Cybercrime - know the risks and how to act

Cybercrime traps used to be easy to spot – and deal with: you simply deleted that badly-spelled message from a suspicious email address. But as the fraudsters’ techniques become more sophisticated, we all need to fine-tune our antennae for potential scams.

According to research by Norton, 17.4 million Britons – over a third of adults – have been hit by cybercrime over the past year. Besides the financial loss, which totalled GBP4.6 billion, there’s an emotional and administrative toll too: victims spent an average of two days dealing with the aftermath.1

The erosion of the line between digital activity and ‘real life’ means that risks sometimes lie in unexpected areas. To mark international Cyber Security Month, here are some questions to ask about your resilience to cyberattacks.

Am I at risk?

We all know not to share our bank account or credit cards details. But are you aware of just how useful the information you do share online can be to cybercriminals?

Fraudsters have been known to go to enormous lengths to create convincing personae online. There have been examples of them creating detailed profiles of non-existent people, with extensive histories, career details and ‘friend’ networks, all in an attempt to forge and build trust.

This is known as ‘spear phishing’ – highly targeted scams – and social engineering, where trust is fostered over time, are among the latest weapons in the fraudster’s toolkit.

The ultimate motive could be to install malicious software on a target’s device, allowing fraudsters access to your computer and the information stored on it.

To avoid falling victim to spear phishing ensure you follow these basic rules:

  • Do a brief online scan of publicly available information about you. Consider changing social media profile settings so that information isn’t visible outside existing networks.
  • Be wary when responding to friend requests from unknown sources.

Are you forensic about researching investments?

If some social media profiles are fake, the same certainly applies to online investment platforms. Fake logos, customer testimonies and reviews can be used to create highly professional-seeming websites.

And the Financial Conduct Authority warned this year that investors are losing GBP87,000 every day to binary options scams.2 The FCA has reacted by making binary options – in which consumers are able to make bets on the expected value of a stock, commodity, currency or index – a regulated investment product.

People in the over-50 age group are more likely to fall victim to this type of fraud. However, the FCA found that younger people are more susceptible to investment offers made through social media, as online approaches supplant cold-calling as the most common contact channel for investment fraudsters.

Research investments thoroughly through Companies House or the FCA’s website, which includes a register of authorised companies and a warning list of known fraudsters.

Do you buy high-price items online?

For art and antique enthusiasts, the digital world has opened up a world of new possibilities - but fake goods on auction sites are a risk.

Seasoned collectors may be wary enough not to fall for counterfeit goods. But a more common danger is that items may not exist or, once paid for, never arrive.

Don’t pay for unseen goods via bank transfer. Use a credit card or another third-party provider. This offers protection under the Consumer Credit Act if something goes wrong.

How careful are you with IT outside the home?

Theft can happen despite the best precautions. Think about what might be accessible to a thief if you were to lose your tablet, phone or laptop.

Free wi-fi hotspots in public places might be dangerous than you think. Fraudsters can set up spoof networks, often with similar-sounding names to legitimate ones nearby. When you sign up to these networks, your information can be intercepted.

Action list for using staying secure on the move:

  • Consider using automatic tracking software, which can help locate a stolen device that’s connected to the internet.
  • Never use public wi-fi to make a purchase, check bank accounts or send other sensitive information. If you must use public wi-fi for other reasons, double-check the exact network name with the establishment providing it.

Do you protect devices other than laptops, tablets and phone?

Smart lighting, thermostats, ventilation, security cameras and other devices are now common features in many homes. By 2025, there will be an estimated 25 billion connected devices.

These technologies bring benefits of automated activation and remote control – but the down side is that they can open up new breaches in the security of your network or your home itself. Criminals have also been known to hijack connected devices to attack wider systems – in one case, blocking access to global platforms such as PayPal and Twitter.

While the government has called on manufacturers to build in more robust security to these devices, many common household items still lack basic protection With this in mind, try to listen out for newly reported vulnerabilities, keep all apps up to date and ensure that you purchase additional safety measures as and when required.

How alert are you in responding to emails?

email threats have come a long way since the unsolicited and misspelled requests to help move a large sum of money from overseas. Scams of this kind still arrive in inboxes daily, of course, but their crudeness can breed complacency that could allow more sophisticated frauds to succeed.

A recent trend is for hackers to hijack individuals’ email accounts, usually via phishing emails. They then monitor the accounts for a chance to intercept an invoice.

If you were expecting an invoice from a tradesperson, for example, you might pay it without double-checking that the email address was correct. But by ‘spoofing’ – making a minor change to the spelling of an email address – fraudsters can make it seem legitimate at a brief glance. And it’s simple to fake an invoice, or simply intercept a genuine one and alter the bank details.

Always check the email address and bank details before paying an emailed invoice. Ideally, check with the recipient by phone, using a contact number you know is legitimate.

Cybersecurity is all about keeping up-to-date with your online practices and in your cyber-awareness. Across HSBC, we’re dedicated to supporting you against cybercrime, so speak to your RM today.

1 Global Comparisons United Kingdom, Norton Cyber Security Insights Report, 2017

Back to top Back to top

Important information

This material is issued by HSBC Private Bank (UK) Limited which is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority in the UK. It has been issued for your information purposes only.

Please note that HSBC does not provide tax advice and clients should seek professional advice from their tax advisor. Any reference to tax is based on our knowledge of the current and proposed tax regime and is subject to change.

In the United Kingdom, this document has been approved for distribution by HSBC Private Bank (UK) Limited whose office is located at 8 Cork Street, London, W1S 3LJ.

No part of this publication may be reproduced, stored in a retrieval system, or transmitted, on any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without the prior written permission of HSBC Private Bank (UK) Limited.