Warning: phishing up 20% in a year in 'Social Engineering' boom

Sarah Coles
computer keyboard keys with...
computer keyboard keys with...

Get Safe Online is warning people to look out for the danger signs that could mean they're being targeted by phishing scams. The warning has been prompted by the worrying discovery that phishing is up 20% from this time last year, to 95,556 incidents in 12 months.

These kinds of scams contact victims out of the blue, and manipulate them into sharing confidential information. In many cases this comes in the form of email, but they may also telephone victims, text them, or send letters. They have even been known to leave a malware-infected USB stick lying around.

Get Safe Online warned that as opposed to the straightforward phishing attacks of the past, they are becoming increasingly sophisticated. Frequently the scammers piece together information from various sources - including social media and intercepted emails - in order to be more convincing. The fact that attacks are getting more sophisticated means they are harder to spot. The industry refers to this kind of scam as 'social engineering'.

The attacks will play on our fears - including our fears of scams. It's why figures from Action Fraud show that this type of scam peaked on 21 October last year - the day of the TalkTalk data breach - when criminals wanted to cash in on widespread panic.

Tony Neate, CEO of Get Safe Online said: "Social engineering is becoming ever more targeted and personal, which is why it's no surprise that the number of cases is on the rise. What's worrying, however, is the complex nature of these scams and how they tap perfectly into feelings that make us panic - if we get an email purporting to come from someone we trust (such as our bank) about something that is emotive to us all (money) and then demand that we act urgently, it's almost like the perfect storm."

Common scams

The researchers identified the top 11 themes for these scams:
1. BT account update
2. iTunes invoice
3. HMRC tax refund scam
4. Tesco vouchers, Apple ID, accident injury claim and other
5. Document attached
6. False invoice
7. Itinerary attachment
8. Suspended credit card account
9. Suspended Tesco Bank account
10. Sky services upgrade
11. Blocked Barclaycard

What can you do?

Get Safe Online says there are a number of things you can do to stay safe. On a very basic level, they say you should never reveal personal or financial data including usernames, passwords, PINs, or ID numbers to anyone who contacts you - for any reason. Remember that a bank or other reputable organisation will never ask you for your password via email or a phone call.

Also be careful to make sure people or organisations to whom you are supplying payment card details are genuine - and even then, never reveal passwords.

Commander Chris Greany from the City of London Police says: "We urge everyone who receives unsolicited phone calls, texts, emails or letters to ignore them and never enter into conversation with someone that you don't know online or over the phone. If you're contacted in this way, it is likely that you're being targeted by a fraudster who is simply looking for ways to exploit your personal and financial details".


If you are asked by a caller to cut off the call and phone your bank or card provider, call the number on your bank statement or other document from your bank – or on the back of your card – but be sure to use another phone from the one you received the call on. If you cannot access another phone, be sure to hang up for at least five minutes before you dial out, or call a friend (whose voice you recognise) before making another call.

Neate adds " If you do have suspicions regarding an approach, it's always better to be safe than sorry, so trust your instincts and double-check the person is who they say they are before handing over any information. This way, we can stay one step ahead and stop more people from falling prey to an online criminal."

Email attachments

If you receive an email you are not specifically expecting, do not open email attachments and don't click on links in emails. Instead, roll your mouse pointer over the link to reveal its true destination, displayed in the bottom left corner of your screen. If this is different from what is displayed in the text of the link from the email alarm bells should start ringing.

Do not attach external storage devices or insert CD-ROMs/DVD-ROMs into your computer if you are not certain of the source, or just because you are curious about their contents

And never log on to your internet banking or other site with private information on it when someone has remote control of your computer. If you do, they can see all of your private information and give instructions and send messages that will appear to come from you.

Finally, if you have been a victim of banking fraud or spot irregular activity on your account, contact your bank immediately. It's also important to report any fraud to Action Fraud, the UK's national fraud reporting centre, by calling 0300 123 20 40 or by visiting www.actionfraud.police.uk.

How to Spot Phishing Scams
How to Spot Phishing Scams