and fraud attempts. I’m sure most businesses and individuals have read about or even seen these attack emails, and believe that we would not fall for them, but beware, they are becoming more and more complex and plausible.

A common attack at this time of year is a phishing email masquerading as a supplier email such as Amazon or delivery tracking email.  As our shopping habits change to on-line services, it opens up an opportunity for the criminals to gain your trust.

After all, you probably have just ordered goods from one of these suppliers or used your Pay Pal account, haven’t you?  These attacks may be trying to gain access to your bank account/credit card details or using these emails and links to deliver a Virus or Trojan on to your systems, such as ransomware.

Here are a few tips to avoid falling for these scams.

Make sure the website you are ordering from is legitimate. We see more and more online shopping scams at this time of year, and they are becoming increasingly difficult to spot – gone are the times of poorly constructed websites or emails. The fraudsters are putting in more effort these days.

Don’t use your business email address for registering to online services. That way, if you get one of these emails to your business email address, you know it is categorically a scam.

Don’t click on any links contained in the email, even if it looks genuine. If you have ordered goods from an on‑line store, use the store website to track your order progress.

Clicking on links within an email may download malicious software or take you to a fake website to steal your credentials or financial information.

Check the sender address very carefully, and look for badly composed emails or spelling mistakes. However, fraudsters are getting harder to spot as the attacks are becoming more complex and organised, so don’t assume something that looks genuine automatically is.

When you place the order, you probably received a confirmation number – make a note of it. Suppliers generally include these details in any emails they send, so be sure to check them.

Don’t reply to any emails that you receive. This builds up a sense of trust between yourself and the attacker, and you could just get in deeper.

Email spam services will generally not pick up on these types of attacks, as they don’t contain malicious code in the source email. And unless they’re are from a blacklisted domain, they will not score highly on the Bayesian database, which is used to calculate the probability of spam.

Image credit: Ed Ivanushkin