Common Internet Scams
Con men are nothing new. They’ve been nicking the tiles of our roofs since, well, since we started putting tiles on roofs. No matter how many people there are in the world, it seems to be a biological fact that a proportion of them will be inveterate scammers. But the Internet has given them the power and sophistication to pull the wool over people’s eyes in ever more dastardly ways.
Over three million scams succeed each year in the UK alone, costing an estimated £3.3billion. If this makes you feel vulnerable, fear not. There’s plenty you can do to protect yourself, as I’ll illustrate with the following long-established yet still common scams.
The imploring email
An email arrives in your Inbox from an old friend or acquaintance. It’s a personal plea for your help, following a terrible ordeal they’ve been through in Singapore or Spain or some other exotic location. They need to borrow a few hundred pounds urgently so they can get home. And then they give you their account details.
These emails are usually well written and they’re smart enough to ask for an amount of money that sounds plausible. A lot of people send the money.
A more recent variation on this scam is the ‘impersonation attack’, where the scammer mimics the email account of a company boss and sends an email to the Accounts department, instructing them to settle a payment urgently, with payee account details provided. The tone of the email and the identity of the sender instils alarm in the recipient and they oblige, not wanting to get into trouble with the boss. But it’s a con and the money is lost.
What to do
Scammers are becoming cleverer at exploiting relationships like this. Businesses can protect against this scam by establishing an internal two-step verification protocol for all such payment requests. For example, one of our clients uses a directors’ WhatsApp group to verify all payment requests before any payment is made. It’s a simple but extremely effective defence against what could be a very costly scam.
The fake phone call
You receive a cold call from someone claiming to be from a tech company, such as Microsoft. They tell you there’s something wrong with your computer and ‘prove it’ by talking you through a few steps to see an error log with lots of errors on it. (NB all computers have busy error logs because computers have errors all the time.)
Having won your attention, they then try to gain control of your computer by, for example, asking you to follow an online link and giving you a login code. Once they have access to your computer, they can go to town: installing ransomware, stealing passwords or even accessing your bank account.
A variation on this scam is where the caller claims to be from a service provider that you already use, such as Sky or BT. They offer you an upgrade and then ask you to confirm your identity by giving them your password, date of birth, mother’s maiden name and other personal information. Once they’ve got your personal security information, they can log into your accounts and extend the scam to all your contact.
What to do
Adopt a position of zero trust. No matter how official they sound and what they’re offering you, remember they called you and, therefore, it’s up to them to verify their identity, not the other way round. Even if you believe they are genuine, tell them you’re not comfortable disclosing personal information over the phone, end the call and call the company back on the number you’ll find on the official website. You can ask them to prove who they are too. Ask them to tell you the last four digits of your account number, for example. They’ll be happy to do so if they’re genuine.
The misleading link
You receive an official looking email telling you that your account has been locked or some similar issue has arisen and instructing you to click a link in the email to initiate the solution. You follow the link and it asks you for your email password. Bingo! They’re in and can hack your account to send out fake emails like the imploring email to expand the scam.
This is a classic scam and one that we should all be ready for but the messages are becoming more fine-tuned and every so often they catch someone off guard.
What to do
Never click a link unless you’re absolutely certain of its origin. You can try hovering your mouse over it to see where the actual link goes, but don’t take this as proof. Scammers will often set up false websites to make their links look genuine. Ask other people around you what they think and if you have any doubts, shut down the communication and go to the website of the service provider the email is claiming to be from. Use their official email address or phone number to inform them of the email you’ve received and they will tell you if it’s genuine or not. In most cases it is not, as companies tend to make a policy of not sending out links, to make it easier for customers to avoid precisely this sort of scam.
Further tips for scuppering the scammers
Back up your data. If a scammer holds your data to ransom, you can just shut down your computer, cut them off, reboot and reaccess your files from your back-up.
Use strong passwords and have a different password for every site you log into. Follow our tips for robust, memorable passwords.
Use your instincts. Begin from a position of distrust. If the language, graphics or links in an email aren’t quite right, shut it down. The golden rule is this: if you can’t verify it, don’t act on it.
Share this information with the vulnerable. You may be a seasoned email user and think you’re immune to scams, but you probably know someone, old or young, who isn’t as well versed in email protocols and takes a request from a desperate friend for money at face value. Give them the knowledge to protect themselves. And remember, if your contacts get hacked, you could be next.