bank scammers
,

Bank scammers: what you’ve told us!

Earlier this year, we shared one of our articles on Facebook. The post was called Has your bank warned you that you are being scammed? Watch out!’ And the responses we’ve received confirms just how much of a problem this type of cybercrime is.

Has your bank warned you that you are being scammed? Watch out!

In our post, we said that there has been a rise in shrewd and dangerous bank scams. A few years ago, it was easy to spot criminals; often because of the clumsy way they tried to get people to hand over their bank details. But this is no longer the case. Today’s scammers are smarter than ever, so people need to be extra vigilant.

We shared one example where people get a call from “their bank”, warning them that they are in the process of being scammed. But, in a panic to make sure they don’t become a victim, these individuals often give criminals access to the very data they need. We also revealed how one of our team helped to stop a financial scam when it became clear that cybercriminals were targeting her friend on Facebook. Find out more about the Google Pay Scam.

What did you tell us?

While we hope that our post will help people to challenge and stop bank scams, some of the things you told us are just as enlightening.

Banks still don’t understand the need for security checks

Some people told us how, even today, some banks still don’t understand the need for basic security checks:

“I remember years ago getting a (probably genuine) phone call from my bank. They were totally flummoxed when I asked them to prove who they were before I answered any security questions to prove who I was!

Another said:

“Went into the branch and they verified it was a genuine marketing call and couldn’t understand my refusal to talk to an unidentifiable cold caller.”

And, someone else commented:

“One young man wanted our security when he had rang us. When asked for proof he got quite indignant. We always say write to us if it’s that important.”

However, you should never be rushed into handing over personal or financial information. If something doesn’t feel right, do what these customers did and listen to your instincts. Leave the conversation if it makes you at all uncomfortable. A legitimate organisation should never try to talk you out of taking security checks.

Be careful – even if asked to call your bank back

Other people warned that, if you are called on your landline, cybercriminals can still be on the phone even after you hang up. So, as a precaution, you should use a different phone, or phone someone you know to clear the line before calling your bank.

At Hayes Connor Solicitors, we are aware of one sophisticated scheme in which scammers told people that their bank accounts had been hacked. But cleverly, they also encouraged the victims to phone their banks back using trusted contact details. But these scammers didn’t hang up. Instead, they stayed on the line and played a dial tone. When the intended victims called their banks, the scammers impersonated a bank employee and asked them to confirm their PIN and bank details.

The good news is that, over the last few years, the phone companies have put measures in place to ensure that the line clears regardless of who hangs up first. But to stay safe, you should NEVER disclose security details such as your PIN or full banking password to anyone, including anyone calling from your bank. Banks will never ask for this information. Likewise, they won’t ask you to transfer money to another account for safekeeping. If you think you’ve already been a victim of this scam, contact your bank or card company immediately.

Just because a number looks genuine, doesn’t mean it is

Don’t assume an email, text or phone call is authentic. Just because someone knows some personal information about you (i.e. your address, mother’s maiden name etc.), that doesn’t mean they are genuine. Likewise, even if a call or text comes through from a number that looks authentic, it might not be. As one person pointed out:

“Also by spoofing a mobile number they can add messages to a pre existing thread on your phone, so it appears the bank has just replied to your message, or their messages appear under your banks name along with the genuine ones!”

This is correct. Most phones let you see the number of the person calling before you answer. However, fraudsters often change the caller ID to mirror that of your bank. This is called spoofing. What this means is that calls and texts could show up as being from your bank, even if they are not. Text messages from criminals can even appear alongside legitimate texts sent out by your bank.

Is mobile banking the problem?

According to some people who read our post, mobile banking has made it easier for criminals.

“All this scamming never happened before mobile online banking. Stick to banking in branch. Banks have only themselves to blame when they have to pay compensation.”

 It’s true that our digital world comes with additional risk. But there is no going back, and the convenience of online banking cannot be underestimated. However, it is up to the banks to protect their online customers. Although, in our experience, such protection is sometimes woefully lacking. So, with criminals becoming increasingly savvy, we all must do what we can to protect ourselves from banking scams. And claim compensation where the banks have failed, as this is often the only way to force them to improve their security processes.

Get digitally aware

At Hayes Connor Solicitors, we want to reduce the number of data violations and successful cyber scams taking place across the UK. To do this, we are raising awareness of this issue and educating people to help stop fraudsters in their tracks.

For more advice on how to keep safe, follow us on Twitter and Facebook.

Alternatively, if you have been the victim of an online scam, contact us find out how we can help you to recover any losses.

ico
,

Agreement reached between Facebook and the ICO

According to a statement on the Information Commissioner’s Office (ICO) website, an agreement has finally been reached between Facebook and the data protection regulator. This comes after Facebook was accused of failing to protect the personal data of its users. As part of this agreement, Facebook has agreed to pay a £500,000 fine but has made no admission of liability.

