How to avoid password fraud

Many of us might now, for at least some part of the week, working from home, but guess what – so are the criminals who are trying to trick us into sharing our passwords and other personal information.

I know Link ICT has issued many previous reminders, however, we’ve noticed that the scammers are getting even more sneaky and sophisticated so it could be easy to get caught. Particularly if you are currently working from home using remote access which might not have the same levels of security as if you were accessing business IT systems from within your office network.

We would like to ask everyone to remain vigilant against spam emails.  We have noticed there has been a large increase in the number of attacks from criminals trying to take advantage due to the increased number of people working remotely.

We have seen many emails being sent, asking for password resets, but in reality, they are stealing the password you provide. Other examples we have seen include requests from HMRC, TV Licensing, TV and broadband providers, online retailers and banks.

How to recognise a spam email

Please consider the following when checking any emails, you receive:

  • Are you expecting the email from the sender?
  • Do you normally receive emails from the email address sender?
  • Are you being asked to enter a username or password on an unknown website?
  • Is the sender’s email address correct or does it have any spelling mistakes or parts missing?
  • Does the message contain spelling or grammatical errors?

How to check email senders’ information?

If you hover your cursor over the sender’s name in an email it will reveal the originator’s email address.  If the sender’s address is different from the name, then it is likely to be a fake or scam email. For example, an email received from a staff member should be their actual email address, but if you hover over the address and it says abcd@xyz.org.ru, then the email will be fake and probably a scam.

If you receive an email with any of the above or are not sure if the email is legitimate, you should seek advice from your IT Technician.

How do I protect against spam emails?

Please consider the following:

  • Do not open attachments if you are not sure of the sender.
  • Do not click links you are not sure of, even if the emails came from a recognised address. Re-type the URL in a new browser window.
  • Be careful of requests for personal or financial information.
  • If the message or the attachment asks you to enable macros, adjust security settings, or install applications, make sure you do not allow or click ok to enable.
  • There are multiple recipients in the “To” field and they appear to be random addresses.
  • If the greeting on the message itself does not personally address you, think twice about who it is from.
  • Any links to websites that look legitimate, but there are slight mistakes or things that are not quite right such as outdated logos and typos, do not click if unsure.

What do I do if I’ve already been a victim of a spam email?

If you have been a victim of an attack, contact your IT provider and you should change all passwords associated with those accounts.  If you use the same username and password combination on any other website, make sure to change those passwords as a matter of urgency.

A better way to improve your security for any online account is to enable two-factor authentication (2FA) or multi-factor authentication (MFA).  If you do not know what these are or how to apply one of them please get advice from your IT Technician.

How to avoid spam emails and password fraud

Finally, be wary about what information you give away and show publicly on social media and ensure you review privacy settings. Be very aware of what information you are divulging in posts and photos on your online presence such as your age (this can be used to guess your date of birth), where you live, or car registration numbers (these can be used for theft at the property and for stealing your identity to get loans and credit!)

Telling others about your hobbies and favourite things can be used to email fake offers!

These include fun quizzes and supermarket discount voucher offers that involve clicking links or revealing information about your likes and dislikes. You could unwittingly be giving a scammer all the information they need to de-fraud you either by sending you a link or telephoning you armed with all the information you think the real caller would know that makes you think they are a genuine caller when really they’ve gleaned it all from your social media activity!

How to avoid password fraud

How to protect your password

  • Never divulge your username or password.
  • Never use the same username and password.
  • Try to use a unique password combination formula that you can use to ensure each password you use is unique to each account but easy for you to remember.

Be Safe, Stay Alert!

At Link ICT we are committed to helping our clients maintain safe and secure IT networks. If you feel at risk from IT security fraud or would like more advice please get in touch.