THE
LAW CORNER

SCAM MESSAGE “PHISHING” GUIDANCE

This page provides some simple guidance as to how to protect yourself from online scammers.

Introduction

Cyber-crime is on the rise, representing a multi-billion-dollar industry and a threat to individuals’ and businesses’ safety globally.

Our email spam filtering is set to the maximum, which significantly reduces the number of scam emails we receive, but unsolicited messages will still get through.

Even with technical solutions to block or warn of scam messages, the best defence is education. This article will provide some guidance as to how to protect yourself from cyber-threats, focusing mainly on scam emails.

Please note that The Law Corner will never ask you to share any financial details, transfer money, or buy anything for us via email. If we appear to do so, please feel free to double-check with us directly (i.e. not in response to the request) before engaging with the original message.

What is phishing?

‘Phishing’ is when criminals use scam emails, text messages or phone calls to trick their victims. The aim is often to make you visit a website, which may download a virus onto your computer, or steal bank details, get you to transfer money/vouchers or other personal information, like your phone number.

Recognising online scams

Cyber criminals may contact you via email, text, phone call or via social media. They will often pretend to be someone (or an organisation) you trust. This could even be pretending to be a member of The Law Corner team. They might contain bad spelling or grammar, come from an unusual email address, or feature imagery or design that feels ‘off’. It used to be easier to spot scams, but scams are getting smarter and some even fool the experts. Today, these scammers are highly organised and even hire experts (such as psychologists) to make their campaigns more effective.

As a general rule, if it ‘smells’ fishy, it’s probably ‘phishing’. I.e. if the message feels odd, then double-check with the team before engaging with the message.

How to spot scam messages or calls

Scammers try to quickly gain your trust or aim to pressure you into acting without thinking using common psychological strategies that can work on anyone not expecting them. If a message or call makes you suspicious, stop, break the contact, and consider the language it uses. Scams often feature one or more of these tell-tale signs.

1. Authority

Is the message claiming to be from someone official? For example, your bank, doctor, a solicitor, a coordinator or a government department. Criminals often pretend to be important people or organisations to trick you into doing what they want.

They may claim to be a Coordinator!

2. Urgency

Are you told you have a limited time to respond (such as ‘within 24 hours’ or ‘immediately’)? Criminals often threaten you with fines or other negative consequences. We are unlikely to ask anything of you urgently, so check with us separately and directly if you think the message is a scam.

3. Emotion

Does the message make you panic, fearful, hopeful or curious? Criminals often use threatening language, make false claims of support, or tease you into wanting to find out more. We will never use such language.

4. Scarcity

Is the message offering something in short supply, like concert tickets, money or a cure for medical conditions? Fear of missing out on a good deal or opportunity can make you respond quickly.

5. Current events

Are you expecting to see a message like this? Criminals often exploit current news stories, big events or specific times of year (like tax reporting) to make their scam seem more relevant to you.

How to check if a message is genuine

If you have any doubts about a message, contact the person/organisation it is claiming to be separately and directly using contact details you know are correct. Do not use the numbers or address in the message – use the details from their official website/your existing contact book. Also, please do not be embarrassed contacting the individual/organisation – it is better for everyone to check first. Even if the message turns out to be genuine we will appreciate you being conscientious of scams.

Remember, your bank (or any other official source) will never ask you to supply personal information via email, or call and ask you to confirm your bank account details. If you suspect someone is not who they claim to be, hang up and contact the organisation directly. If you have paper statements or a credit card from the organisation, official contact details are often written on them.

All emails from a non ‘@thelawcorner.org.uk address automatically have ‘[EXTERNAL]: ‘ added to the subject, so even if the email looks as though it has come from a member of the team, this may help you to identify that it has not.

Check the actual sender address, not the ‘spoofed’ address. A ‘spoofed’ address is one where the display name might make it appear like the email address you are expecting but hovering the mouse over the address to see the tool-tip pop-up or copy/pasting the address into a text editor can reveal the actual (and often clearly not valid) address it has been sent from. For example, the address may appear to come from “Nabil” but if you hover over the address/copy paste it into a text editor, you may see that it is from an address that is clearly not a Law Corner address like “12345@something.net” If in doubt, contact the individual directly to check and do not reply to the original message.

What to do if you spot a scam message

If you have not engaged with the message in any way, typically ignoring the message (or moving it to your junk folder) is sufficient. If you engage with it, it is best to let a member of the team know. Engaging can include: replying, downloading/opening an attachment, clicking on a link or starting to follow their instructions (like providing information or money).

Do not be embarrassed to tell others, these messages are designed to trick even the smartest of us all and it happens millions of times a day worldwide!

THELAW CORNER