What happened in this case?

In 2018, a whistle-blower revealed how Facebook data was harvested to target American voters on behalf of Donald Trump’s election team. Speaking to journalists, Christopher Wylie, an ex-employee of data analytics firm Cambridge Analytica, said that millions of Facebook profiles were harvested and used by his then employer to influence the US presidential election. There were also concerns over whether illegally acquired data was used to target voters and influence the EU referendum result.

Furthermore, while Facebook found out about the breach in 2015, the social media giant failed to alert its users, and did not take adequate steps to recover and secure the private information. In response, the ICO launched an investigation into the activities of Facebook and the retention, sharing and distribution of data illegally in the UK. As part of that investigation, on 24 October 2018, the ICO issued a penalty of £500,000 against Facebook.

Incidentally, in May 2017 the ICO announced a formal investigation into the use of data analytics for political purposes. It admits that, at this time, “we had little idea of what was to come”. Today, this investigation is one of the largest of its kind and is ongoing.

How did Facebook respond?

Facebook chief executive Mark Zuckerberg admitted user privacy mistakes and said he realised he needed to be more public and accountable. In an interview with CNN, he said that he would not be against regulation of his social media company. He has also pledged to review “thousands of apps” in an “intensive process”. However, rather than paying the ICO fine, Facebook filed an appeal.

After much negotiation between the two parties, an agreement has now been reached.

What is the result of this case?

Facebook has now agreed to pay the £500,000 fine to settle the investigation into data harvesting by Cambridge Analytica (now defunct). But despite this, the company does not admit wrongdoing. It argues that it didn’t violate people’s privacy by allowing the data transfers and that its prior terms of service and privacy policies allowed for the transfer of user data to outside developers, unless people adjusted their privacy settings. The ICO has rejected that position.

However, the settlement does allow Facebook to resume its own investigation into issues around Cambridge Analytica. And, as a result, the ICO believes that this agreement best serves the interests of all Facebook users in the UK.

Commenting on the agreement, James Dipple-Johnstone, the ICO Deputy Commissioner said:

“The ICO welcomes the agreement reached with Facebook for the withdrawal of their appeal against our Monetary Penalty Notice and agreement to pay the fine. The ICO’s main concern was that UK citizen data was exposed to a serious risk of harm. Protection of personal information and personal privacy is of fundamental importance, not only for the rights of individuals, but also as we now know, for the preservation of a strong democracy. We are pleased to hear that Facebook has taken, and will continue to take, significant steps to comply with the fundamental principles of data protection. With this strong commitment to protecting people’s personal information and privacy, we expect that Facebook will be able to move forward and learn from the events of this case.”

Harry Kinmonth, Director and Associate General Counsel, Facebook commented:

“We are pleased to have reached a settlement with the ICO. As we have said before, we wish we had done more to investigate claims about Cambridge Analytica in 2015. We made major changes to our platform back then, significantly restricting the information which app developers could access. Protecting people’s information and privacy is a top priority for Facebook, and we are continuing to build new controls to help people protect and manage their information. The ICO has stated that it has not discovered evidence that the data of Facebook users in the EU was transferred to Cambridge Analytica by Dr Kogan. However, we look forward to continuing to cooperate with the ICO’s wider and ongoing investigation into the use of data analytics for political purposes.”

Social Media and politics

Despite the agreement, it seems that the controversy over how social media is used politically is far from over. Not least because, on the very same day the settlement was reached, Twitter announced that it would stop accepting political ads. This move puts Twitter at odds with Facebook executives who have robustly defended their policy of not fact-checking political ads. But, despite Zuckerberg’s uncompromising stance on this matter, the fact that Twitter has decided not to permit political advertising will put additional pressure on Facebook.

For more data privacy protection news and updates, follow Hayes Connor Solicitors on Twitter and Facebook.

push payment
,

How to avoid push payment fraud

Push payment fraud happens when cybercriminals trick people into sending them money. Because the individual thinks the cybercriminal is genuine, they authorise the handover of cash. The money is then swiftly transferred to different accounts, often abroad, which makes getting it back almost impossible.

Push payment fraud is carried out in many different ways, but ultimately fraudsters are looking to trick you into believing that you are making a payment to someone you can trust.

In some cases, the criminals involved might call hundreds (or even thousands) of people in the hope of deceiving someone. But often these scams are highly targeted and come after hacking a victim’s emails to identify the information needed to defraud them. Push payment fraudsters might also use information violated during a data breach to target their next victims.

Find out more about push payment fraud.

What can you do to protect yourself from push payment scams?

