Phishing scams are something you’ll be more aware of if you spend a lot of time online, working in an office or in the technology industry. Although, this isn’t always true.
Of course, phishing scams and online security, both personal and business, a topic that has become more prevalent in recent years, as more and more businesses report data breaches.
Over time, phishing scams and scammers, just like technology, develop to become more sophisticated and more real. You only have to look around at the talk about AI and things like ChatGPT.
The more real it is, the more likely you are to interact with it.
Back at the birth of the internet, with the first glimpses of what benefits it could bring and the internet was a fluffy and safe place to be, were there scammers about then?
Yes, there was but, like early internet technology, such as dial-up modems and early websites, they were rudimentary. When compared with today’s superfast fibre and slick mobile apps.
So, as digital and mobile technology has developed, so have phishing scams, scammers and their methods.
Again, if you have been involved in spending a lot of time online, working in an office or in the technology industry, you would, more than likely, be more aware of these changes and developments.
So, when I see a scam like this drop into my inbox, not just one email but five emails, sent over an hour or so period. You can see how this phishing scam, to an untrained eye or less technically minded person, could easily trick someone into clicking on the link.
Thereby surrendering their PayPal, bank details or other personal details the scammer is after.
Usually, this would be done in a state of shock as you try to wonder who had spent almost £500 on your PayPal account and by the time you realise it’s a scam, it’s too late.
This then turns into a damage limitation exercise.
A Cautionary Tale about Phishing Scams
I once stood with the financial controller of a business I worked at, while we both watched the company’s bank account being syphoned of money one Friday afternoon. This had been the result of a phishing scam that one of the finance team had unwittingly fallen for.
Did they get the money back?
Luckily they did but it took months of phone calls and emails to sort out, which had to be done during work hours. Not really what you want your staff to be doing when they have a job to do.
Following this incident, the company doubled down on its email security, investing in a spam filter for its mail server, training the staff on how to spot fraudulent emails and the reviewed their processes within the finance team.
So, back to this PayPal phishing scam.
It is easy to see how people are tricked, especially looking at this scam.
It appears to be, for all intents and purposes, from PayPal.
Even to a trained eye like mine, with 30 years of experience, it made me look twice.
So, what can you do to protect yourself from scams?
On a personal level. Basics
- Log in to your online account. Using your smartphone app or online portal, log in to your account. If a transaction had taken place, you would be able to see it. Even if you can’t see any irregular withdrawals, change your password. Although you should be doing this regularly.
- Validate the source. if it says it has come from PayPal, as this does or any other organisation that you may deal with online such as Tesco, Aldi, Netflix, Virgin or your bank, maybe NatWest or Lloyds.
- Pick up your phone, don’t call the number on the email, this could be an automated voice system, controlled by scammers and set up to help you part with your information.
- Go online and find the telephone number for your supplier’s head office in the UK and call them to ask if they had sent an email, text or WhatsApp Message.
- Don’t click links you’re unsure of. Never ever click on a link you’re unsure of! Even if it says it has come from a family member.
- Delete the email. You should delete the phishing scam email, in case you accidentally click on it or, if the company has the facility, send it to their phishing team before you delete it.
On a business level. Basics
- Train Your Staff. This should seem like a logical thing to do but you’d be surprised at how many don’t. If your staff have to use the internet, email or any kind of online facility, they should at least be trained in basic cyber security. Where they are shown how to spot phishing and online fraud.
- Get a Spam Filter. If you have an email domain that receives an email from the outside world (and who doesn’t these days), you should have a spam filter. One that you can add to a white list of domains you wish to receive email from.
The PayPal phishing scam I received got through Microsoft’s own spam filter for my Hotmail (Outlook) account and ended up in my inbox. It had been flagged safe. If that had been to my work email, it probably wouldn’t and if it did, it would have been flagged as spam.
It is hard to know how to detect digital fraud if you’re never shown how to.
127 Media can provide digital consultancy to small to medium-sized businesses that would like to know more about how they can protect their business and staff from digital fraudsters.
We can also help protect your staff, technology and email with our spam management solution.
Since I began writing this, I have had five emails from the same source over a 60-minute period. Illustrating how determined they are, if nothing else!
When you consider that phishing scams are the most common form of digital fraud, with an estimated 3.4 billion spam emails sent worldwide every day.
That’s every single day! Every day of the year!
There is no wonder that some people are going to get scammed. It’s just a number game.
Even if a very small percentage of phishing scams are successful for the scammer, the rewards can still be great.
- Google blocks around 100 million phishing emails daily.
- Over 45% of emails sent in 2021 were spam.
- 83% of UK businesses that suffered from digital fraud in 2022, reported it as a phishing scam.
Don’t become another statistic!