How to spot spear-phishing scams

Spear-phishing

People are getting better at recognising scams, especially those that are generic, impersonal and come with a recognisable warning like that their bank account has been compromised.

That’s why scammers have started using a tactic called spear-phishing to better disguise their true motives.

Spear-phishing uses people’s personal information to appear more convincing, like your name, address, date of birth and even facts about your life, like where you went to school.

How do fraudsters get my info?

A scammer on social media is like a kid in a candy shop. Personal info on every corner, with profiles full of posts and time-stamped pictures sharing details and exact locations.

Public accounts are especially vulnerable because scammers don’t even need to connect with you to view your data – it’s all right there. That’s why it’s important to ask yourself: does your account need to be public, e.g. for your work, or could you change your settings to private?

According to Which? data, 32% of people share their birthdays on Facebook, 24% share images and/or names of their friends on public Facebook accounts and 18% do so on their public Instagram accounts.

Who’s at risk?

We often assume older generations are less tech-savvy and fall for fraud more easily than younger people. But it turns out this is not necessarily the case.

Which? found that Gen-Zers are more likely to click on a link sent in a direct message from a stranger than baby boomers.

In total, 13% of respondents said they’d given personal information after clicking on a link sent to them in a direct message. That’s the equivalent of 7.7 million people across the UK.

How do I avoid getting conned?

If you’re not sure whether a message is genuine, it’s always best to do some research. Google the company’s website and check if they seem legit. Try to get in touch with them – but make sure not to click any links from messages or emails.

Protecting your devices is vital to avoiding attacks. It’s a good idea to install antivirus software on your laptop and phone to help keep your data safe.

To protect yourself against email leaks, you can sign up to websites using temporary email addresses using services like Temp Mail or Guerilla Mail.

Data leaks are more common than you might think. You can check whether you’ve been hit by a data leak online. If your data’s been compromised, log out of your account on all your devices and make sure to change your password.

The rise of energy scams

The soaring price of energy has become a major worry for many people. In recent years, the number of energy scams has grown massively.

These fraudsters take advantage of people struggling with money by promising grants, cheap energy, or ways to save energy.

More than 40 million people were targeted by scammers last year alone and 12% of scams were energy-related, according to Citizens Advice.

To protect yourself, read our guide on avoiding energy scams.