  • Never disclose security details such as your PIN or full banking password
  • Don’t assume an email, text or phone call is authentic. Just because someone knows some personal information about you (i.e. your mother’s maiden name), that doesn’t mean they are genuine
  • Know that banks or other trusted organisations will never contact you and ask for your PIN or full password, or ask you to transfer money to a safe account
  • Be aware who you’re sharing your personal information with. Only give out details to a service you trust and that you’ve contacted directly or are expecting to be contacted by. Even then, do not hand over sensitive information such as your PIN or password
  • Don’t be rushed into handing over personal or financial information
  • If something doesn’t feel right listen to your instincts. Leave the conversation if it makes you at all uncomfortable
  • Always question who you’re talking to. If in any doubt call them back using trusted contact details (you can usually find these on your bank cards) to check the request is genuine
  • Don’t be afraid to say you’ll get back to someone using the phone number or email address as listed on their website. A legitimate organisation would never try to panic you out of taking security checks
  • Never automatically click on a link in an unexpected email or text
  • Make sure you look at the address bar when logging into a website. If there is a padlock icon your connection is secure. If a site doesn’t have this lock icon, do not share any sensitive information
  • If you’re worried that you may be at risk, report it to the Police or Action Fraud straight away.

Getting your money back if you are a victim of push payment fraud

If you have been the victim of a push fraud and need help getting your money back, there is some good news.

Historically, banks avoided paying push payment scam compensation to victims unless there was a fault in their processes. This is because the customers have authorised the payments. However, because of new regulations, people who have been scammed into transferring money directly to a cybercriminal can expect stronger protections.

However, if you have been a victim of this form of cybercrime and your bank is refusing to help, we might be able to help you get your money back, as well as compensation for any distress suffered.

 To do this, we are considering a group action claim against banks who have failed their clients after they have lost money through no fault of their own. A group action is where a group of people, all affected by the same issue, collectively bring their cases to court. Group actions can be a powerful tool and can have a bigger impact than a single claim.

Find out more about making a Push Payment Group Action Claim

Get digitally aware

At Hayes Connor Solicitors, we want to reduce the number of data violations and successful cyber scams taking place across the UK. To do this, we are raising awareness of this issue and educating people to help stop fraudsters in their tracks.

For more advice on how to keep safe, follow us on Twitter and Facebook.

Alternatively, contact us find out how we can help you to recover any losses. We can help you to claim compensation and steer you through the aftermath of a bank or credit card scam – minimising the impact on you as much as possible.

personal data breach
, ,

421 million personal records breached in October 2019

According to cyber risk experts IT Governance, a staggering 421,103,896 data records were confirmed breached last month. Shockingly, that’s considered a good month for data security as the figure only represents about 50% of the monthly average.

October was CyberSecMonth

October was CyberSecMonth. This is an annual campaign, run by the EU, which aims to raise awareness of cybersecurity threats and promote cybersecurity. It does this the same way we do at Hayes Connor – through education and the sharing of good practices.

However, despite the initiative, an IT Governance blog listed all the data breaches and cyber attacks carried out in October. Critically, there were “111 incidents, including several in which sensitive and financial information was compromised”. The post also revealed that it was a “particularly bad month for the UK, with 9 confirmed breaches”.

UK data breaches

The UK-specific incidents which took place in October 2019 included:

Bolton NHS Foundation Trust  

A data breach at Bolton NHS Foundation Trust which saw the personal details of 425 pupils from two Greater Manchester secondary schools ‘misplaced’. The privacy violation occurred when the school nursing service transferred records of children moving from primary to secondary school.

Norfolk and Norwich University Hospital 

A data breach at Norfolk and Norwich University Hospital which resulted in the personal details of 11 patients being sent to the wrong address.

North Devon District Hospital 

A data breach at North Devon District Hospital which saw a patient’s voicemail message, containing personal patient details, becoming the hospital’s answerphone message. Because she had provided her phone number in her message, she was subsequently inundated with calls from patients giving details about their health problems.

PouringPounds.com 

A data breach at money-saving websites used by over 3.5 million which leaked sensitive information onto the dark web. This affected British website PouringPounds.com and Indian sister site CashKaro.com. The data exposed includes bank details, full names, mobile phone numbers, email addresses, plain-text passwords and usernames, IP addresses, and more.

Sonic Jobs 

Data leaks at recruitment sites Authentic Jobs (US) and Sonic Jobs (UK) which exposed 250,000 CVs online.

Home Group 

A breach at Home Group which provides homes to people in England and Scotland. The breach – which affected 4,000 customers – involved names, addresses and contact information.

West Berkshire Council 

A privacy violation at West Berkshire Council after it sent a leisure survey to 1,107 recipients who could all see each other’s email addresses.

UKIP

An alleged theft of data at UKIP after certain individuals were accused of stealing data from the party. In response, the party has suspended its leader and three other members.

Preston Police

A breach at Preston Police force after a receptionist illegally used her force’s confidential database to help her best friend find out about relatives who had been arrested.

