How to keep safe online

In the current climate that we live in, hackers and scammers are as active as ever. Cyber-attacks continue to be a threat following the pandemic, increasing the need for you to take the security of your IT network seriously.

How can you protect yourself and your organisation against cybercrime?

Centre for Assessment wants to share the following tips on how to recognise fraudulent emails and websites, helping you avoid potential threats to the security of the data you hold.

How to recognise a hacking or phishing email

1. Check the 'from' address

It’s always worth checking the address the email comes from for spoofing. Scammers often change the name to make it look more like it is from the company or organisation they are pretending to contact you from. A scam email usually has a fairly bizarre email address  behind what looks like a genuine sender name. To find out if there’s a fraudster behind what looks like a genuine sender, use your mouse to hover the cursor over or right-click on the sender name and you should see the email address behind it.

2. Is the greeting impersonal?

Increasingly you notice that scammers are getting better at sending emails which include our name in the first line of the message. However, not all of them do. Sometimes scam emails will just say "Hi" and not include your name, other times your email address be used after “Hi" This impersonal approach to contacting you is another sign that it’s likely to be a scammer behind the email.

3. Check contact information and dates

Does the ’contact us’ information at the bottom of the email link to anything? Is it clickable? Are the websites it links to genuine? If the answer is no, you should be on your guard. To see where a weblink goes to without actually clicking on it, simply hover your mouse cursor over the link. In the bottom left-hand corner of your web browser, the web address where the link goes to will appear. Are the copyright dates (or any others) up to date? Often scammers forget this detail. We came across an email scam in March 2018, which said the closing date of the competition being advertised in the email was December 31 2017. If you see this level of inconsistency, it’s probably a scam.

4. Check branding

Scam emails are often pretending to be from big brands, companies, supermarkets, retailers and deal sites or from trusted government departments. Checking branding and keeping  an eye on the quality of branded logos etc., in the email can strongly indicate if the email is a  scam. Is the branding on the email the same as it is on the company or government website? Does it match the last genuine email you received from them? If the answer is no, be suspicious.

5. Ignore links and attachments

Computer viruses can find their way onto your computer by scammers tricking you into installing them. For example, ransomware threatens to take action on your computer - such as deleting files - unless you pay a ransom. If you suspect an email might be from a scammer, do not click on any links or download any attachments featured in the scam email as these may download a computer virus onto your computer.

6. Asking for personal or bank details?

If an email is asking you to update or re-enter your personal or bank details out of the blue, it is likely going to be a scam. Personal information includes things like your National Insurance number, your credit card number, pin number, or credit card security code, your mother’s maiden name or any other security answers you may have entered. Most companies will never ask for personal information to be supplied via email.

7. Poor spelling, grammar and presentation?

Increasingly scammers are getting better at presenting phishing emails that are more or less free of poor spelling and grammar. But you should still watch out for these tell-tale signs.

More common is to see a real lack of consistency with the presentation of the email, which may include several different font styles, font sizes and a mismatch of logos.

8. Trying hard to be 'official'?

Scammers often try hard to make the email sound official. They will do this in a number of ways, including using the word ‘official’. You are unlikely to see the messaging in a truly official email shouting about how official it is. Scam emails may also contain information such as account numbers and IDs designed to trick you into thinking the email is genuine. Check any of these against your records to see if they match.

9. Trying to rush you?

Fraudsters will try to pressure you with time-sensitive offers, encouraging you to act now or miss out on ‘exclusive’ deals. Take your time to make all the checks you need. If the message is alerting you to look at something linked to an account you have with the company, organisation or retailer, you should log in separately to your account in a new tab or window. it’s better to miss out on a genuine deal than risk compromising our data.

1O. Check with real company, brand or department

If you’re still unsure whether a scammer is behind the email you received, get in touch with the brand or company featured in your email directly via social media or their ’contact us’ page. Remember also to check the brand or company help and customer services pages.

How to spot a fake, fraudulent or scam website?

It can be difficult to spot a fake, fraudulent or scam website. Fraudsters are extremely cunning and good at creating convincing websites. Take these nine simple steps to test whether a website is legitimate or not.

1. Pay attention to the address bar

The first thing you want to look for on a website is the https:// at the beginning of the address. The S in https:// stands for secure and indicates that the website uses encryption to transfer data, protecting it from hackers. If a website uses http:// (no S), that doesn’t guarantee that a website is a scam, but it’s something to watch for. To be on the safe side, you should never enter personal information into a site beginning with http://. Some internet browsers, like Google Chrome, lend a hand in warning you about unsecured websites. When a site is secure, you may see a small padlock next to the web address, or the address may be highlighted in green. You might also notice the domain name next to the padlock before the https://. That means the website has one of the highest levels of encryption and can be trusted. Some browsers highlight unsecured web addresses in red or simply say “Not secure.”

If you’re unsure, you can click on the padlock or “Not secure” notice to see more details about the website’s security. You can also check up on a site through Google’s safe site search. The presence of the https:// doesn’t guarantee security, but it’s a good starting point.

2. Check the domain name

A favourite trick of scammers is to create websites with addresses that mimic those of large brands or companies, like Yah00.com or Amaz0n.net. Scammers count on you skimming over the address and domain name, so it’s always worth double-checking the address bar if you’re redirected to a website from another page.

3. Watch for poor grammar and spelling

An excess of spelling, punctuation, capitalization, and grammar mistakes could indicate that a website went up quickly. Companies with legitimate websites may certainly have the occasional typo but still put effort into presenting a professional website. If a website capitalizes every other word or has a lot of odd phrasing and punctuation, take a closer look.

4. Look for reliable contact information

Look for several ways to contact the company (phone, email, live chat, physical address) and try them out. Does anyone ever answer the phone? Do you get a generic pre-recorded voicemail or form email? If the only method of contact is an online email form, proceed with caution.

Legitimate websites should have several extra features like an “About Us” section, terms and conditions, a privacy policy, and, if it’s a shopping site, shipping and returns information.Check out each of those pages to make sure they are there and fully populated with actual information.

5. Use only secure payment options

Shopping websites should offer standard payment options, such as credit cards or PayPal. If a website requires you to use a wire transfer, money order, or other unsecured (and non- refundable) form of payment, we recommend staying away, even if the rest of the website looks legitimate.

6. Do your research beforehand

A quick online search of reviews of a website will tell you a lot. You can research the reputation of the seller through the Better Business Bureau and other official review sites. If there aren’t any customer reviews anywhere, that’s a concern. If you find large numbers of negative reviews, that’s a clear signal to walk away.

7. Be proactive about protecting information

If you visited a site that seemed sketchy or want to stay on top of protecting your identity, we recommend using a variety of tools:

• A password manager to keep your personal information safe from hackers
• Identity protection services to keep your identity safe in case of a breach
• Credit monitoring to lock down your finances

Each of these services offers another way to keep an eye on your personal and financial information.

To find out more about how to keep your data safe during these unprecedented time visit our cyber security page here