How to avoid email fraud
Email fraud has become an everyday risk in our online lives, but remains a lucrative crime despite growing awareness. Fraudsters are becoming ever-more sophisticated in their methods, which means it’s important to stay aware of potential threats and how to avoid them.
What is email fraud?
Email fraudsters hope to trick you into offering up your personal data. They do this with messages designed to look as if they were sent by legitimate online services, such as your bank, social media account or an online retailer.
Fake emails will sometimes appear to have been sent by someone you know. These will invariably contain links to sites where you will be invited to enter vital information such as your usernames, passwords and banking details. Such tricks are sometimes known as “spoofing” or "phishing", and make up the bulk of fraudulent messages.
Given how widespread email fraud is, you might think such schemes would become less effective, but it appears that they do still work. According to Action Fraud, 23% of people that receive phishing emails will open them. Scammers work continuously to make their attempts at fraud ever-more convincing. For example, Which? recently reported on a skilfully executed Paypal scam which circulated in early 2017.
Why do fraudsters try to steal your personal data?
Fraudsters can use your personal data for identity theft or identity fraud, perhaps eventually taking money from your bank account or taking out credit in your name. Consequently, email fraud is still big business. According to research from anti-fraud group Financial Fraud Action UK (FFA UK), online banking fraud – which includes phishing attacks – cost the banking industry £133.5m in 2015. The same report found that there were 16,462 phishing websites targeted against UK banks and building societies in the same year.
How to protect yourself against email fraud
It may not be possible to completely eliminate the threat of email fraud, but there are different precautions you can take.
- If you think an email might be fraudulent, delete it - don’t open it, don’t reply to it and don’t click on any attachments.
- If an email from someone you know seems unusual, it might be because their account was hacked and briefly taken over by fraudsters. The message might contain an unfamiliar link with an accompanying greeting, such as “Hey [Your Name] I thought you might find this useful.” If in doubt, contact your friend separately to see if they sent the email.
- Beware of emails that are not personalised. Many phishing emails will start with ‘Dear Sir/Madam’, because the spammers are sending them out to millions of people. Authentic messages, such as those from your bank, will most often address you by name.
- Don’t use a link within an email to connect to a site unless you’re absolutely certain who it’s from. These links can lead to phishing websites which look very similar to the real thing. It’s better to open a new window and type the URL in directly. Similarly, never enter your data in a log in box that is embedded in an email.
- Configure your software correctly. Most email accounts and web browsers will have settings you can adjust to ensure maximum security, and it’s worth taking a little time to get to know them.
- Beware of time pressure. Reputable organisations probably won’t need you to take urgent action to prevent your account being shut down. This is usually fraudsters trying to panic users into handing over data.
- Install effective security software and keep all your systems updated regularly.
You should also make sure you use a secure password, and don’t give out personal information on social media or over public Wi-Fi. If you do spot suspicious communications, you can report them to Action Fraud through their online form: http://www.actionfraud.police.uk/report_fraud.
If you are worried about the security of your personal data, your Equifax Credit Report & Score – free for the first 30 days then £14.95 monthly – comes with WebDetect, which alerts you if we find your personal data on websites used by fraudsters.
- Online Fraud Terminology
- What is anonymous browsing?
- Distributed Denial of Service explained
- How secure is your email?
- Identity theft and fraud explained
- Financial fraud explained
- Best practices for avoiding identity theft
- Stay safe online: Creating a secure password
- Scam avoidance: A few ways to help stay secure
- Are smart gadgets putting you at risk of identity theft?
- Helping your children stay safe online
- Should you share your location on social media?
- Safeguard your personal information on video game consoles
- Would you do internet banking on your smart TV?
- How fraudsters use Wi-Fi hotspots to steal data
- Preventing your child’s identity from being stolen
- Keeping your personal information secure when moving home
- Protect yourself from becoming a victim of SMS phishing
- Protect against identity theft when sharing photos online
- Safeguard your identity on mobile apps
- Your social media profile and identity theft
- What is credit card fraud – can you prevent it from happening to you?
- How fraudsters can hijack your browser
- Safeguard your identity on Facebook and other social media sites
- Going on holiday - keeping your identity safe
- How to prevent smartphone identity theft
- Shopping online – staying safe against identity theft
- How to spot and avoid romance scams
- Facial recognition and identity risk
- Dealing with phishing phone scams
- How cyber attacks happen
- Safer Internet Day – protecting children online
- 7 Signs of Identity Theft
- How to avoid contactless card fraud
- What Are Data Breaches?
- How to Spot a Phishing Email
- ID Fraud Overview
- How Financial Crimes Are Hidden in The Dark Web
- How much do you know about the Dark Web?
- Are you losing your identity?