Organisations must do more to protect personal data

Commenting on these cases, our managing director and data protection expert Kingsley Hayes said: “Businesses who are not already taking their data protection obligations seriously must step up their data protection practices or face legal action and hefty costs.

He added: “This is particularly important as a recent Court of Appeal makes it possible for people to make a data breach claim, even if they haven’t suffered financial or emotional damage as a result. If a company does not protect an individual’s data in the way it is legally obliged to do, that person can claim for this data privacy failure. What’s more, people can now seek compensation even if the only personal information breached was their email address.”

Find out more about the recent changes.

Have you been affected by a UK data breach?

In the UK, organisations MUST tell you if they have breached your personal data. They are legally obliged to do this under the Data Protection Act.

But despite this, too often people still don’t know that their data has been breached until they hear that a company has been fined by the ICO (or read about it in an article such as this one).

In such cases, it’s worth finding out whether your data was put at risk. Because, if so, you may have a claim for compensation.

What can you do if you were affected by one of these data breaches?

If you have been the victim of a privacy violation due to an organisation breaching any part of the Data Protection Act, you have a right to claim compensation. At Hayes Connor Solicitors, we’ve been helping people to do just that for over 50 years. So, we know what it takes to make a successful data breach compensation claim.

A data breach can result in both financial and/or identity theft. And the result of either of these can be devastating. With enough information, cybercriminals can apply for credit in your name, set up fraudulent bank accounts and access your existing accounts.

But the impact of data breaches goes much further than financial losses. Many victims go on to suffer from stress, anxiety and distress. And, according to Victim Support, the effects of crime can last for a long time. Crucially, if an organisation has failed to protect your personal data, you have a right to claim compensation. Even if you haven’t suffered as a result.

In most cases, data breaches happen because of a failure to implement reasonable and robust processes. So, claiming compensation isn’t just in your best interests. The only way organisations will be persuaded to take their responsibilities seriously and make the necessary improvements is by hurting their bottom line.

START A DATA BREACH COMPENSATION CLAIM

 

 

 

twitter
,

Twitter bans all political ads

Twitter has announced that it will ban all political ads. The move comes in advance of the next UK General Election, which is set to be held on 12 December.

Why has Twitter banned political ads?

In a series of tweets, Twitter chief executive Jack Dorsey said:

“A political message earns reach when people decide to follow an account or retweet. Paying for reach removes that decision, forcing highly optimized and targeted political messages on people. We believe this decision should not be compromised by money.”

He added:

“While internet advertising is incredibly powerful and very effective for commercial advertisers, that power brings significant risks to politics, where it can be used to influence votes to affect the lives of millions.”

He also said that the Twitter political ads decision wasn’t about free expression. Rather it was about paying for reach:

“And paying to increase the reach of political speech has significant ramifications that today’s democratic infrastructure may not be prepared to handle. It’s worth stepping back in order to address.”

Twitter bans political ads. Is this good news?

The reaction to the announcement has been mixed with people on one side of the debate seeing this as a win for democratic and fair process, and others seeing it as an attempt to silence certain politicians. However, some could argue that the people most upset about the decision are those who have allegedly used social media to carry out extensive misinformation campaigns.

The UK data protection regulator (the ICO), will no doubt be happy with the move as it has serious concerns about how data is being used for political purposes. In fact, in 2017 it launched a formal investigation into this very topic. The investigation is one of the largest of its kind and is ongoing.

Is social media influencing our votes?

The evidence certainly seems to point that way. The Electoral Commission, the ICO, A Department for Digital, Culture, Media & Sport Committee and The Institute of Practitioners in Advertising have all raised concerns about microtargeting specific voters profiled using unknown data.

Indeed, according to an ICO report:

“Citizens can only make truly informed choices about who to vote for if they are sure that those decisions have not been unduly influenced.

“The invisible, ‘behind the scenes’ use of personal data to target political messages to individuals must be transparent and lawful if we are to preserve the integrity of our election process.

“We may never know whether individuals were unknowingly influenced to vote a certain way in either the UK EU referendum or the in US election campaigns. But we do know that personal privacy rights have been compromised by a number of players and that the digital electoral ecosystem needs reform.”

What will happen next?

It is yet to be seen if Facebook – which has been widely criticised for helping to spread political misinformation – will also step up to the mark. Certainly, Facebook executives have robustly defended their policy of not fact-checking political ads. But, despite Zuckerberg’s uncompromising stance on this matter, the fact that Twitter has decided not to permit political advertising will put additional pressure on the social media giant.

Staying safe on social media

The Facebook/Cambridge Analytica scandal highlighted what can happen when we share our data online. In this case, a researcher garnered details on the likes and habits of Facebook users (without their consent) via a personality quiz app called ‘This is Your Digital Life’. Cambridge Analytica then used this data to target users with political messaging. Facebook has since been fined £500,000 by the ICO for this data privacy violation (although Facebook has refused to accept liability).

