TalkTalk hack: What should I do?
By Chris Foxx
Telecoms provider TalkTalk is investigating a “significant and sustained cyber-attack” on its website in which some of its customer data may have been accessed.
The phone and broadband provider said it was too early to know what data had been stolen.
Unfortunately, many attackers target the vulnerable in the wake of a big cyber-attack, trying to trick them into handing over more of their personal information.
So what can you do to try to protect yourself from danger?
Beware of scam calls
Be wary if you receive any telephone calls claiming to be from TalkTalk, especially if the caller asks you for private information.
TalkTalk says it never asks customers to give their full passwords or Pin codes over the telephone.
“If you’re talking to somebody, think whether what you are saying is exactly the kind of information which would open up your bank account,” Daniel Dresner from the University of Manchester told BBC Breakfast.
“These companies don’t ask for that kind of information.”
If you are not sure whether a call from TalkTalk is genuine, ask for a reference number and call the company back yourself on 0870 444 1820.
Be careful with emails too
Attackers can send very convincing emails that look like they are from TalkTalk but are actually trying to gather your personal information.
They may even refer to the cyber-attack in an attempt to appear genuine.
Be suspicious if an email asks you to reply with personal information or click on a link. Criminals can set up official-looking websites to harvest your account details.
“I would caution against clicking links in emails you are unsure of – it’s always better to type the website address manually, to avoid the risk of being redirected to a phishing site,” said David Emm from security firm Kaspersky Lab.
If you suspect an email is not genuine, call the company’s customer service line and ask whether they have sent one.
Monitor your bank account
Although it can be a nuisance for victims of a cyber-attack to monitor their bank accounts, it can help spot problems quickly.
Look through your recent transactions for any payments you do not recognise, even if they are very small.
“People will try and take a small amount first. TalkTalk has four million customers. If they do four million £1 transactions, that’s not a bad haul,” said Mr Dresner.
If you spot any unusual activity you should contact your bank and Action Fraud on 0300 123 2040.
Never reuse passwords
TalkTalk is advising customers to change their account password as soon as its website is back up and running.
It is especially important to change your password on other websites, if you have used the same one across many accounts.
Attackers may have harvested usernames, email addresses and passwords from TalkTalk which could let them unlock other services such as your email.
“It’s a growing concern that many use the same password and personal details across multiple online accounts, meaning if their details have been compromised by one attack they could find other accounts suffer too,” said Mr Emm.