13 Dec Warning on cyber-phishing scams aiming to ruin your Christmas

As we spend more time buying online heading towards Christmas The National Cyber Security Centre (NCSC) has urged shoppers not to be tricked into falling foul of seasonal scams, a position being fully endorsed by experts at University of Gloucestershire.

“It’s worth remembering 95% of cyber breaches happen because of human error,” explains Professor Kamal Bechkoum, Head of the University’s School of Computing and Engineering.

 “The biggest danger is coming from three rapidly-growing types of cyber ‘phishing,’ he adds, “where hackers pose as someone you might know, or a real organisation, to lure victims into giving away access to their personal data, such as usernames, passwords or credit card numbers.

There are three main types of phishing scam to be particularly wary of at the moment continues Professor Bechkoum.

“The first is mass phishing, where an email, text or social media message is sent to thousands of people demanding urgent action, such as clicking on a weblink or downloading an attachment.

“The next is ‘spear phishing,’ where messages are far more personal and believable.

“The final type is the highly sophisticated ‘clone phishing,’ which involves hackers replicating a genuine email address or social media profile to create a nearly-identical copy of a real person or organisation contacting you.

“Although messages from cloned email addresses or social media accounts might look like the genuine article, they usually contain malicious links to malware that attempts to steal personal information and your contact lists.

For businesses the challenge is unrelenting. The Government’s latest report on cyber security breaches found 39% of businesses experiencing an attack were hit by phishing attempts (83%). Similarly, The 2022 State of the Phish Report found 91% of organisations had faced phishing attacks throughout 2021.

So, what can individuals and businesses do to better protect themselves?

“We can all take three key steps to combat cyber-phishing,” notes Professor Bechkoum. “and these come under the headings of ‘people, equipment, and procedures.’

“For people, consider – are you or your firm fully trained to spot and prevent a wide range of cyber-threats? If not consider learning more or getting professional help to improve your knowledge. People are always the very first and last line of defence.

“With equipment, ask yourself whether your passwords are updated, are firewalls in place, and do you have the latest antivirus systems installed?

“Finally, when it comes to procedures, do you have good personal ‘cyber-hygiene?’ Do you always review or reject unexpected messages, and approach every online message with caution? Does your business have policies in place that bock phishing attacks and keep systems secure?

Keeping up to date with cyber security is becoming a requirement of our everyday lives and for companies directors it’s a crucial demand.

At University of Gloucestershire, we train employees and executives to deliver overviews of cybersecurity, the motivations and methods of ‘threat actors,’ details on why an organisation might be targeted and live-hacking demonstrations and improved security behaviour guidance.