BFBS stamps down on cyber-criminals

Social media can be a place for fun interactions and connecting with our loved ones, but cyber-criminals are targeting platforms such as Facebook and using phishing techniques to steal our hard-earned cash.

Listeners of BFBS the Forces Station have become the latest victims of this type of attack and BFBS Radio is keen to reassure the audience that it will never ask for any personal information such as bank details. 

To help raise awareness of this scam, broadcaster Amy Casey spoke with Karl Roberts, head of cyber security at BFBS, to find out how the scams work and how we can all protect ourselves.

• What is the Army's social media policy?
• National Cyber Force reveals how it keeps the UK safe
• New £50m UK centre to train top cyber experts

He said: "To put it quite simply, it's low risk for high reward.

"There's very little chance of these people being caught, but there is a great chance that somebody will click on a link and give over whatever details they're asking for. 

"Just imagine, if they message 1,000 people saying that they needed £100 to collect the prize winnings and 10% of those people actually click on the link and provide that money, that's £10,000 they've made." 

Broadcasters such as Amy and Ashley Paul have had their listeners targeted by a phishing campaign where their photo was used to create a fake profile to contact BFBS social media followers.

Under the pretence of winning a cash prize, the scammers asked them for money.

Social engineering - the varied ways criminals persuade their victims into revealing personal information such as bank details - is common and can take place when you are least expecting it, whether it be on social media, over the phone or even in person. 

There are a variety of different methods criminals use to gain access to our confidential information.

The term "phishing" is used to describe any malicious message sent by a criminal to steal personal information such as bank details from a victim.

Phishing attacks use email, texts (known as smishing), social media and phone calls (known as vishing). 

Fake messages imitating legitimate communications can sometimes be very convincing. 

So do stop and think before clicking a link because it might contain malicious software or take you to a fake website. 

How can companies like BFBS protect people from being the victims of cyber-crime while interacting with their content? 

Mr Roberts said arming ourselves with knowledge is the best way forward.

He explained: "When it comes to social media phishing like this, it's down to the actual social media companies themselves to be able to recognise and hopefully validate better the person who's creating an account is actually the person they're claiming to be. 

"The best defence that we have really is just being very careful of how we interact with any sort of messaging that comes through to us and to really look at are they who they claim to be when they're messaging us." 

Cyber-attacks like phishing are more common than you might think.

Every person with a digital footprint such as an email or social media account is highly likely to be targeted by cyber-criminals in some way, shape or form. 

It might just be a very simple email, pretending to be somebody else that the potential victim might know. 

There are many different ways cyber-criminals will try to get our money and they're very creative and often convincing. 

How can we safeguard ourselves from cyber-attacks? 

Mr Roberts has some useful advice to keep ourselves safe, saying: "If it's social media... just take a look at the actual profile of the person. 

"If they've got very little interactions, if they don't have a lot of friends, that's normally a quite a common sign that they're not genuine at all. 

"If you do get a message and you're busy, leave it until you're in a better headspace where you can really take a good look.

"Look for spelling mistakes, that's a big one. 

"And also when it comes down to the branding itself of the organisation that's contacting you, make sure it's up to date. 

"Take a look at the actual company's website to make sure those brands match."

What should people do if they think they have had money stolen after a phishing attempt?  

Mr Roberts said suspected victims must contact their bank straight away, adding: "The sooner you let the bank know, the more chance they'll be able to recover any money that's been taken."  

What action can you take if you spot a phishing attempt?  

You can report a post or message on Facebook and even block the person attempting to interact with you. 

BFBS wants to do all it can to support any listeners who are worried that an interaction they're having with a member of staff isn't legitimate, so Mr Roberts said: "Let us know at BFBS and we'll be able to take a look as well."

You can contact [email protected] if you have any concerns about a possible phishing attack connected to BFBS and we will get back to you as a matter of urgency.