Published on: 04 May 2020 16:05

Written by: Maryhill Housing

Internet service provider Hyperoptic have identified a recent malicious third-party phishing scam that we want to make you aware of. Like all phishing attacks, it’s disguised as something else with a view to falsely obtain information.

It appears as a pop-up on your computer and is designed to look like a Hyperoptic competition – it isn’t! If you do see it, don’t click on it but close it down.

If you have clicked on it you should make sure that you change your passwords for all sites that relate to the information that you provided and also contact your bank or credit card provider if you provided any financial information.  Please also let Hyperoptic know by calling 0333 332 1111 or emailing [email protected]

Phishing is a form of cyber crime where criminals try to convince you to click on links within a scam email or text message, or to give away sensitive information (such as your bank details).  Once clicked, you may be sent to a scam website which may download viruses onto your computer or steal your passwords.

Given the current coronavirus (COVID-19) pandemic, cyber criminals are sending emails that claim to have a 'cure' for the virus, offer a financial reward, or encourage you to donate.  Like many phishing scams, these emails are preying on real-world concerns to try and trick you into clicking.  These scam messages can be very hard to spot, and are designed to get you to react without thinking.  If you think you've clicked on a bad link, don't panic - there's lots you can do to limit any harm.

What to do if you've already clicked

If you've already clicked a link (or entered your details into a website), take the following steps:

  • If you're using a work laptop or phone, contact your IT department and let them know. 

  • If you’ve been tricked into providing your bank details, contact your bank and let them know.

  • Open your antivirus (AV) software if you have it, and run a full scan. Allow your antivirus software to clean up any problems it finds. 

  • If you've provided your password, change the passwords on all your accounts that use the same one.

  • If you've lost money, tell your bank and report it as a crime to Action Fraud, the UK's reporting centre for cyber crime. By doing this, you'll be helping the National Cyber Security Centre (NCSC) to reduce criminal activity, and in the process prevent others becoming victims of cyber crime.

Tips for spotting signs of phishing

Spotting a phishing email is becoming increasingly difficult, however, there are some common signs to look out for:

  • Authority - Is the sender claiming to be from someone official (like your bank, doctor, a solicitor or a government department)?  Criminals often pretend to be important people or organisations to trick you into doing what they want.

  • Urgency - Are you told you have a limited time to respond (like in 24 hours or immediately)? Criminals often threaten you with fines or other negative consequences.

  • Emotion - Does the message make you panic, fearful, hopeful or curious?  Criminals often use threatening language, make false claims of support, or tease you into wanting to find out more.

  • Scarcity - Is the message offering something in short supply (like concert tickets, money or a cure for medical conditions)?  Fear of missing out on a good deal or opportunity can make you respond quickly.

  • Current events - Are you expecting to see a message like this?  Criminals often exploit current news stories, big events or specific times of year to make their scam seem more relevant to you.

Your bank (or any other official source) should never ask you to supply personal information from an email.  If you have any doubts about a message, call them directly.  Don't use the numbers/emails in the email, but visit the official website instead.

Make yourself a harder target

Criminals use publicly available information about you to make their phishing messages more convincing.  This is often taken from your social media accounts or website (if you have them).  You can make yourself less likely to receive phishing emails/messages by doing the following:

  • For your social media applications and other online accounts, review your privacy settings.

  • Think about what you post (and who can see it).

  • Be aware what your friends, family and colleagues say about you online, as this can also reveal information that can be used to target you.

  • If you do spot a suspicious email, flag it as Spam/Junk in your email inbox.  Tell your email provider you've identified it as potentially unsafe.

Content courtesy of the National Cyber Security Centre (NCSC).