At mydeposits, we take data security and cyber-crime seriously and provide you with the highest standard of security to protect you thanks to our certification to both the ISO27001 and Cyber Essentials standards.
In this guest blog, Peter Agathangelou, Head of Group Risk & Information Security at Hamilton Fraser (and administrator of mydeposits) offers his expert tips on how to stay safe online.
Email is the number one method used by cyber criminals. They can be random or targeted, clumsy or extremely sophisticated.
Keep an eye out for these type of emails that could be fraudulent:
- – A banking/financial website asking you to enter personal details to check your security details are correct.
- – Rewards implying that you will receive money, e.g. a tax credit, a beneficiary in a will, a winner in a competition.
- – Emails that do not immediately request any information but aim to solicit a response that draws you into a conversation before the fraud is then attempted.
These emails usually contain hyperlinks that will redirect you to a malicious website where your device could be infected with malware, or ask you to give personal information that can be used for theft or identity fraud.
Within the private rented sector we have seen multiple scams targeting tenants asking them for deposits on-existent properties.
The spoof email scam is becoming more common. Fraudsters set up websites that closely resemble an organisation they are impersonating, and then send emails from a person within the business, e.g. from the CEO asking for an invoice payment.
What is malware?
Malware is short for malicious software and usually sent via email to victims:
- Ransomware – it encrypts the files on your computer and you must pay a ransom to remove it.
- Bot – when installed, a bot can transfer control of your computer to a third party.
- Rootkit – Once a rootkit has been installed it is possible for the criminal to remotely access your files and steal information, modify your computer and control it.
- Trojan Horse – Commonly known as a “Trojan,” is a type of malware that disguises itself as a normal file or program to trick you into downloading and installing malware.
- Adware – advertising-supported software, a common attack is for the same advert to be displayed over and over again thereby helping the perpetrator to boost the rating of the website thereby gaining a financial reward.
- Spyware – As the name implies, Spyware is used to monitor your activity without your knowledge, for example, sensitive account information can be collected or your behaviour monitored.
- Virus – Viruses often spread to other computers by attaching themselves to various programs and executing code when you try to use the infected programs.
Make sure you review all your emails and look out for anything suspicious, if in doubt, don’t click!
What makes a suspicious email?
Here are some more tips from Pete on what makes a suspicious email:
- Tone of an email – If the email is threatening the withdrawal of a service or prosecution by law etc. Don’t panic! Obtain the details of the organisation independently, i.e. via the legitimate website or independent directory services and call to confirm. As a general rule of thumb respected and/or legitimate companies will not contact you in this way.
- What is the email asking for? Again legitimate companies will not contact and request any personal data via email. Same rules apply for getting in touch with the ‘sender’ organisation. NEVER USE CONTACT INFORMATION OR LINKS SUPPLIED IN THE EMAIL.
- Who really sent the email? Quite often you can tell whether the email sent is from a genuine source by checking the email sender address if the message has been sent from a free email provider, such as Gmail or Yahoo or any other domain that doesn’t correspond with the company that the email is supposed to have come from. Even then be aware that email addresses can be ‘spoofed’ or the sender domain closely resemble a genuine company’s address.
- Looking at grammar or general look and feel can be a giveaway but be aware that fraudsters can produce some very authentic looking email.
- Never download attachments from emails sent to you unless you can 100% verify the originator of the message.
- Keep any provision that you have for anti-virus up to date.
- Don’t be complacent with email over smartphone devices – there is an increasing trend for hackers and fraudsters to target them.
- Periodically change your email password and do not use the same passwords across your online accounts.
- Where possible use ‘two-factor authentication’. To log onto my email account I have to verify through my phone that I want to log in and use a code provided to me.
It can be daunting and even depressing to be bombarded with the warnings and horror stories of fraud and theft online, and the impact that such attacks can be far from trivial, however, there are plenty of websites that can help with common sense and simple advice.
Business Safe Online is an excellent example.
Head of Group Risk & Information Security