Guernsey’s Office of the Data Protection Authority (ODPA) is aware of phishing emails containing fake bills sent to islanders by scammers, claiming to be from Sure.
These can mimic the legitimate billing template quite convincingly. The email prompts users to click on a link to view their bill online, which could lead to a fake payment portal or a malware download.
Islanders who use CWGSY email accounts are being specifically targeted in this instance and should be particularly vigilant.
Bailiwick Data Protection Commissioner Brent Homan said: “Email phishing attempts from fraudsters spoofing legitimate service providers are a common tactic used to steal your data and money. Pausing to ‘think before you click’ can help protect you against such scams.”
Protect yourself and others! Guidance has been published which includes the following pointers:
- Check your billing email addresses you by name, rather than a generic ‘Sir/Madam’ or ‘customer’ greeting.
- Sure specifically will include your account number in a legitimate bill, which scammers typically will not have access to.
The ODPA also highlights the following advice:
- Practice vigilance. Texts and emails can easily be forged, attachments can contain malware that can steal your personal information. Someone you know may have had their account compromised.
- Check the email address of the sender. A billing email should come directly from the relevant organisation, and hovering over or previewing the sending account can reveal whether they are legitimate or not
- Verify suspicious emails by contacting the sender by an alternative, trusted channel such as the telephone.
- Be on guard for red flags. Is there an urgency to action or call-back? An uncharacteristic spelling mistake or formatting error? A link to a log in page? A phone number to call for help? An enticing attachment? Beware!
- Think before you click. Do you know this person or deal with this organisation? Is this how the person or company normally contacts you? Don’t open texts, attachments or emails without being sure of the sender.
- Protect your passwords. Use different passwords for different websites, accounts and devices. Two-factor authentication is best. And regularly update security settings.
If you have friends or family members who are less tech-literate, please share this guidance with them and help them to understand the warning signs.
