How I nearly fell for a basic phishing scam

Rights, Scams and Politics

Updated on 08 August 2018 | 4 Comments

Despite years of writing about staying safe online, John Fitzsimons nearly fell for a simple phishing scam, all because of the way it was presented.

I like to think I’m pretty good at avoiding phishing scams.

Sure, there are the obvious ones which are easy to sidestep - just this morning I got an email promising a “Donation Of One Million British Pounds In Good Faith From The Neil Trotter Foundation” (their caps) which isn’t going to fool too many recipients.

But even with the more subtle and professional ones, the alarm bells usually go off nice and early, ensuring I don’t fall victim.

Yet today, for the first time since I was a teenager, I was almost tricked into clicking an iffy link in a phishing message. And it’s all because of how it was sent.

What is a phishing scam?

First off, it’s useful to remind ourselves of precisely what a phishing scam actually is.

Essentially, it’s a dodgy message that is sent your way which contains a shady link or attachment, which the scammers hope that you will click on. Doing so may take you over to a website which may look legitimate but which is built to encourage you to share certain personal details which the scammers can then use to commit identity fraud.

Alternatively, clicking the link may result in malware being installed on your device, which can then help the fraudsters get their hands on those same details.

It’s notable that while overall levels of fraud have fallen according to data from fraud prevention service CIFAS, identity fraud rose to a new record high last year.

In total there were more than 174,000 reported cases from CIFAS members, up by an incredible 125% on a decade ago.

16 common email scams and how to spot them

Why this phishing scam was different

The scam was a message I received on my LinkedIn account.

It was an invite to ‘review a proposal and come back to me’, with a link to an apparent document on Google Drive.

Now, if I get an odd-looking email I reckon I’ll realise that something is off pretty swiftly. Similarly, if a text message arrives inviting me to click through to a link in order to ‘unblock my PayPal account’ or some other rubbish, again I think I’m going to realise it’s a scam almost immediately.

But I think the reason I almost got caught out by this latest scam is that it didn’t arrive via email or text message but on LinkedIn of all places.

For those that are blissfully unaware, LinkedIn is a professional social media platform - it’s basically Facebook for businesses. Most of the time it’s a wretched hive of humble and not so 'humble bragging', but I have found it particularly useful since going freelance in terms of hustling for work (more on the freelance life here).

LinkedIn users are at risk of being scammed (image: PA)

And that’s what caught me out. It isn’t unusual for me to get a message on LinkedIn out of the blue from someone I first ‘linked’ with years ago to discuss some work, and at first glance that’s what this message appeared to be about.

The fact that it popped up on my phone, rather than while I was sat working on my laptop, also contributed to catching me off guard.

Thankfully, I didn’t click immediately, instead, I took a moment to reread the message. And suddenly the fact it was a scam - with the trademark clunky language so often used by scammers for whom English is not their first language - was as clear as day.

Read our full guide to avoiding phishing, identity theft and other scams here

Targeting LinkedIn users

There’s obviously something about LinkedIn, in particular, that is proving attractive to scammers.

A new report from US security experts KnowBe4 found that of the most successful phishing scam emails in the last quarter which were tied to social media, almost half were in some way related to LinkedIn, whether they were invited to connect to a network, an individual or a notification that a message had been received.

I think this may be down to simply wanting to feel wanted in a professional sense. I’m not daft or greedy enough to think that the Neil Trotter Foundation really wants to send me a million quid, but I am absolutely eager enough for further work that I could be tricked into clicking an iffy link from someone who appears to be legit.

It’s like any phishing scam really, playing off our instinct to just want more, but with just enough of a credible facade that it might bypass our usual cautious instincts. The experience has been welcome in that it's shaken me out of the complacency I had in believing that I was scam proof.

If you've been sent a scam email or message, or are the victim of a scam, contact Action Fraud today

Comments

Be the first to comment

Do you want to comment on this article? You need to be signed in for this feature

Copyright © lovemoney.com All rights reserved.

 

loveMONEY.com Financial Services Limited is authorised and regulated by the Financial Conduct Authority (FCA) with Firm Reference Number (FRN): 479153.

loveMONEY.com is a company registered in England & Wales (Company Number: 7406028) with its registered address at First Floor Ridgeland House, 15 Carfax, Horsham, West Sussex, RH12 1DY, United Kingdom. loveMONEY.com Limited operates under the trading name of loveMONEY.com Financial Services Limited. We operate as a credit broker for consumer credit and do not lend directly. Our company maintains relationships with various affiliates and lenders, which we may promote within our editorial content in emails and on featured partner pages through affiliate links. Please note, that we may receive commission payments from some of the product and service providers featured on our website. In line with Consumer Duty regulations, we assess our partners to ensure they offer fair value, are transparent, and cater to the needs of all customers, including vulnerable groups. We continuously review our practices to ensure compliance with these standards. While we make every effort to ensure the accuracy and currency of our editorial content, users should independently verify information with their chosen product or service provider. This can be done by reviewing the product landing page information and the terms and conditions associated with the product. If you are uncertain whether a product is suitable, we strongly recommend seeking advice from a regulated independent financial advisor before applying for the products.