Phishing: the deadliest snatch!

We all receive countless emails and telephone calls over the course of the working day; amongst the myriad of other tasks we have to juggle, are we overlooking the simplest and most important question of them all: was that communication genuine?

As those engaged in fraud-prevention develop increasingly more secure systems; those engaged in committing the fraud seemingly develop increasingly more sophisticated scams.


Previously, cybercrime was primarily an attempt to steal money from bank accounts, but there are growing reports of a growing trend in cyber blackmail: one need only look to the Ashley Madison fiasco in 2015 where the private details of millions of the website’s users were held to ransom by the hackers; and when the website’s domain owners failed to pay the ransom, those personal details were leaked across the internet.

Patient data is confidential and sensitive; and the NHS’s ability to safeguard and protect this information is a cornerstone of the trust the public places in the organisation.

How do they do it?

The first step to ensuring data security is to understand the risks involved. The two most common forms of this type of cybercrime are phishing and vishing.

Both forms have the same purpose, to acquire sensitive data and details from the victim; whether this be usernames and passwords, or something as seemingly innocuous as names and addresses. The difference between the two lies in their commission: put simply, phishing is a scam effected in writing; and vishing is a scam effected over the phone.

With added vigilance, due diligence, and good old common sense, you can ensure the fraudsters do not succeed!

Five top tips

Whilst it will be impossible to eliminate the risks of cybercrime whilst the criminals are still at large, there are various (simple) tasks that can be undertaken, and which should be implemented, to minimize those risks:

  • Who are you? Beware of unsolicited calls: if someone is calling asking for personal information, do not provide any such details. Whilst you may not think that that one piece of information given could provide the access necessary to commit a fraud, if these fraudsters are calling many people within the Trust or practice, they may be able to build up all the details without you ever suspecting.
  • What is that? Beware unexpected emails: when you receive an unexpected email asking for information or with an attachment, always check the address it has been received from: whilst the content of the email may look genuine, the email address may show that it is not. If possible, check the address against known emails; or, if the sender is known to you, call them and ask them to confirm.
  • Verify information received: when provided with payment details, even when the remittance is expected, there is still a potential for fraudulent activity. Fraudsters have been known to intercept emails and insert false bank details. If you’re going to send bank details, why not blow the dust off the fax machine in the corner, and use that instead! Plus, give the recipient a call and confirm the details over the phone too.
  • Keep virus protection up to date: ensure you have full virus software installed; ensure it is kept up-to-date, and ensure it is used to scan all emails and attachments received. Whilst a few errant spam messages may still fall through the net, no organisation can afford not to have anti-virus procedures in place.
  • When will I see you again? And finally…Look them in the eye! Wherever possible, meet people face to face…build up those relationships, and understand the person you’re dealing with.

Articles from the newsbrief: Telecommunications leases; Property complications involving retiring partners; Tenancy agreements; Spotlight: Energy issues; Case study: Lazari Investments v. Saville and others; The Minimum Energy Efficiency Standard; Landlords still on the hook

Click here to read Hempsons’ Real Estate Newsbrief in full.