Tweet
Following the amazing response LegalBEAGLES, Citizens Advice, Trading Standards, Action Fraud and other agencies have had on Facebook, Twitter and other social media platforms and forums, I have decided to make this post to explain the importance of why and how you should report spam and phishing emails.
Firstly what are the different types of messages sent and where do they come from?
Botnets - A botnet is a collection of robots and can be used maliciously to gain financial or other personal information.
Botnets send the majority of spam.
This can lead to web users giving out personal information that fraudsters can used to commit fraud.
Spam emails - Spam emails are emails sent out to millions of email addresses to try to gain personal information.
Once the personal information has been gained, fraudsters can use it to commit fraud, which could include bank fraud, credit card fraud and identity fraud and account take over fraud
Phishing - Phishing is a method used by fraudsters to access valuable personal details, such as usernames and passwords.
These can have a monetary value to criminals. Phishing can also involve sending malicious attachments or website links in an effort to infect computers or mobile devices. Criminals send bogus communications: emails, letters, instant messages or text messages. Very often these appear to be authentic communications from legitimate organisations or friends. Embedded links within the message can direct you to a hoax website where your login or personal details may be requested. You may also run the risk of your computer or smartphone being infected by viruses.
Once your personal details have been accessed, criminals can then record this information and use it to commit fraud crimes such as identity theft and bank fraud.
Phishing messages generally try to convince the recipient that they are from a trusted source. “Spear-phishing” is a technique whereby criminals use personal information to earn trust and lower the intended victim’s defences increasing the chances they may open attachments or embedded links.
Criminals have stepped up their activity by targetting business users by claiming that they have specific knowledge of the business. These may be business critical issues: customer feedback, requests for information, staffing or legal notices.
What to look out for and what you should do if you receive a phishing message
Smishing - Smishing is when fraudsters obtain personal details of a victim by SMS text messages.
Fraudsters can go on to use this personal information to commit fraud.
Vishing - Vishing is when fraudsters obtain personal details of a victim by phone.
Fraudsters can go on to use this personal information to commit fraud.
If you receive a spam email or phishing email, report it to the internet service provider (ISP) that was used to send you the email.
If the scam email came from a Yahoo! account, send it to abuse@yahoo.com. Gmail has a 'Report spam' button and Hotmail has a 'Report phishing' button.
Once you report the scam email, the internet service provider (ISP) can then close the account which sent the email.
You can also report the matter to the company or body being mimicked such as the bank, government department or other company cited in the email.
If you’ve lost money or information or your computer has been taken over by a phishing or malware attack, report it to Action Fraud.
Firstly what are the different types of messages sent and where do they come from?
Botnets - A botnet is a collection of robots and can be used maliciously to gain financial or other personal information.
Botnets send the majority of spam.
This can lead to web users giving out personal information that fraudsters can used to commit fraud.
Spam emails - Spam emails are emails sent out to millions of email addresses to try to gain personal information.
Once the personal information has been gained, fraudsters can use it to commit fraud, which could include bank fraud, credit card fraud and identity fraud and account take over fraud
Phishing - Phishing is a method used by fraudsters to access valuable personal details, such as usernames and passwords.
These can have a monetary value to criminals. Phishing can also involve sending malicious attachments or website links in an effort to infect computers or mobile devices. Criminals send bogus communications: emails, letters, instant messages or text messages. Very often these appear to be authentic communications from legitimate organisations or friends. Embedded links within the message can direct you to a hoax website where your login or personal details may be requested. You may also run the risk of your computer or smartphone being infected by viruses.
Once your personal details have been accessed, criminals can then record this information and use it to commit fraud crimes such as identity theft and bank fraud.
Phishing messages generally try to convince the recipient that they are from a trusted source. “Spear-phishing” is a technique whereby criminals use personal information to earn trust and lower the intended victim’s defences increasing the chances they may open attachments or embedded links.
Criminals have stepped up their activity by targetting business users by claiming that they have specific knowledge of the business. These may be business critical issues: customer feedback, requests for information, staffing or legal notices.
What to look out for and what you should do if you receive a phishing message
- Be aware and pro-active: When responding to emails or phone calls, never give your login or personal details. If you receive an email from a company that claims to be legitimate but is requesting these details, or a contact number tell them you will call them back. Use a contact number for the organisation that you have sourced reputably. Speak to them directly to confirm that the message is genuine
- Use your spam filter: If you detect a phishing email, mark the message as spam or junk, report it, then delete it. This ensures that the message cannot reach your inbox in future.
- Know your source: Never respond to a message from an unknown source. Take care not to click any embedded links. Phishing emails are sent to a vast number of randomly generated addresses. However, clicking embedded links can provide verification of your active e-mail address. Once this occurs it may facilitate the targeting of further malicious emails. Even “unsubscribe” links can be malicious. Ensure that the e-mail is from a trusted source and you are, in fact, subscribed to the service.
- Phishing is still a threat. Always remember that banks will never contact customer by email to ask for passwords or any other sensitive information by clicking on a link and visiting a website.
- The email address that appears in the ‘from’ field of an email is not a guarantee that the email came from the person or organisation that it claims to have originated from.
- Fraudsters are unlikely to know your real name, so the email may address you in vague terms, for example ‘Dear Valued Customer'.
- Phishing emails will probably contain odd ‘spe11ings’ or ‘cApitALs in the ‘subject’ box and contain spelling or grammatical errors in the email – this is an attempt to get around spam filters and into your inbox.
Smishing - Smishing is when fraudsters obtain personal details of a victim by SMS text messages.
Fraudsters can go on to use this personal information to commit fraud.
Vishing - Vishing is when fraudsters obtain personal details of a victim by phone.
Fraudsters can go on to use this personal information to commit fraud.
If you receive a spam email or phishing email, report it to the internet service provider (ISP) that was used to send you the email.
If the scam email came from a Yahoo! account, send it to abuse@yahoo.com. Gmail has a 'Report spam' button and Hotmail has a 'Report phishing' button.
Once you report the scam email, the internet service provider (ISP) can then close the account which sent the email.
You can also report the matter to the company or body being mimicked such as the bank, government department or other company cited in the email.
If you’ve lost money or information or your computer has been taken over by a phishing or malware attack, report it to Action Fraud.
Comment