Think about your average day: how many times do you give out personal information online?
Whether we’re shopping, registering for services, or managing accounts, we provide vendors with personal and information about ourselves. In most cases, companies work hard to ensure this information is protected, and only used in relation to the service you’re using.
However, there are people out there who want to cause harm by stealing your details. At Zopa, I lead a team dedicated to trying to keep your information secure. We’re constantly reviewing and enhancing the strength of our security: so as cyber criminals become more sophisticated, we’re ready for them.
Today, I wanted to outline some of the ways you can be proactive in protecting yourself from one of the most common forms of internet scam: the phishing email.
What is a phishing email?
Cyber criminals are devious: their goal is to trick people into thinking they’re dealing with the legitimate company. One way they do this is with “phishing” emails. These are emails designed to fool, trick or attack you.
Typically, these emails will appear to come from a trusted source (your bank, a known company you have any sort of account with) and may request personal information, such as credit card or bank account numbers. Remember: almost all companies have a policy against asking for personal information via email, so if they are asking for any personal information, including any bank or financial details, this is a strong indication of a phishing email.
Alternatively, they may ask the recipient to click on a link or attachment. These links or attachments may contain a computer virus or another form of malicious software which could potentially disclose your personal information or damage your computer. If you don’t know or trust the sender, or have any other reason to be suspicious, do not click on the link to open the attachment.
What should I look out for in emails?
You can spot which emails are legitimate, and which are phishing, by carefully reviewing anything that seems remotely suspicious. Some tips for checking emails you’re not sure about:
- Don’t trust the display name. A favourite phishing tactic among cybercriminals is to fake the display name of an email. Hover your mouse over the name: is the address what you would expect?
- Check the links. Hover your mouse over any links in the body of the email – is the address that pops up what you expect it to be?
- Check for frequent spelling mistakes. Companies are serious about email quality. Legitimate messages usually do not have major and recurring spelling mistakes or poor grammar.
- Beware of urgent or threatening language in the subject line that invoke a sense of urgency or fear. Subject lines that claim your “account has been suspended” or your account had an “unauthorized login attempt” are common phishing tactics.
- Don’t click on attachments from recipients you are unsure about. Often phishers will Include attachments that contain viruses and malicious software (malware). Malware can damage files on your computer, steal your passwords or spy on you without your knowledge. Don’t open any email attachments you weren’t expecting.
What action should I take if I receive an email from Zopa, but I’m not sure it’s legitimate?
Currently, we send our emails from either @zopa.com or @mail.zopa.com addresses. If you receive an email message that you are unsure about, before you act on it please forward it to us at firstname.lastname@example.org, and we’ll confirm if it’s an email that we sent.
Jonathan Binns is Head of Information Security at Zopa.