But, despite the media attention this case received – and the possible impact on our democracy- it seems that plenty of us are still willing to hand over our information without thinking about the consequences.

It is absolutely right that we are demanding that social media organisations look after our data with respect. But it is also crucial that we apply the same standards to our own behaviour if we want to stay safe.

For example, when using technology, we must be conscious of the data we are sharing, and how it can be used. On social media, this includes things like:

  • Not accepting friend requests from people you don’t know
  • Being careful about what you share online
  • Removing location data from your posts
  • Using a different password for all your accounts
  • Using two-factor authentication
  • Checking the privacy settings of all your accounts/apps/games etc.
  • Not downloading suspicious apps
  • Thinking twice before clicking on any links
  • Reading the T&Cs of any games or apps you want to use
  • Being aware of common phishing techniques and keeping an eye out for fraudsters who attempt to gather additional personal information
  • Not accepting any ‘news’ at face value.

Today, social media is part of everyday life. So we would never suggest that you stop using it if you don’t want to. In fact, at Hayes Connor, we believe that raising awareness of cybersecurity issues will help to protect ourselves as individuals. And you can get more advice on how to keep your data safe, from us on Twitter and Facebook. But it is vital to follow some simple steps to stay safe.

 

bank data breach
, , ,

What can you do if you are the victim of a bank data breach?

Financial data breaches and cyber attacks are on the rise. Not only did retail banking see 2400% more data breach reports last year than the year before, but breaches in a whole range of companies are putting our financial data at risk. For example, following the Ticketmaster data breach, over 60% of all our clients went on to suffer multiple fraudulent transactions on their payment cards.

What is causing financial data breaches and cyber attacks?

In 2018, seven UK retail banks, including Santander, Royal Bank of Scotland, Barclays and Tesco Bank suffered sustained attacks. These attacks cost them hundreds of thousands of pounds. Furthermore, over £500m was stolen from British banking customers in the first half of 2018.

Cryptocurrency is also being targeted by criminals. In fact, each year, the equivalent of millions of pounds is being stolen from cryptocurrency holdings. As such, cryptocurrency fraud is a very serious crime.

There are a few reasons why data breaches and hacks are happening. These include:

Cyber attacks

 A cyber-attack can take many forms including financial data hacks, financial phishing attacks, bank and credit card takeover fraud and push payment scams.

To make matters worse, cybercriminals are becoming increasingly sophisticated. For example, AI-assisted imposters are set to become an increased threat. With machine-learning and the Internet of Things (IoT) helping to make existing cyber-attack efforts faster, more formidable, and more effective.

Inadequate security processes

In many cases, financial data breaches happen because of a failure to implement reasonable and robust processes.

This can include things like not implementing or updating secure firewalls, password controls, operating systems, anti-virus and anti-malware software or reliable encryption. Also, companies that fail to establish regular and robust backup processes or don’t take steps to identify, record and secure personal data are putting this information at risk.

 Human error

It is human error rather than cybercrime that is the biggest cause of financial data breaches. In fact, in the UK, 88% of data breaches caused by human error, not cyberattacks.

Typical examples of such errors include:

  • Sending sensitive data to the wrong recipient (via email, post or fax)
  • The loss of paperwork
  • Forgetting to redact data
  • Storing data in an insecure location
  • Losing devices such as laptops, phones and tablets
  • Staff deliberately ignoring data protection policies
  • Managers not training staff on data protection
  • Leaving sensitive information online without any password restrictions.

How can you protect yourself following a financial data breach or cyber attack?

To protect yourself following a financial data breach you should:

  • Contact your bank/credit card provider immediately
  • Consider a credit freeze until the matter is resolved
  • Report the scam to the police and contact Action Fraud for advice on what to do next
  • Keep an eye on your bank and credit card statements to see if there is anything you don’t recognise
  • Let the credit reference agencies know of any activity that was not down to you
  • Register with the Cifas protective registration service. This will slow down credit applications made in your name with additional verification checks made to ascertain that the applicant is actually you.

For more advice on how to keep your data safe, follow us on Twitter and Facebook. Alternatively, if you have been the victim of a financial data breach or cyber fraud give us a call to discuss your case in more depth.

Making a financial data breach claim

If you want to claim compensation for a financial data breach case, our professional, friendly team will advise you on whether you have a valid claim. Our process is fully compliant with ICO guidance, and we never put your details at risk. We will NEVER pass your details onto anyone without your permission.

 

social media scam
,

Would you fall for this social media scam?

Cybercriminals are targeting people’s social media accounts in a bid to steal money and personal details. In fact, according to reports, a staggering 53% of all logins on social media websites are fraudulent, and 25% of all new accounts are fake[1]. And, while we have all heard about how people are using Facebook and other channels to spread fake news and influence elections, for some people, the consequences are much closer to home. So how can you protect yourself from social media scams?

