Hackers army. Dangerous hooded group of hackers. Internet, cyber crime, cyber attack, system breaking and malware concept. Dark face. Anonymous. Abstract smoke moves on black background.

What constitutes a data breach?

Here at LawPlus, we deal with a significant volume of data breach enquiries each and every day.

Included in that volume are enquiries for things that actually relate more to fraud. Now, we must recognise that a data breach incident could lead to fraud. But, unfortunately, you can’t bring a data breach case against someone that defrauded you. However, you might be able to bring a data breach case against the organisation that put your privacy at risk and led to the fraud taking place. In addition, if you lost money due to the fraud, this may increase the data breach compensation you can claim, too.

Let’s look at some of the different types of fraud, how you can identify it, and how to report it.

What is phishing?

Phishing is the act of impersonating a business, organisation, or individual to acquire your personal details, which they can then use fraudulently.

Common phishing scams include emails claiming to be from HMRC or PayPal. The emails can look legitimate if you don’t know what you’re looking for and will often redirect you to a website that also mirrors the organisation in question.

You will typically be asked to input some personal information. For PayPal, it will be your email address and password; for HMRC, it may be something like your bank details “to process your tax refund.” In some cases, phishing is used as a gateway for other types of cybercrime, like deploying ransomware. Simply clicking on a link can allow your system to be infected, and you may be at risk even without sharing any details explicitly.

How to identify a fake email

There are several ways to spot phishing scams, including looking for emails that:

  • Claim to be from banks where you don’t have an account
  • Are about things that aren’t relevant to you – such as self-employment tax refunds
  • You receive at unusual times
  • Aren’t legitimately coming from the source – add the email address businesses like Amazon and PayPal would legitimately contact you from so you can easily spot it’s a fraud.
  • Appear to have been sent by your friends asking for money – give them a call to check if it was really them.

If your email address is involved in a data breach, cybercriminals may target you with phishing scams, but the phishing scam itself can’t be explicitly addressed as a data breach claim.

Ensure you’re aware of the warning signs of phishing so you can protect yourself as best as you can.

What is smishing?

Smishing is the same as phishing but uses SMS messaging rather than email as the vehicle for sending fraudulent communication.

As with phishing, the purpose of a smishing scam may be to get you to share personal details or simply click a link so a file can download to your smartphone and steal your data. Some smishing scams, such as the Royal Mail and PayPal delivery scams that have done the rounds during the Covid-19 pandemic, just outright try and get you to pay money fraudulently, which may also lead to your payment card details being stolen to be used elsewhere.

How to identify a fake text message

There are several things you can do to identify fake text messages and avoid falling victim to smishing scams:

  • Use an app like TrueCaller, which will flag potentially fraudulent text messages from unknown sources
  • Save numbers from trusted sources if, for example, you give permission to be contacted by text messages for marketing purposes.
  • Immediately delete text messages from unknown numbers. Call people back on the number you have for them if you get a text claiming to be from a parent or other loved one.
  • Look out for “urgent requests” for payments or details
  • Watch out for spelling errors or odd wording

As a general rule, don’t click any links from suspicious-looking messages. Not only may this lead to malware downloading onto your smartphone, but you may not be able to tell if a website is legitimate due to the way web addresses are sometimes presented on smartphones. As with phishing scams, websites used for smishing can be made to look like an exact mirror of the website of the organisation being impersonated.

As with your email address, if your phone number is involved in a data breach, cybercriminals may target you with scam text messages, but the smishing scam itself can’t be explicitly addressed as a data breach claim.

Ensure you’re aware of the signs of smishing so you can protect yourself as best as you can.

What is identity theft?

Identity theft is when someone uses your personal identifying information without permission.

Typically, this takes the form of acquiring credit in your name, leaving you with debts that aren’t yours, or using details obtained fraudulently to use your credit cards. Often, phishing and smishing scams are a gateway to identity theft. Once criminals have your details, they can spend money on your credit cards or acquire credit in your name.

Identity theft is often difficult to prevent, but thankfully things like multi-factor authentication for online purchases is increasingly mandatory, helping to reduce instances of fraud. On top of this, all banks and credit card providers have sophisticated fraud prevention systems. At the same time, credit monitoring apps can also send you alerts when credit applications are made in your name.

How to report fraud

There are several ways to report fraud, depending on the nature of the incident:

  • In the first instance, identity theft and other financial fraud should be reported to the relevant bank, lender, or credit referencing agency. This will enable them to block your card, cancel any credit that has been acquired in your name, and correct your credit file.
  • All attempted or successful fraud can be reported to Action Fraud online or on the phone by calling 0330 123 2040.
  • You can report suspicious text messages by forwarding them to 7726.
  • Suspicious emails can usually be reported via your email provider as part of your junk email reporting options. Some, like Gmail, have a specific option for reporting phishing scams.

How to tell if something is a data breach or fraud

The difference between the two is often this:

  • If your data is involved in a data breach, you usually won’t definitively know about it unless the company who was guilty or fell victim to a breach tells you about it.
  • If you’re a victim of fraud, you know about it, because the evidence will be staring you in the face.

While falling victim to fraud can be an aggravating factor that may increase the compensation due if your details were involved in a data breach, it’s vital to recognise that fraud and data breaches are two different things.

Victim of fraud? Report it! Victim of a data breach? Contact us!

If you’re a victim of fraud, the best thing to do to prevent it from happening in future is to report it using the avenues above while ensuring you increase your own awareness around things like phishing, smishing, and other types of scams.

If your details are involved in a data breach, that’s where we can help you. Contact LawPlus Solicitors now for a free, no-obligation review of your data breach case.


Get in Touch

Fill in the form below to tell us your details, and we’ll get started.