‘Phishing’, ‘vishing’ and ‘smishing’ remain the most common forms of cyber attacks, with one-in-ten Brits falling victim over a twelve-month period.
Oli Mott, former Police Crime Scene Investigator and head of financial crime at Nottingham Building Society, shares his top tips to avoid cyber-related scams.
“Over the last few years in particular, we’ve heard of numerous cases throughout the UK where people are being targeted by scammers, leading to them losing their hard-earned money. They are convinced to make payments from their account, often directly to the fraudsters. This is known as APP (authorised push payment) fraud. With the introduction of AI and various other technological advancements, cybercrimes like phishing, vishing and smishing are becoming more and more complex - making it harder to spot and, ultimately, avoid.
“Only a few days ago, a member at one of our branches found a message on their landline that, on the surface, looked as though it came from their current account provider - in reality, it was from a scammer, posing as one of that bank’s fraud team. The message indicated that their Nottingham Building Society account had been compromised and that they needed to transfer their money (which was £8,000) to a different bank - something fraud teams would never ask customers to do.
“Together, we found inconsistencies with the scammer’s story and, after visiting our branch to speak directly to one of our experts, it was discovered that this was an attempt to scam the member.
“With the ongoing cost-of-living crisis forcing people to hunt down the very best deals, it’s no wonder that scams like these are on the rise. We’d encourage members in these situations to ask themselves whether it could be ‘too good to be true’, to not feel embarrassed and, if you’re in need of support, we’re here to help.”
Alongside the increasing complexities associated with today’s cyber scam incidents, Mott also suggests that, as a society, our reliance on digital tools like mobile phones, laptops and tablets has meant we have become a useful ally to scammers. Yet, one of the main challenges, he claims, is understanding the difference between phishing, vishing and smishing, and understanding how to identify each.
‘Phishing’ is a scam where criminals send an email, pretending to be from a reputable source, aiming to convince people to share personal information, such as card numbers and passwords, to gain access to their funds.
It is estimated that there are around 3.5 billion emails sent per day by scammers with those between the ages of 25 to 44 years being the most likely to be targeted.
‘Vishing’ is when a criminal makes phone calls or leaves answerphone messages pretending to be from a bank or building society to get the victim to release personal information, while ‘smishing’ similarly aims to get personal data through text messaging.
AI technology, which can mimic voices of real people, has made vishing a tricky scam to identify and prevent. The fast-growing, socially-engineered scam is further aided by the number of voice notes being sent today, which WhatsApp claimed had topped ‘7 billion every day’, back in 2022.
‘Smishing’ follows a similar intention to that of ‘vishing’ and ‘phishing’, with criminals attempting to get access to personal details for financial gain through text messages containing links.
Mott suggests members have fallen victim to scam text messages supposedly from well-known companies, where the messages encourage users to click links relating to deliveries or one-of-a-kind offers, only to have personal details stolen.
To help mitigate the potential risk of being scammed online, the former CSI turned head of financial crime shares his top tips:
“There are some common signs that a message you’ve received, albeit through voicemail, text message or email, is a scam and understanding these can arm you against falling victim, losing your money, and any other personal details.
“Alongside advice from the national campaign, ‘Take Five To Stop Fraud’, we’d advise anyone who has received a message which pressures them to ‘act now’, to take a step back and investigate the possibility of it being fraudulent.
“If they are calling over the phone, don’t assume that they’re really who they say they are and, remember, any official building society or bank will never ask for personal information from you over the phone, or via text and email.”
Filter unknown messages and voice messages
“Fraudulent messages will usually come from a source that looks ‘off’. If anything about their email or phone number doesn’t seem legitimate, block the number immediately and report it to your building society or bank.
“Android and iPhone devices have the capability to detect and filter numbers that appear to be scams. This can usually be activated through your phone’s settings.”
“In 2021, the average click rate for a phishing campaign was as high as 17 percent; a worrying figure that highlights the scope of the issue.
“Smishing is particularly dangerous, in regards to links, because our brains go into autopilot and people may click without thinking. If you’re suspicious, type the URL into a new, incognito, window or, even better, contact the sender of their email via their customer service and see whether it is legitimate.”
“Building societies and banks will never ask you to give out personal information over the phone, via text or email. If you have been asked to do so by, what seems to be, a legitimate source, simply put the phone down, block the number or email, and report it to a professional as soon as possible.”