Facebook PayPal Fraud

In one recent case, a Facebook user received a message from a friend on Facebook claiming he was having trouble with his PayPal account. The friend asked if he would accept some eBay payments on his behalf, and then send the money on to him.

While many of us might be suspicious if we were asked to give money to someone, most people are far less likely to worry about receiving cash. So, being the good friend he was, he accepted two payments and sent them on to the bank details provided.

However, as soon as the money had left his account, he got a message from PayPal saying that the payments he had received were fraudulent, and as such, were being reversed. This left the unwitting victim £300 out-of-pocket. Needless to say, his real friend had never asked for, or received any money.

To make matters worse, PayPal took no responsibility for the stolen cash. And, the young man learned the hard way that you should never take any requests to send money at face value, even if they seem legit.

What can you do to protect yourself from similar social media scams?

When using technology, we must be conscious of the data we are sharing, and how it can be used. Here are some quick tips to keep you safe on social media.

  • Don’t assume a message is authentic. Just because someone knows some personal information about you (i.e. your address, mother’s maiden name etc.), that doesn’t mean they are genuine
  • Don’t accept friend requests from people you don’t know
  • Be careful about what you share online (e.g. avoid answering questions like “what was your mother’s maiden name” and “what was the name of your first pet”. Even if they seem to be part of a harmless quiz or post)
  • Remove location data from your posts
  • Use a different password for all your accounts
  • Use two-factor authentication
  • Check the privacy settings of all your accounts
  • Don’t download suspicious apps
  • Think twice before clicking on any links
  • Read the T&Cs of any games or apps you want to use
  • Always check with friends (offline) if they ask you to send money or do anything you are unsure about
  • Keep an eye out for fraudsters looking to gather personal information about you or someone you know
  • Never disclose security details such as your PIN or full banking password to anyone (including anyone claiming to be from your bank)
  • Know that banks or other trusted organisations will never contact you and ask you to transfer money to a secure account
  • If something doesn’t feel right listen to your instincts
  • If you’re worried that you may be at risk, report it to your bank, the Police or Action Fraud straight away.

Today, social media is part of everyday life. So, we would never suggest that you stop using it. But following these simple steps can help you to stay safe.

Get digitally aware

At Hayes Connor Solicitors, we want to reduce the number of data violations and successful cyber scams taking place across the UK. To do this, we are raising awareness of this issue and educating people to help stop fraudsters in their tracks.

For more advice on how to keep safe, follow us on Twitter and Facebook.

Alternatively, if you have been the victim of an online scam, contact us find out how we can help you to recover any losses.


[1] Arkose Labs

cybercrime help
,

How to stay safe from cybercrime

With cybercrime rarely out of the news, it’s only natural that people are worried. Here’s are some top tips to help keep you safe from cybercrime and hackers.

Protect your finances from cybercriminals

  • Contact your bank or credit card provider if you are at all worried that your financial information could be at risk. For example, if you discover that you are the victim of a cybercrime or data breach
  • Keep an eye out for any bills or emails showing goods or services you haven’t ordered
  • Check your bank statements regularly for any unfamiliar transactions and alert your bank or card provider immediately if there is any suspicious activity
  • Be careful who you trust – criminals may try and trick you by telling you that you’ve been a victim of fraud. Cybercriminals often use this to draw you into the conversation, to scare you into acting and to reveal your security details
  • Don’t be rushed or pressured into making a decision. A trustworthy organisation would never force you to make a financial transaction on the spot
  • Keep an eye on your credit score for any unexpected changes
  • Understand that a genuine bank or other financial organisation will never contact you out of the blue to ask for your PIN or full password
  • Know that a legitimate bank or other business would never ask you to move money to another account for fraud reasons
  • Register with the Cifas protective registration service. This will slow down credit applications made in your name with additional verification checks made to ascertain that the applicant is actually you

Protect your personal data from cybercriminals

  • Do not click on any suspicious links. This could result in you giving a fraudster access to your personal or financial details
  • Beware of any unsolicited communications that refer you to a web page asking for personal data
  • Always question uninvited emails, calls, etc. in case it’s a scam. If you are at all unsure, contact the company directly using a known email or phone number
  • Don’t assume an email, phone call, text or social media message is authentic. Just because someone knows your details (such as your name and address or even your mother’s maiden name), it doesn’t mean they are genuine
  • Don’t accept friend requests from people you don’t know on social media
  • Regularly review your privacy settings on any social media platforms, website and apps you use
  • Change your passwords regularly
  • Use a different password for every account. If you are worried about remembering them all you could sign up to a password manager
  • Make sure your devices are protected by up-to-date internet security software
  • Know that cybercriminals can make any telephone number appear on your phone handset, so even if you recognise a name or number, or if it seems authentic, it might not be genuine
  • Listen to your instincts. If something feels wrong, then it is right to question it and refuse requests for personal or financial information. Stop the discussion if you do not feel in control of it

What if you think you are already the victim of a hacker or fraudster?

