Metro Bank shares three top tips on how to battle a cyber-attack hot on the heels of the news that many large organisations have just experienced data breaches with national insurance numbers and bank account details suspected of being compromised.
“Consumers have to take an active part in protecting their identity and key financial data,” warns Metro Bank’s Head of Fraud & Investigations, Baz Thompson. “Scammers, hackers and criminal activity has reached enormous magnitudes and whilst the banking industry continues to fight this war, occasionally these fraudsters win a battle and individuals are the victims.”
Incredibly criminals even capitalise on data breaches that are publicised in the news by taking this information to create phishing messages (such as emails and texts) which appear to be from the company that has been affected. The message is designed to make it sound like you're being individually targeted; however, the criminals are sending out millions of these scam messages, hoping to trick a small percentage of consumers.
Even if your details have not been stolen in the data breach, the criminals will exploit high profile breaches (whilst they are still fresh in people's minds) to try and trick people into clicking on scam messages in the belief their data has been compromised.
There are a few basic steps consumers can do to help protect their financial data and beat the scammers.
- Passwords
These are the first line of defence, and the strongest passwords contain at least eight characters and are a combination of cases, numbers, letters and symbols. Do not use the same password across sites and also consider using a password manager. The easiest way to create a strong password that you can remember is to pick a familiar song and use the first letter from each line. So, for example, Baa Baa Black Sheep becomes Bbbshyaw?Ysys3bf – a very strong password. Then change your password regularly – at least every three months at a minimum. - Check your bank account & credit cards regularly
One in five Europeans have experienced identity theft. The sooner you spot a suspect transaction – possibly from potential identity fraud – the quicker you will stop the scammers in their tracks and help protect yourself. If you spot anything unusual, contact your bank immediately, so they can take further action to protect you. - Be suspicious of any unprompted emails, texts or phone calls that ask you to click on links or submit personal information such as passwords. The average UK adult has relationships with over 40 service providers – which means we have a lot of financial relationships for scammers to exploit.[1]
If you receive an unprompted message claiming to be from an organisation that has suffered a recent data breach the message could ask you to log in and verify your account because 'fraudulent activity has taken place', or similar.
These scam messages will typically contain links to websites that look genuine, but which store your real details once you’ve typed them in. Or these websites could install viruses onto your computer or steal any passwords you enter.
Like many phishing scams, these messages are hard to spot, and are capitalising on real-world concerns (in this case, a publicised data breach) to try and trick you into responding.
And it's not just emails or texts – there can be unprompted phone calls as well.
Do not respond, do not click on links, hang up the phone – contact your bank or the organisation independently using numbers on official statements, on the back of cards, or for some banks you can call 159. If calling from a landline, leave it for five minutes before telephoning your bank to ensure the call is completely cut. There are so many scams around, genuine companies will not mind you ignoring any emails, texts or phone calls – they will understand you want to reassure yourself that you are dealing with a genuine request.
If you find that any of the above has happened, you should also contact Action Fraud as soon as possible. Action Fraud is the UK’s national fraud and internet crime reporting centre and it can be reached on 0300 123 2040 or via the Action Fraud website.
Baz Thompson concludes: “Fraud is the most common crime in the UK[2] and there are simply not enough resources to fight it. Despite accounting for 40% of recorded crime, only 2% of police funding is dedicated to tackling fraud[3]. Over £1.2 billion was lost last year through fraud here in the UK. Consumers need to do more to protect themselves – so if you are being pressured to act quickly, or give money, please be aware that this is likely to be a scam. Stop, Challenge and Protect yourself from becoming a scam victim.”
[1] Experian – Improving Financial Health report 2023
[2] source National Crime Agency