Your safety and the security of your money is our highest priority, and we implement stringent safeguarding measures to protect all our customers. However, it’s also important for you to take steps to shield yourself from fraud.
To assist you in identifying potential scams and staying secure, we are publishing a series of articles focused on fraud protection. This article specifically addresses spear phishing scams.
What is a spear phishing scam?
Spear-phishing is a highly targeted form of fraud that uses personalised messages to trick individuals into revealing sensitive information, clicking malicious links, or making payments.
In contrast to traditional phishing scams, which are sent to large numbers of people with generic messaging, spear-phishing attacks are carefully crafted using information about a specific victim. Fraudsters often gather details from social media profiles, company websites, online directories, or previous data breaches to make their communications appear authentic.
The scammer may pretend to be a colleague, solicitor, accountant, friend, family member, or representative of a trusted organisation. By including familiar details and references to genuine events, they create a false sense of trust that makes the scam far more convincing.
These attacks can arrive via email, text message, social media platforms, or messaging apps and often involve requests for urgent action, financial transfers, login credentials, or confidential information.
An example of phishing fraud
David was in the process of purchasing a holiday home overseas and had been communicating regularly with estate agents and solicitors involved in the transaction.
Around the same time, he shared a social media post celebrating his birthday and mentioning his upcoming move abroad. A few days later, he received an email that appeared to come from his solicitor.
The email looked genuine. It used the correct tone, referenced the property purchase, and even included a belated birthday greeting. The message explained that payment arrangements had changed at the last minute and provided updated bank account details for the transfer.
The email stressed that the payment needed to be made immediately to avoid delays and requested that David keep the matter confidential while the arrangements were finalised.
Believing the message was legitimate, David transferred the funds.
Later that day, after speaking with his solicitor directly, he discovered the truth. The email had been sent by a fraudster who had used publicly available information to build a convincing impersonation. The bank details belonged to a criminal account, and the money had already been transferred.
Five tips on how to protect yourself
- Be wary of unexpected requests
Always treat unexpected requests for payments, sensitive information, or urgent action with caution, even if they appear to come from someone you know. Fraudsters often rely on familiarity to lower your guard.
- Don’t let urgency influence your decisions
Messages that demand immediate action, secrecy, or rapid payments should raise concerns. Taking a few moments to verify a request could prevent significant financial loss.
- Confirm requests through a separate channel
If someone asks you to transfer money or share confidential information, verify the request independently. Call the individual or organisation using contact details you already know rather than those provided in the message.
- Check for subtle warning signs
Even sophisticated scams can contain clues. Look carefully for slight changes in email addresses, unusual language, unexpected attachments, or requests that fall outside normal procedures.
- Limit the information you share publicly
Fraudsters often build their scams using information gathered from social media and other public sources. Reviewing your privacy settings and being selective about what you share online can reduce your exposure.
If someone targets you
If you think you’ve received a spear-phishing message, stop engaging with it immediately. Do not click links, download attachments, or provide any additional information.
If you’ve shared sensitive information, change any affected passwords as soon as possible and enable multi-factor authentication where available.
If money has been transferred, contact your bank or payment provider immediately. Acting quickly may improve the chances of preventing further losses.
You should also report the incident to Action Fraud by calling 0300 123 2040 or using their online reporting tool. Suspected scam emails can be forwarded to [email protected], while suspicious websites should be reported to the National Cyber Security Centre (NCSC).
More information on spear phishing scams
For more information on how to detect and protect yourself from spear phishing scams, visit the CIFAS and Action Fraud websites, which both offer plenty of useful resources and guidance.
If you’ve been a victim of spear phishing, organisations like Victim Support offer free specialist help and resources.Finally, if you’re worried that your TorFX account may be at risk, contact us as soon as possible and we’ll be happy to help. You can also download our app, or use our online platform, to keep an eye on your transfers.