TalkTalk hack: What should I do?

TalkTalk logo Image copyright TalkTalk

Telecoms provider TalkTalk is investigating a "significant and sustained cyber-attack" on its website in which some of its customer data may have been accessed.

The phone and broadband provider has said that some of its customers' credit card details may have been accessed.

However, it added that the details would have been incomplete because some of the digits are replaced with the letter "x" in its records.

Unfortunately, many attackers target the vulnerable in the wake of a big cyber-attack, trying to trick them into handing over more of their personal information.

So what can you do to try to protect yourself from danger?

Beware of scam calls

Image copyright Thinkstock
Image caption Trying to harvest private information by masquerading as a genuine company is known as phishing

Be wary if you receive any telephone calls claiming to be from TalkTalk, especially if the caller asks you for private information.

TalkTalk says it never asks customers to give their full passwords or Pin codes over the telephone.

"If you're talking to somebody, think whether what you are saying is exactly the kind of information which would open up your bank account," Daniel Dresner from the University of Manchester told BBC Breakfast.

"These companies don't ask for that kind of information."

If you are not sure whether a call from TalkTalk is genuine, ask for a reference number and call the company back yourself on 0203 441 5550. It is a good idea to wait at least five minutes before returning the call - or use phone another line.

Be careful with emails too

Image copyright Thinkstock
Image caption Hackers can make official-looking emails and websites

Attackers can send very convincing emails that look like they are from TalkTalk but are actually trying to gather your personal information.

They may even refer to the cyber-attack in an attempt to appear genuine.

Be suspicious if an email asks you to reply with personal information or click on a link. Criminals can set up official-looking websites to harvest your account details.

"I would caution against clicking links in emails you are unsure of - it's always better to type the website address manually, to avoid the risk of being redirected to a phishing site," said David Emm from security firm Kaspersky Lab.

If you suspect an email is not genuine, call the company's customer service line and ask whether they have sent one.

Monitor your bank account

Image copyright Thinkstock
Image caption Check your bank account for transactions you do not recognise

Although it can be a nuisance for victims of a cyber-attack to monitor their bank accounts, it can help spot problems quickly.

Look through your recent transactions for any payments you do not recognise, even if they are very small.

"People will try and take a small amount first. TalkTalk has four million customers. If they do four million £1 transactions, that's not a bad haul," said Mr Dresner.

If you spot any unusual activity you should contact your bank and Action Fraud on 0300 123 2040.

Never reuse passwords

Image copyright Thinkstock
Image caption Do not use the same password for multiple accounts

TalkTalk is advising customers to change their account password as soon as its website is back up and running.

It is especially important to change your password on other websites, if you have used the same one across many accounts.

Attackers may have harvested usernames, email addresses and passwords from TalkTalk which could let them unlock other services such as your email.

"It's a growing concern that many use the same password and personal details across multiple online accounts, meaning if their details have been compromised by one attack they could find other accounts suffer too," said Mr Emm.

Security experts recommend using a different password for each account.

Leave TalkTalk

TalkTalk has reported three cyber-attacks over the past 12 months, so some customers may feel it's time to move elsewhere.

However, such a step could be costly.

The firm has said it would only waive its termination fees for customers who have had money stolen from them as a consequence of the latest incident.

Others face a penalty of up to £23.31 for each month that remains on their contract.

Unsurprisingly, the firm's share price recovered some of its recent losses after it made clear this stipulation.

More on this story