Skip to content

University expert in warning over cyber-phishing scams aiming to ruin your Christmas

A University of Gloucestershire cyber expert is urging shoppers to be aware of three rapidly growing scams when buying online in the run up to Christmas.

As more time is spent buying online heading towards Christmas, Professor Kamal Bechkoum, Head of the University’s School of Computing and Engineering, has backed the National Cyber Security Centre’s warning to shoppers about fake shops, scam messages and bogus adverts.

Professor Bechkoum (pictured) said: “It’s worth remembering more than 90% of cyber breaches happen because of human error.

“The biggest danger is coming from three rapidly-growing types of cyber ‘phishing’ where hackers pose as someone you might know, or a real organisation, to lure victims into giving away access to their personal data, such as usernames, passwords or credit card numbers.

“The first type to be aware of is mass phishing, where an email, text or social media message is sent to thousands of people demanding urgent action, such as clicking on a weblink or downloading an attachment.

“The next is ‘spear phishing,’ where messages are far more personal and believable.

“The final type is the highly sophisticated ‘clone phishing,’ which involves hackers replicating a genuine email address or social media profile to create a nearly-identical copy of a real person or organisation contacting you.

“Although messages from cloned email addresses or social media accounts might look like the genuine article, they usually contain malicious links to malware that attempts to steal personal information and your contact lists.”

The Government’s latest report on cyber security breaches found 39% of businesses experiencing an attack were hit by phishing attempts (83%).

Similarly, The 2022 State of the Phish Report found 91% of organisations had faced phishing attacks throughout 2021.

Urging individuals and business to protect themselves, Professor Bechkoum said: “We can all take three key steps to combat cyber-phishing and these come under the headings of ‘people, equipment, and procedures’.

“For people, are you or your firm is fully trained to spot and prevent a wide range of cyber-threats? If not, consider learning more or getting professional help to improve your knowledge. People are always the very first and last line of defence.

“With equipment, ask yourself whether your passwords are updated, are firewalls in place, and do you have the latest antivirus systems installed? Does your business have policies in place that block phishing attacks and keep systems secure?

“Finally, when it comes to procedures, do you have good personal ‘cyber-hygiene?’ Do you always review or reject unexpected messages, and approach every online message with caution?

“Does your organisation have clear policies on password requirements, access control, portable devices and remote working, handling sensitive data, and a plan of how to handle a cyber attack?

“Keeping up to date with cyber security is becoming a requirement of our everyday lives and for company directors it’s a crucial demand.”