CYBERCRIME AND PHISHING EMAILS
The pandemic continues to bring an increase in Cyber Crimes and over recent weeks we have seen many phishing emails that are now becoming very sophisticated. Therefore, it is important to be vigilant. Please take a few minutes to read this information, which although it may seem long and dull, we hope will assist you in understanding how these threats work, what you can do and importantly, how to recognise when Affinity communications are genuine.
WHAT ARE PHISHING EMAILS?
Phishing emails are generally fake emails that are used as a bait to lure you into either clicking on a link or to engage with the sender. Clicking on links can be dangerous as they may take you to dodgy websites which could download viruses or software that can steal passwords. Engaging with the sender can often be with the aim of you transferring money for a fictitious transaction.
An increasing number of phishing emails that we see are aiming at creating interaction. These emails may often look like they are genuine, but they are malicious and generally aiming to get you to either give away sensitive, personal information or to transfer money.
WHAT TO LOOK OUT FOR
Check the ‘from’ address – Although an email may look like it has come from someone, or a Company that you recognise, check the from address; often there is a bizarre email address behind what looks like a genuine sender name. Alternatively, the email address may be slightly different, be careful to look for minor differences, perhaps an ‘s’ at the end of a company name that is not normally there, for example – ‘ifa-affinity’ is our correct domain address, whereas a scam version may be ‘ifa-affinitys’. To find out if there is a fraudster behind what looks like a genuine sender, use your mouse to hover the cursor over or right click on the sender name and you should see the email address behind it.
Is the Greeting impersonal/unusual – You will often find that you are not greeted in the same way, or perhaps wording and/or grammar is not of the type you would normally expect from this sender. If the type of content is unusual for the sender, then trust your instincts and check it out further.
We would like to take this opportunity to outline the types of emails that you would never receive from Affinity, or your individual advisors.
We would never email you randomly suggesting any potential investment ideas or solutions, nor would we send you any investment literature without either having had a conversation with you beforehand or a specific request from you to do so.
As regulated investment advisers, we are required to follow regulatory processes, which means that we would always outline in a full report, any new investment proposals and why they are suitable for your needs.This report would be prior to any new transaction being undertaken and would be specific to you, would outline your circumstances and objectives and would be because of ongoing discussions. It would never be a random speculative one-off contact.
We would never ask you to transfer any funds to an Affinity Account, nor would we ask you to transfer funds to an Investment Provider without any discussion or relevant reports beforehand.
Therefore, in the unlikely event, that you receive any random emails that look as though they may have come from either your advisor, the Affinity team, or any of the Investment Companies that we work with, perhaps identifying potential investment ideas, or suggesting you transfer any funds, these are likely to be fraudulent so please do let us know, so that they can be reported.
If you are ever in any doubt, please do not act and please telephone us.
Emails that you receive from Affinity will generally be the individual’s ‘initials’@ifa-affinity.co.uk. This will apply to any direct email communication that you receive from either your advisor or any of our administration team. In addition to this, you may sometimes receive an email from firstname.lastname@example.org, for example this type of communication has been sent using this email system. This is a genuine email from us and is part of the industry software that we use, which you can rest assured is safe and secure. We intend to add to this type of communication further in the coming weeks, to make it easier for you to identify that this is a legitimate communication.
WHAT CAN YOU DO?
- Use a strong and separate password for your email
- Consider changing your email password periodically
- Ensure devices are updated regularly
- Use of two-factor authentication (2FA)
- Do not click on links or open emails from senders that you do not know
- Always do your homework before you give away any personal information
The following websites are also useful sources of information and guidance in relation to cybercrime
If you have an insurance policy or protection cover, be aware of a new type of scam. These scams usually involve a call from someone pretending to be an insurance provider, offering the same cover you have now for a lower premium. These calls can sound convincing, but make sure you check it’s legitimate before handing over any financial information or money.
Finally, we would like to remind you that if you have not already done so, you can register for your own personal portal with Affinity, that enables you to access documents and communicate with Affinity and your Adviser securely.
We appreciate that many companies are using online portals and that this does not suit everyone. We remain committed to ensuring that our clients can choose how they interact with us, so there is no obligation for you to use this route, however, in the current environment and with Cybercrime being such a major issue, it does provide an additional layer of security. If you would like to find out more, please do contact us by emailing Kelly on email@example.com and we can send you an information pack.
In the meantime, stay safe and well and take care to be vigilant!