In the current climate, cyber security incidents are becoming more commonplace. A data breach occurs when information held by an organisation is stolen or accessed without authorisation. With data breach scams, phishing messages are sent to victims, that either try to encourage them to pay money into a criminal account or contain links to websites that may store their personal data, install viruses or steal passwords. Like other phishing scams, this one can be hard to spot as you will recognise the company name, and the messages and websites will look genuine.
How to spot a data breach scam
• You receive a message claiming to be from an organisation you are dealing with and where money is changing hands. Solicitors and their clients are prime targets for example, due to the nature of the work involved and the probability of large bank transactions being required during the course of a matter. The organisation informs you that they have changed their bank details. They supply you with new bank details for future payments.
• If the information stolen includes a contact number for you, you might receive a suspicious call, asking you for bank details, passwords, or remote access to your computer.
• You receive a message claiming to be from an organisation that has suffered a recent data breach. The message may ask you to log in and verify your account, urging you to act immediately.
How to prevent a data breach scam
• If you receive an email which appears to be suspicious, please contact the organisation using their official number from their website, to verify it.
• Always be suspicious if you receive a message saying an organisation’s bank details have changed. This is a major change and it is unlikely that they would simply email you their new details. Never pay money into a ‘new’ bank account without checking it with the organisation first.
• Never click on links in emails or texts, or download anything in a message that you weren’t expecting.
• Never share your bank details. A legitimate company will never ask you for them.
• Never feel pressurized to act immediately; this is a tried and tested method that scammers use to trick you into acting before you’ve had time to think it through.
• If you receive a suspicious call or a call that begins to make you feel uncomfortable, hang up. Scammers rely on us to be too polite to do this and the longer they keep victims on the line, the more likely they are to fall victim to their scam.
• If you are informed by an organisation that they have experienced a data breach, and you are confident that the information is legitimate, change your password as soon as you can. If any of your other accounts use the same password change them too.
How to report a data breach scam
• Report the scam to Action Fraud, the reporting centre for fraud and cyber-crime in England, Wales and Northern Ireland:
o Call 0300 123 2040 Monday to Friday 8am - 8pm
o Use the Action Fraud online reporting tool
• Inform your bank immediately. If your account is with us, please email us at webfraud@alrayanbank.co.uk
• Contact the Police on 101
• If your business has an IT department, inform them immediately.