Phishing scams are on the rise in the UK, with almost 97,000 people having contacted the police last year reporting that they had been phished in one form or another (and remember – that's just reported incidents).
That figure is from a new report just published by the Action Fraud and the National Fraud Intelligence Bureau, which also broke down the form in which these phishing scams were carried out.
The majority of phishing, unsurprisingly, happened by email, with 68% of those who reported an attack being hit by this method of delivery. The next highest was 12.5% who were contacted by phone, and 9% who were phished via a text message.
Most of the phishing emails used similar headings designed to grab attention, quite literally as often 'Attention' heads up the subject line, with other common phrases phishing peddlers use including 'Important Notification' and 'Your account has been revoked'.
Anything that's likely to goad the victim into opening the email is likely to be used, so in our experience, it's not uncommon to also see subject lines referring to unpaid bills or invoices and the like.
As for the email addresses that were most commonly used for these messages, they included Do-Notemail@example.com and firstname.lastname@example.org.
Banks and tax scams
Action Fraud also observed that in December of last year, the most common scams were from malicious parties pretending to be a bank or HMRC – the latter being popular because it's the run-up to self-assessment tax returns being filed in January.
Deputy Head of Action Fraud, Steve Proffitt, commented: "The new figures show that phishing is a problem which is not going away; it is a means for fraudsters to test the water with potential victims and see how many people they can hook into a scam.
"For the fraudsters, it is a low risk way of casting out their net and seeing what they can catch. If their emails are convincing enough they can yield high returns and people can easily be persuaded into parting with money or to click on links which then infect their computer with malicious software."
The organisation imparted some advice along the usual lines – always be careful around links and attachments in emails, and remember that an email address can be spoofed, so even if it appears to be from a legitimate source, if the message content seems off then obviously that should raise a red flag.
And if you receive an email about your account being revoked or similar, don't use a provided link to log on to the service, fire up your browser and go to the website yourself to login and check your account.
- For anti-phishing tips, check out: How to avoid online phishing