  • Report any suspected fraud to Action Fraud
  • If you have had money stolen, contact the police
  • Contact the ICO to let them know about your concerns if you are worried that a data breach has put your data at risk of cybercrime. The ICO might investigate the data breach and, while it does not award data breach compensation, if it believes that the organisation in question broke the law, you can use this information in court to help prove your claim
  • Make sure that if you are offered any form of compensation or free services from the organisation that put your data at risk, you check the small print. Be careful that in accepting an offer you are not giving away your rights to pursue a separate data breach compensation claim at a later date
  • If you want to make a cybercrime compensation claim – for loss of money or emotional distress – you should contact Hayes Connor Solicitors.

Making a cybercrime compensation claim

Our expert, online fraud and data protection solicitors will advise you on whether you have a valid cybercrime compensation claim and will be pleased to answer any questions you might have.

Our initial assessment is always free. We’ll ensure that you are fully informed on this matter and will notify you about your legal rights when making a claim.

For more advice on how to keep your data safe from cybercrime, follow Hayes Connor Solicitors – the data protection experts – on Twitter and Facebook.

cybercrime
,

99% of cybercrime insurance claims are successful

The Association of British Insurers (ABI) – an organisation that represents the insurance industry – has asked that anonymised cyber breach data be made publicly available. The ABI feels that this is necessary for insurers to accurately gauge the level of risk when it comes to cybercrime, and set the price of cyber insurance.

Why is cyber insurance important?

Data breaches and cybercrime can be devastating for victims. At Hayes Connor, every day, we hear about how privacy violations are causing misery and upset to people across the UK; often because of simple human errors.

But it’s not just victims of data breaches that suffer long-term effects of cybercrime and privacy violations. Organisations of all types and sizes can also find it difficult to recover.

Some of the possible consequences faced by companies that fail to keep their data safe include:

  • Loss of time and money due to having to repair affected systems and disruption to trading
  • Loss of reputational damage and sales (lack of trust from current and potential customers)
  • Loss due to the legal consequences of a data breach (e.g. fines, legal fees and compensation payments)
  • Loss of competitive advantage due to the theft of trade secrets or copyrighted material
  • Having to pay fraudsters (cyber extortion)
  • Rises in insurance premiums.

What has changed?

Until recently, the impact of a data breach on a business, while damaging, probably wasn’t too bad. But, since the introduction of the General Data Protection Regulation (GDPR), fines have skyrocketed.

The Information Commissioner’s Office (ICO) has announced that it plans to fine the Marriott hotel nearly £100m. And British Airways is being fined £183 million for its high-profile data breach.

Also, according to the ABI, fewer and fewer companies are getting away with privacy violations, with claims payout rates reaching 99%. This is one of the highest claims acceptance rates across all insurance products.

In 2018, nearly half of all UK businesses fell victim to cyberattacks or security breaches[1]. And, almost 30 million cyber-related crimes took place in the last quarter of last year[2]. So, it is clear why insurance companies are now asking for this data.

Standard insurance policies do not cover cyber risk

Despite the rise in cybercrime, many UK organisations are still failing to insure themselves against the threat of a data breach. In fact, according to the ABI, only 11% of UK companies are said to have specific cyber insurance.

But standard insurance policies do not cover cyber risk. So, every business must now consider cyber insurance to take preventative measures in the face of hackers. Because if a data breach claim is made against a company, and it is found liable for data privacy errors, the consequences of not being covered could be catastrophic.

What happens now?

A spokesperson for the ABI said: “Data is key to insurers’ ability to better understand and more accurately price cyber risk. We need the ICO to work with us to find what data can be shared to help insurers provide more cover to the many businesses that need it in this digital age”.

The ICO has yet to agree to the request from the ABI, but a solution must be found to help protect everyone involved. Because cybercrime and data breaches are not going away.

Cyber insurance helps victims of cybercrime

At Hayes Connor, we’ve seen cases where experiencing a data breach has resulted in adverse life events. For example, losing money, having to move to a new house or area, losing a job, relationship stress and separation, and dislocation from friends and family. All of which can be emotionally and financially stressful.

In most cases, victims try to engage with the organisations responsible, but are rebuffed or provided with wholly inadequate excuses. In almost all cases, the organisation at fault fails to recognise the damage caused by the breach and loss.

Often this failure to provide adequate redress to the victims of data breaches comes from fear. Fear that giving proper compensation could put an organisation out of business. But, with the right insurance in place – alongside improved data security processes – both companies and individuals would be better protected.

For more advice on how to keep your data safe, follow Hayes Connor Solicitors on Twitter and Facebook.

