Watch out for cyber scams!

Phishing, vishing, spoofing, smishing – scammers are forever devising new ways to trick us online or through devices such as our mobile phones. In this article, myLIFE explains how to spot the danger and sets out the steps we can all take to stay safe.

Anyone using the internet, whether to make payments, communicate or just search for information, is a potential target for cybercriminals. This type of criminal activity involves fraudulently obtaining or trying to obtain something from another person, such as money or login details for banking apps.

Thieves and hackers rely on individuals being careless or unaware of the threat, and they have been particularly active and ingenious since the start of the COVID-19 crisis. Nobody is completely immune to the danger, but knowing what to look out for can help us avoid difficult situations. After all, forewarned is forearmed. With that in mind, let’s go through some of the main categories of cyber scam and the habits that will help us avoid being duped.

Phishing: fishing for personal data

The most well-known cyber scam is called phishing. This form of cyberattack, which preys on any gullibility and weakness you may have, involves tricking you with fake emails containing links to fraudulent websites that look almost identical to genuine banking or transactional sites. The aim is to harvest your personal data, banking details or other sensitive information, either by using spyware or by getting you to disclose it without even realising that you’re not on the original website you thought you were visiting. As soon as you open an attachment or click on a link, you’re already on the hook.

Here are a few top tips to help you avoid nasty surprises:

• • never open an attachment from an unknown sender without scanning it with antivirus software first;
  • always restrict access to your personal information via login details, passwords or codes;
  • don’t use the same password to access multiple sensitive websites, such as bank accounts, your MyGuichet account or other websites;
  • keep your software up to date;
  • check the URL of the web links you receive by copying and pasting them into your browser. Never click on a link if you suspect there could be an issue;
  • check the spelling in the URLs you receive. For example, “.lu” might have been replaced with “.eu” or “luxtrust” might be spelt “luxtruzt”;
  • watch out for spelling and grammar mistakes in the body of the email and make sure that addresses are consistent;
  • only click on secure links (starting “https”) and type the address into your browser yourself if you’re not sure, entering the address you would normally use to visit the website of your bank or a public authority, for example;
  • use your browser’s security tools to check that the link is safe (padlock in the address bar);
  • etc.

Spoofing is where a hacker steals someone’s electronic identity to commit crimes online.

Spoofing: electronic identity theft

Spoofing is where a hacker steals someone’s electronic identity (domain name, email address or IP address) to commit crimes online. Attacks fall into one of three categories. Email spoofing involves sending you emails from existing addresses. When you open them, they infect your computer with a virus. IP spoofing involves taking over an IP address. Lastly, smart spoofing is where a hacker uses the victim’s IP address to gain access to their apps and, in some instances, take down their firewalls. This scam allows the cybercriminal to conceal their true identity by hiding behind someone else’s. That’s why this type of attack is often very hard to detect.

However, there are several clues that could alert you to a potential threat. Here’s how to spot them:

• • check the email address carefully and make sure that it is exactly the same as that of a sender you know (it could be that only one character has been changed);
  • examine the design and content of the website provided (sloppy design and spelling mistakes are a giveaway that it could be a scam). If you have any doubts at all, type the website URL into your browser manually rather than clicking on a link;
  • avoid opening pop-up windows and never disclose personal details. Consider blocking pop-ups altogether;
  • right-click on an email address to see the “genuine” email address behind the stolen identity label.

Don’t click on the link in the email – open your banking website in your browser instead. And remember that we’re not just talking about your computer or tablet. You should be just as careful when you’re browsing the internet on your smartphone or if someone calls you.

Smishing: watch out for fraudulent text messages!

Based on the same principle as phishing, smishing is a technique that involves using text messages to try to steal your data, for example by prompting you to update your details. There is almost no chance that your bank will contact you by text, and no chance at all that it will do so to ask for your personal data. Messages like this are always sent via secure messaging.

You can avoid falling victim to smishing by getting into the right habits:

• • don’t open unsolicited text messages; if you really want to read the message, always check the sender first;
  • ignore text messages flagged as “urgent” or “respond quickly”;
  • never click on links or attachments in text messages;
  • never reply to a message asking you to share your passwords or personal data.

Any suggestion of urgency or compulsion should set the alarm bells ringing. Don’t let anyone put you under pressure.

Vishing: striking a nerve

Emails and text messages are not the only channels used by hackers. Have you ever received a phone call from an unknown or suspicious number? Has a warning popped up on your computer screen about a supposed problem, instructing you to call a freephone number for technical support? If so, these could have been attempts at vishing. With vishing (a combination of “voice” and “phishing”), the hacker will try to get you to do something they claim is in your best interests. Of course, it’s nothing of the sort!

But there are simple steps you can take to protect yourself against attempted fraud.

• • Check that the number being used is your bank’s genuine phone number. If you have any doubts, or if the number has been withheld, you can always hang up and call your bank back by dialling the number yourself to make sure that you’re actually speaking with a bank employee.
  • If the person on the line wants you to act immediately, watch out! Any suggestion of urgency or compulsion should set the alarm bells ringing. Don’t let anyone put you under pressure.
  • On the phone, ask these so-called “specialists” for the information you need to check their identity and, as we suggested above, contact the organisation in question to check if the person calling you really works there.
  • Stay calm and write down all the information provided by the caller. Conversely, never disclose your personal information (the PIN for your card or login details for online banking services).
  • Have you received a call or voice message from someone offering their services? Don’t call the number!

However scammers try to target you, always take the time to contact your bank via the official channels if you’re unsure. Your bank will offer advice and help you to the best of its ability, even if the damage has already been done.

Cyber scams, which exploit our blind spots and trust, are becoming increasingly common and sophisticated. Endlessly creative hackers are constantly coming up with new ways to get their hands on our personal and banking data. But it’s entirely possible to avoid these pitfalls and protect sensitive information by getting into the right habits and staying calm. As a general rule, you will never be asked for login details or passwords over the phone or via any means of communication other than the official website or app used by your bank or a public authority. If you have any doubts, stop what you’re doing and call your bank or the public authority directly.