David Emm, Principal Security Researcher at Kaspersky Lab:
“It’s interesting to see TSB take the step of reassuring customers that it will reimburse customers if they fall victim to fraud. It will be even more interesting to see how far they’re prepared to take this. Given the potential costs involved, it’s unlikely that banks will have a blanket policy on this and will instead continue to look at each case on an individual basis and decide whether or not the victim took reasonable steps to secure themselves.
“With almost every area of our daily lives now being online, fraud is a very real threat and the responsibility to protect against it should be shared between banks, businesses and consumers; however, the responsibility lies with the consumer to remain vigilant.
“There are some tell-tale signs that indicate that something is a phishing message (for example, banks and other organisations never send e-mails asking for confidential data) so, if you receive such an e-mail, assume it’s phishing. Remember, if it looks important, and you’re not sure, you should always call to check. Phishing relies on social engineering, i.e. manipulating human psychology. So, there are always new ways to try and trick people, and just like road safety, it’s best to adopt a security culture that will keep you safe in any situation – not just some that you’ve practised. For example, it’s best never to click on links in e-mails; if you adopt this rule, you never need to rely on being able to distinguish a real link from a phishing link.
Kaspersky Lab recommends the following to help you reduce the amount of spam email you receive, therefore decreasing the risk of being a target of phishing attacks:
- Use Internet security software: Installing updates as soon as they are available and using unique, complex passwords for online accounts.
- Set up multiple email addresses: It’s a good idea to have at least two email addresses:
– Private email address – This should only be used for personal correspondence, and should never be published on publicly accessible online resources.
– Public email address – Use this address when you need to register on public forums and in chat rooms, or to subscribe to mailing lists and other Internet services. Treat it as a temporary address and don’t be afraid to change it if you start getting inundated with junk mail.
- Never respond to any unsolicited message or click on attachments or links: Most spammers verify receipt and log responses. The more you respond, the more spam you’re likely to receive.
- Think before you click ‘unsubscribe’: Spammers send fake unsubscribe letters in an attempt to collect active email addresses. If you click ‘unsubscribe’ in one of these letters, it may simply increase the amount of spam you receive. Do not click on ‘unsubscribe’ links in emails that come from unknown sources.
- Keep your browser updated: Make sure that you use the latest version of your web browser and that all of the latest Internet security patches have been applied.
- Use anti-spamfilters : Only open email accounts with providers that include spam filtering. Choose an antivirus and Internet security solution that also includes advanced anti-spam features.