Alternatively, if you have been the victim of a data breach or cyber fraud, find out how we can help you to recover any losses. Or give us a call to discuss your case in more depth.


[1] 2018 Cyber Security Breaches Survey

[2] Kaspersky

cybercrime
,

Common types of cybercrime to watch out for

According to police statistics, more than £190,000 a day is lost in the UK by victims of cybercrime. If you are worried about the threat of cybercrime, here is some useful info on some of the most common types of cyber-scams to watch out for.

419 Fraud

 This is one of the oldest and most popular internet scams. Typically people will receive an email, text or social media message claiming to be from an official government member, a businessman or a member of a very wealthy family member.

The scammer asks for help in retrieving funds in exchange for a very large sum of money. Typically, requests for money for additional services increase, but the promised payback never arrives.

Our advice: If you receive a letter, text or e-mail asking you to send banking information or money, do not reply in any manner.

Phishing attacks

Phishing scammers use emails, texts, websites, phone calls and social media to access your data, your computer, or your financial accounts. Their ultimate goal is to steal your money and/or personal information.

Our advice: Always question uninvited emails, calls, texts, etc. Instead, contact the company directly using a known email or phone number. Find out more about phishing attacks.

Lottery scam

This is another common type of scam that is still doing the rounds. With a lottery scam you receive an email letting you know that you won a huge amount of money.  But, to claim your winnings, you need to pay a small fee.

Our advice: If you did not play, either by buying a ticket or playing online, you cannot win. If the email does come from a company know to you (e.g. the National Lottery), login to its website using the Google web address (not the one provided in the email) to check your winnings. You will never be asked to pay a handling fee or any sort of charge by a legitimate company for your winnings to be released.

Social media fraud

Cybercriminals are targeting people’s social media accounts in a bid to steal personal details and leave victims at risk of identity theft.

Our advice: It is absolutely right that we are demanding that organisations look after our data with respect, but it is also crucial that we apply the same standards to our own behaviour if we want to stay safe. For example, when using technology, we must be conscious of the data we are sharing, and how it can be used. Find out if you are sharing too much on social media.

Bank and credit card takeover fraud

Takeover fraud happens when a criminal uses another person’s account information (e.g. a credit card number) to buy products and services. Takeover fraud is also used by scammers to extract funds from a person’s bank account.

Our advice: Takeover fraud can be hard to avoid. Often because victims may have had their data exposed in a data breach. If you have been a victim of this form of cybercrime, Hayes Connor Solicitors can help you to understand what you should do about the takeover fraud. Find out more about takeover fraud and how we can help.

Push payment scams

Push payment fraud (also called APP fraud) happens when cybercriminals deceive individuals into sending them money. Because the victim believes the fraudster to be genuine, they authorise the handover of cash.

Typical push payment scams include:

  • Sending falsified invoices that look exactly like ones victims are expecting (e.g. from a child’s school or a legitimate tradesperson)
  • Convincing people to transfer money to someone official, such as a solicitor (e.g. when buying a house)
  • Conning people to transfer cash into fraudulent bank accounts
  • Sending emails pretending to be from a friend asking for money.

Our advice: Find out more about push payment fraud here. 

Blackmail

This type of scam is becoming increasingly common. Cybercriminals will send you an email saying that they have compromising videos/photographs of you and will send them to everyone you know unless you pay up. To create the appearance of danger, the message is often filled with details about your life. In many cases, this information has been collected from a personal blog or social media account.

Our advice: Do not reply in any manner.

Romantic scams

Many people use the internet to find love. Be that an online dating site or social media platforms like Facebook, Twitter and Instagram.

But you need to be very careful, because you never know who you might meet online and scammers are using the internet to target victims all over the world.

Our advice: Find out more about dating fraud and how to protect yourself here.

Malware attacks

Typically, cybercriminals send emails to their target users, encouraging them to download malware onto their computers inadvertently. Once installed, these criminals can use the malware to spy on online activities, steal personal and financial information or hack into other systems.

Our advice: Never click on any suspicious links – even if it looks like they have been sent by someone you know.

What to do if you are the victim of a cybercrime

If you have been the victim of a cyber scam, you should contact Action Fraud ASAP. Action Fraud is the national fraud reporting service. However, if you have lost money as a result of the scam, you must also report it as a crime.

For a much bigger list of know scams, check out Action Fraud’s A-Z of fraud here.

Helping to keep you safe from cybercriminals

For more advice on how to keep your data safe, follow Hayes Connor Solicitors on Twitter and Facebook.

Alternatively, if you are the victim of cybercrime, you may be able to claim compensation. At Hayes Connor Solicitors, we’ve been helping people to achieve the redress they deserve for over 50 years, so we know what it takes to make a successful cybercrime claim.

FIND OUT MORE ABOUT CYBERCRIME COMPENSATION