(4 min read)
It doesn’t always happen to ‘someone else’. Sometimes, it happens to us – or people we know.
In fact, it’s happened to the family and friends of the Psybersafe team. Luckily, we’re on hand to give advice about reporting cyber attack or scam attempts, and how people can protect themselves in the future.
But what this goes to show is that it doesn’t matter how tech-savvy or super-security-conscious you think you are. Scammers and hackers are clever, and faster, sneakier and more motivated. So if they can find a way into your details or your finances they will – and often so smartly that you might not notice until it’s too late.
Hijacked conveyancing email thread
One of our team’s family members was buying a house recently. As first-time buyers, they had carefully saved a deposit and were using a local, recommended conveyancing solicitor. They’d found their perfect home and had painstakingly gone through all the documentation and paperwork.
As the dates for exchange of contracts and completion got closer, they received an email from the solicitor about the process. They responded with a couple of questions, which the solicitor answered. The solicitor then asked for the deposit funds to be sent to their account so that they could pay it to the seller’s solicitors on exchange, and put the account details in the email.
Our buyers sent 50% of their deposit to the account (it was too much to do in one transaction), and were in the process of sending the remainder when they had a separate email from the solicitors saying they thought they had been hacked – but that there hadn’t been any compromise to the buyers’ process.
Still, just to double check, our family member rang the solicitor to confirm the account details before sending the rest of the deposit. And wow, that was lucky, because it turned out that the hacker had got into the legitimate email chain and inserted fake account details – into which the buyers had paid their money!
Luckier still, the solicitor was able to contact the bank where the fake account had been set up, and our buyers had their money returned. After a few very nervous days, the sale did go through, and our first-time buyers are now settled in their new home. Mightily relieved.
The lesson here? Solicitors shouldn’t send out account details in an open email, so that’s suspicious. Always phone your solicitor to double check that you have the right details before you send any payment, and call them again to confirm that the money is in their secure account.
Our buyers reported the scam to Action Fraud and checked that the solicitors had reported the hack to the Information Commissioner’s Office. They also double checked that other documents for their account – such as passport copies and bank details – hadn’t been compromised.
Using Google Maps to defraud
Sextortion is a growing method of blackmail. According to the National Crime Agency, it’s often carried out by criminal gangs who are based overseas. One of the more recent developments in sextortion cases is to claim that the blackmailer is watching your house. To prove this, they send you a picture of your front door. This is terrifying for some victims, who believe they are being stalked and pay the money over to the blackmailer.
What’s actually happening here is that the criminals have your name and contact details, including your address. They use Google Street View to grab a view of your house and then use this as part of the extortion attempt.
How can you prevent this? You can actually go into Google Maps and blur the view of your property. And even if you’re not worried about sextortion, it’s a good thing to do anyway, to protect your privacy. Here’s a quick guide on how to do it.
And if you’re worried about sextortion, or you or a family member has been a victim, you can find out more about reporting and support on the NCA website.
You can also read our recent blog on bailiff scams – another security issue brought to our attention by a close contact.
What can you do?
Share this blog with your friends and family – these are not isolated cases, we’re all potential targets. Hackers don’t care where they get their money or information from!
If your solicitor is still sending their bank details by email, call them out on it. It puts you, them and all their other clients at risk. And by the way, how are you sending all your personal information to them? Are they offering you a secure way of sharing documents?
Make sure you have mujlti-factor authentication set up on all your sensitive or financial accounts. Read the tips in our digital citizenship article to find out more.
We love behavioural science. We’ve studied it and we know it works. Why not contact us at Dit e-mailadres wordt beveiligd tegen spambots. JavaScript dient ingeschakeld te zijn om het te bekijken. to see how we can help your organisation gain better, long-term cyber security habits?
Sign up to get our monthly newsletter, packed with hints and tips on how to stay cyber safe.
Mark Brown is a behavioural science expert with significant experience in inspiring organisational and culture change that lasts. If you’d like to chat about using Psybersafe in your business to help to stay cyber secure, contact Mark today.