Think twice before you act – online security advice

Warning from Get Safe Online as reported phishing scams rise by more than 20% in 12 months

  • Over a quarter of victims of online fraud have been scammed by phishing emails or phone calls
  • Over three quarters of all reported phishing incidents are via email

Social engineering is an extremely targeted type of scam where fraudsters manipulate their victims into sharing confidential information. This can happen through fake emails, phone calls, texts or posts (and even leaving a malware-infected USB stick lying around). It frequently involves piecing together information from various sources such as social media and intercepted correspondence to appear genuine and convincing. The complex nature of the attack makes it very hard to spot a scam before it is too late.

This week Get Safe Online in partnership with Barclays, Natwest, Royal Bank of Scotland, Lloyds, Halifax, Bank of Scotland, City of London Police, CIFAS, and Financial Fraud Action UK, has launched a new advertising campaign waring the public about the dangers of ‘social engineering’ as reported figures from the National Fraud Investigation Bureaux show incidents have risen by 21% in 12 months.

Get Safe Online, along with its partners, is encouraging people to

Think Twice Before You Act’ to reduce the number of people falling victim to social engineering fraud.

The rise of social engineering

Undoubtedly cybercriminals have become more and more sophisticated in their attacks and this is shown in new figures from Action Fraud, which indicate 95,556 reported phishing scams recorded between: November 2014 – October 2015. This represents a 21% increase over the same period the previous year.

This is further supported by research from Get Safe Online, revealing that over a quarter (26%) of victims online fraud have been scammed by these types of social engineering emails or phone calls. In addition, over a one fifth of people (22%) said they are most concerned about this type of online crime.

Interestingly, the research from Action Fraud found that the reported incidents of phishing scams peaked on 21st October – the same day as the Talk Talk data breach. This highlights the increasing fear surrounding these kind of attacks, especially in the light of this and other high profile breaches that took place last year.

Don’t become prey for a fraudster – follow some simple steps to avoid becoming a victim

Do you think twice before clicking on links in unexpected emails, posts or texts, or open unknown email attachments?

Do you think before you reveal your confidential details to total stranger who has called you, claiming to be from your bank, your credit card company, or the police?

If not you may become easy prey for a fraudster. They get you on the hook, reel you in, and before you realise, you’ve given away your PINS, passwords, or bank account details… everything they need to steal your hard earned money.

Millions of people in the UK are defrauded in this way every year, and you can protect yourself from becoming one of them.

Tips to avoid online and telephone scams

Never give out personal or financial data including usernames, passwords, PINS, ID numbers or memorable phrases.

Check that people or organisations who you supply payment card or other confidential information to are genuine, and even then never reveal passwords. A bank, HMRC, retailer or other reputable organisation won’t ask for your full password or PIN via email, phone call or any other means.

If you are asked by a caller to cut off the call and phone your bank or card provider, call the number on your bank statement or other document from your bank – or on the back of your card. But be sure to use another phone from the one you received the call on or leave it for five minutes before you make the call, in case the sender number has been spoofed or the line is left open.

Don’t open email attachments from unknown sources – as they could well contain malware. Delete them, and take the details to report if appropriate.

Don’t click on links in emails from sender you don’t know. Instead, roll your mouse or finger over the link to reveal the actual sender. If they are different, it’s a scam. Even if you get an email that seems to come from someone you might know – but seems unusual – the sender may be a fraudster who’s spoofed their address. If in doubt, call (don’t email) the sender.

Don’t attach external storage devices like USB sticks or hard drives – or insert CD-ROMs/ DVD-ROMs into your computer – if you are unsure of the source. This is a favoured way for fraudsters to spread malware.

Remember: if you have been a victim of banking fraud or spot irregular activity on your account, contact your bank straight away. It’s important to report any fraud to Action Fraud by calling 0300 123 20 40 or via

Also report fraud to any website or ISP where you’ve been defrauded. This applies however large or small the amount: it could protect others, and the proceeds of fraud are often used to fund activities like terrorism and human trafficking.


#SaveGelly – Advice and information on scams