March 31, 2015

Don’t Get Fooled: Scams, Data Breaches and Phishy Goings-on

When it comes to April Fool’s Day, are you the prankster... or one of the ‘April fools’?

Of course, April Fool’s Day has a long tradition with tricks and harmless scams done for fun. The BBC famously reported in the 1950's about the annual spaghetti harvest, convincing many people, including the BBC Director General at the time, that spaghetti was grown on trees...mamma mia! 

It’s a different story though when a person gets scammed by a professional. These criminals are highly organised and getting scammed by one of them usually ends up costing a lot more than just pride.

According to the Fraud in 2014 Report produced by Cifas, recorded fraud in 2014 increased by 25% compared to 2013. Identity Fraud accounted for 41% of all reported fraud, highlighting the need to be aware of how you handle your own personal data and not letting it fall into the wrong hands. 

Victims of fraud report that initial contact was largely through a phone scam or e-mail phishing, with a smaller proportion reporting mail as the initial point of contact. 

So what’s the latest scam making headlines – and headway?

Right now consumers are being warned about a phishing scam that follows a big data breach, where cyber criminals use data they have just stolen to phish for even more information.

A data breach last year at TalkTalk is a good example. In the initial data breach, cyber thieves got customer names and account numbers. Then they used that information to phish for more information, according to this Wired report. TalkTalk customers thought they were being contacted by customer service staff but it was a scam and they were tricked into giving out bank details or signing up and paying for security software and services they didn’t need.

This example illustrates why companies who have experienced a breach must notify customers and other individuals that may be involved. It also highlights the importance of putting safeguards in place.

Here’s what every business can do to reduce the risk of getting scammed.
  • Introduce a culture of security from the top down. There should be a workplace security policy that follows compliance standards and provides secure document management procedures.
  • Keep everyone up-to-date about current email phishing and other top scams. Popular scams aimed at businesses include Fake Billing, Internet Domain Name Expiry and Directory Listing/Unauthorised Advertising or Goods scams.
  • Teach employees security awareness skills. For example, never give out or update information about the business unless they know what the information will be used for and by whom. Create a list of authorised contractors and suppliers. Limit the number of employees who make purchases, and have clear procedures for verification, payment and management of accounts and invoices.
  • Create a specific policy for the mobile workforce. According to ActionFraud mobile phone scams include Ringtone scams (free or low-cost ringtones that aren't) and Missed Phone and Text Message scams (when you call or text back, you’re charged premium rates).
  • Keep only the confidential information that your workplace needs to keep. Partner with a document and data destruction company that helps bring document management best practices to the workplace – and securely destroys confidential information in digital and paper form when it is no longer needed.