What is it?
Phishing is an email-based fraud, and is a form of social engineering. Fraudsters attempt to manipulate the victim in an attempt to divulge passwords or sensitive information that will allow them to steal money.
How does it happen?
Phishing involves a fraudster, posing as a legitimate source, sending emails that aim to trick people into divulging sensitive information or transferring money into other accounts. The emails typically contain a link to a fake website, which will request that you enter financial information, passwords or other sensitive information.
Alternatively, emails may contain an attachment in the form of a document, form or notification. Equally, the email may be designed to contain and deliver malware via an attachment or a link. If the link is clicked or the attachment opened, the criminal will be able to gain access to your system.
Be more like Derek – an office legend
Derek has become an office legend simply by spotting scams and, in turn, saving his company big money. Want to know how he does it? See Derek thwart a fraudster’s attempt at invoice fraud.
- Be alert to the style, tone and grammar of emails you receive, especially if the email doesn’t address you by name (e.g. “Dear Sir/Madam”).
- Never enter any personal or security information on a site accessed through a link in an email.
- Never click on links or open attachments from senders you are unsure of.
- On sites that require you to input sensitive information, look for ‘https’ in the website address – the ‘s’ stands for ‘secure’, though be aware that this does not guarantee the website is genuine.
- Do not assume a sender is genuine because they know information about you / your company or the email address looks familiar – fraudsters are skilled in collecting enough information and can spoof email addresses to make them appear to be from a genuine contact, including someone from your own organisation.
- Remember that your bank may ask you for some information, but will never ask for your full password or PIN, provide you with details to make a payment, or request that you grant them access to your systems or PC.
- If you receive a suspicious email purporting to be from Barclays, forward it to email@example.com then delete it straight away
- Make all staff aware of this type of fraud, particularly those that make payments.
A case study
Employees of a client received an email appearing to be from their employer asking them to log into their 'secure portal' in order to find out what their annual bonus figure would be.
The email contained a link leading to a fake portal which looked like the genuine one, which duped employees into thinking they were logging on securely. Fraudsters were able to capture the log in credentials of each employee who entered them on the fake portal.
Following this, the fraudsters were able to use these details to log in to the genuine secure portal, and change the employee's bank details, so that earnings were paid into the fraudster's account and transferred away.
What to do if you suspect you’ve received a suspicious email
If you believe you may have fallen victim to a phishing scam, contact us immediately. Our team will try to recover the money from the fraudster’s bank account. The quicker you alert your bank, the greater the chance of recovering the funds.
Report it to ActionFraud – the police’s national fraud and cyber crime reporting centre. Even if you’ve not suffered any financial loss, this will allow the police to analyse trends and help them to prevent fraudsters exploiting other companies. You can file a report via their website at www.actionfraud.police.uk^.
If you receive a suspicious email that appears to be from Barclays, please forward it to firstname.lastname@example.org and then delete it from your email account immediately.
If you have any queries, please speak to your Relationship Director.
If you fall victim to fraud on your Barclays payment channels, call the Online Fraud Helpdesk immediately on: 0330 156 0155*
Fraudulent attacks, even if unsuccessful, should be reported to Action Fraud by calling 0300 123 2040.