Gone Phishing?

We’ve already talked a little bit about phishing scams in our earlier piece about energy rebates. But there’s a little more you need to know if you want to be scam-savvy.

What is a phishing scam?

The website phishing.org is a great resource for information, and defines phishing as “a cybercrime in which a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data”. What that essentially means is that someone may send you a text or email pretending to be someone else, so they can get information about you. A lot of phishing scams rely on links and forms - you may get a text that says it’s from your bank, and, for example, they say your account has been hacked or deactivated and you need to click a link to recover it.

Phishing scams work well because they exploit people’s emotions. Most of them will either say something that makes the person panic, or that makes them excited. So, like the example above, it might say that they’re from your bank, or from Student Finance, and that something bad has happened, like your card has been cancelled or your payments have stopped. The idea is that the person who gets the text panics, and goes along with it without thinking.

They might also say that they’re from a job that works from home, and pays a lot of money. Obviously everyone wants an easy job that pays them a lot, so maybe someone would be so excited for the opportunity that, again, they would go along with it without thinking.

That might sound vague - and that’s because phishing scams usually are. They can’t provide any concrete details because they don’t have any - in the example above, it will just be “a job” from “my company”. Emails may say something like “Dear Customer” or “Dear Sir”, because they don’t know the names of whoever they’re sending it to. Things that claim to be from your bank may have the name of the bank in it, but that’s just a gamble - they’ll reach a customer for that bank eventually, especially if they pick a popular one.

But about your energy…

In our energy rebate article, we mentioned that there’s probably not a lot that you need to do in order to receive the rebate. The short version is that it’s probably an automatic process, but that depends on your living situation (read our article for the full scoop!). We wanted to mention that again because the energy rebate has been a large target for phishing attacks. So how do you avoid them?

• You may receive a text with a link in it encouraging you to apply. This will likely lead to a fake “login” page, which encourages you to put in your account details. Be careful - this could lead to your identity being stolen.
• Check any links sent to you against the official website. Phishing scams will often have completely different urls - something catchy like discountschemeapplication.com. It sounds relevant, but anyone can make a website with a .com address. Any official documentation about the energy rebate will be on the .gov.uk website.
• This also applies to email addresses - check the email provider against any other emails they might have sent you, or the email address listed on their website.
• If a service calls you asking for information, it may be a better idea to hang up and call the company directly, unless you can confirm it’s the same phone number. A lot of places have a policy that they don’t ask for sensitive information over the phone - if you’re not sure that you’re speaking to the right person, call their customer service line, and they should be happy to help you.

And as always, if something doesn’t feel right, you can always ask our Advice Service for a hand. The University also has a Student Finance department, who are equally happy to help.

Phew! That’s a whole lot of information all at once. But no need to cram - we put a handy list together of the Top 5 ways to spot a scam:

• Weird links. If it leads to an unrecognised address, it’s probably a scam. You won’t be able to track your parcel through royalmailtracking75.com - especially if you never ordered a parcel to begin with.
• Vague or irrelevant content. The email might not use your name, or might talk about stuff you’ve never heard of (or parcels you didn’t order).
• Emphasis on money. The purpose of phishing is to extract money or information from the victim. Any correspondence from a bank, or anyone telling you to pay them, should be verified with extra caution.
• A sense of urgency. Especially with money. They might say you have to put your card details in right now, or something bad will happen. Try to keep calm - these are just tactics to scare you.
• It just doesn’t look right. The link might be off - but so might everything else. If it comes from Neftlix, has a blurry logo nicked from Google Images, and looks generally iffy, then it probably is.

Remember - you can always verify emails from certain companies with the company. Odds are, they’ll already be aware of popular scams, and can advise you appropriately.

So there you have it. With that out of the way, you can do your Christmas online shopping in peace - and they probably don’t need you to update your billing information.