Preventing four common phishing scams

Avoid getting caught in the phishing net.

In recent years, there has been significant news coverage about cybercrime and the risks we encounter as our lives become increasingly digitalised. One particularly notorious cybercrime is ‘phishing,’ an illegal technique used by fraudsters to deceive people into revealing sensitive information, such as passwords or credit card numbers.

Over the course of 2023 there were a reported 4.9 million phishing attacks¹, making it the most common type of cyber-attack in the UK².

Along with other cybercrimes, there is little indication that the frequency of phishing attacks is decreasing. Given that fraudsters continue to evolve their techniques, it is crucial to stay vigilant and recognise the warning signs to minimise your risk of becoming a victim.

A brief history of phishing

Phishing attacks aren’t new. They’ve been around since the mid-1990s³, when a group of hackers posed as employees of the online service provider AOL, where they were able to use instant messaging and email to steal users’ passwords and hijack their accounts.

In the early 2000s, attackers then turned their attention on financial systems and since then have continued to advance and develop their methods with the intention of exploiting victims and using their personal information to the fraudsters’ benefit.

With an estimated 3.4 billion spam emails sent globally every day⁴, the sheer volume of communications bouncing around the cloud can make it challenging to identify phishing attempts.

Four types of phishing attacks to look out for

From smishing, quishing, to vishing and spear phishing, it’s easy to see how it can all get very confusing. Here are four common variations of phishing look out for:

1. Spear phishing

Spear phishing is a specific targeted form of cybercrime. Rather than targeting a large number of email accounts, a spear phishing attack involves a more tailored email communication. The fraudster will likely have researched a person’s online profiles (including social media) to gather insights and information on them and they will then customise their communication accordingly. By doing so, it makes the email received appear more authentic and believable.

Spear fishing attacks may include requests to pay for an invoice you were expecting, or an invoice to pay a beneficiary that you have paid already. They may also pose as family members of business colleagues or CEOs of companies to add credibility to the scam.

2. Smishing

Smishing refers to SMS text phishing. This involves a fraudster sending a text message/s to an individual, often posing as an organisation. These are usually generated en masse.

The messages can sometimes feel very specific to your situation and are often used as a hook to have a victim engage with a fraudster. Common fraud typologies may include a generic request for help, investment opportunities, special offers from your favourite online retailer or even to rearrange a delivery of a package you weren’t expecting.

Their objective is to harvest personal data by redirecting you to a site and asking for contact information or banking details to allow a more sophisticated targeted contact. They can do this be either encouraging the person to click on a malicious link, or to download malware.

3. Quishing

Quishing is a relatively new form of phishing. First surfacing in 2023, fraudsters have begun taking advantage of the use of QR codes in public places, such as restaurant tables or public adverts, by placing fake codes on top of existing ones. When the QR code gets scanned, the individual may then unknowingly share sensitive information with the fraudster.

4. Vishing

Another common type of phishing is voice phishing – vishing. By using voice calls to contact victims, fraudsters impersonate an individual or company and deceive victims into sharing their personal information, such as a card number, PIN or password, over the phone. A fraudster may impersonate a person in a trusted position to try and gain a victim’s confidence. Common deception techniques may include personating bank staff, law enforcement officers, utility companies and government agencies, but fraudsters are always adapting their techniques to avoid detection.

As of January 2023, almost 30% of adults worldwide had experienced a phishing scam⁵. To avoid getting caught out by phishers, keep these important tips in mind:

• Use strong, unique passwords: Always create strong passwords that include a mix of letters, numbers, capitals, and special characters. Longer passwords are generally more secure
• Guard your login details: Your online login information is unique to you, so never share it with anyone else. Legitimate companies will never ask for your full passwords, Visa PINs, or the names of authorised signatories on your account
• Regularly update passwords and PINs: Keep your passwords and PINs up to date, and use a different one for each account. If you need to store them, consider using a password vault, such as NordPass and 1Password
• Be wary of urgent requests: Be cautious of emails or calls that pressure you to act urgently. Fraudsters often manipulate victims by creating a sense of urgency. Legitimate companies rarely demand immediate action
• Check for poorly written emails: Phishing emails often contain spelling mistakes or poorly written content. Pay attention to the sender’s email address or name, as any errors could indicate a fraudulent message
• Were you expecting the email: Fraudsters are now using Artificial Intelligence to help them create legitimate looking emails, even where the email looks legitimate and there are no spelling mistakes or grammatical errors this could still be a fraud attempt if you were not expecting it
• Verify suspicious contacts: If you’re unsure about a contact’s legitimacy, end the communication and independently verify it. Contact your financial institution using a verified phone number
• Don’t click on links provided in emails or SMS messages. Always go to the website directly
• Treat Social Media advertisements with extreme caution. If a deal sounds too good to be true it probably is.

¹ apwg_trends_report_q4_2023
² Cyber security breaches survey 2024 – GOV.UK (www.gov.uk)
³ The History of Phishing Attacks | Verizon Business
⁴ The Latest Phishing Statistics (updated June 2024) | AAG IT Support (aag-it.com)
⁵ Cyber crime encounter by adults worldwide by type 2023 | Statista

Think you may have fallen victim to fraud?

Any Nedbank Private Wealth client who thinks they may have fallen victim to fraud should contact us on +44 (0)1624 645000 between Monday and Friday, 8am to 8pm (UK time), except for UK public holidays. For all other times, please call +44 (0)20 8167 3223.

For more information on how you can protect yourself against fraud, please click here.