How to avoid scams and malware
For some time now it has been very common to receive phone calls, messages, website content or post with some warning, offer or information about your computer, phone, tablet, Internet connection or indeed some other aspect of your life. This is a guide to some of the tactics used, but is by no means exhaustive - there are many ways of getting hold of your money, and undoubtedly many more new ones to come.
Here are some simple ways of avoiding being a victim of a scam, based on real cases encountered on the Isle of Wight as part of my everyday computer repair business.
First, rest assured, they are almost never targeting you as an individual - tens of thousands of others will have had, and will have the same.
Please do not respond in any way other than putting the phone down, deleting the message or leaving the webpage. Feel free to shout at them if you like, but they may shout back. They told me I had a face like a dog once. TalkTalk have had their moments in the past, but genuine customer services tend not to do that kind of thing...
These should ALWAYS be treated as being fake, and a prelude to a scam. These people are very good at what they do, and use various tricks to try to convince you they are genuine:
- Saying it is urgent, rushing you.
- Relying on you not knowing how things (computers, phones, Internet etc.) work.
- Fear, uncertainty, doubt, greed, flattery.
- Threats of a loss of service, data, connectivity, reputation and more.
The communication may appear to come from:
- Your bank
- Your phone/broadband provider
- Law enforcement agencies (the police)
They may say:
- There is a problem with something (computer, broadband, account etc.)
- Your licence/registration/domain name will expire
- You have a virus/malware/spyware
- You can improve something (speed, appearance, security, safety, reliability...)
- You must pay something. Perhaps in Bitcoin or gift cards, such as iTunes tokens
- You have won something or are to receive compensation
- They may pretend to accidentally overpay, then ask you to refund the difference
- They have filmed you doing unmentionable things
- They have evidence of illegal activities
You should not:
- Click on links or buttons in any email or website that you are not absolutely expecting
- Reply to emails or messages
- Use any contact details (email, phone number etc.) given to you - if you need to contact anybody, look it up from an independent source such as a bill, bank statement, card, phone book or (be careful with this one) a search engine such as Google.
- Allow them to take over your computer
- Pay anything, ever (they will probably not mention money straight away...)
- Tell them anything about you or your system
- Download anything without checking it (try a Google search with the word 'malware' after the name of the application)
- Give your password, banking details or PIN to anybody
Ensure the site you are downloading from is a genuine one - it is common practice for a malware distributor to take a perfectly legitimate application and add a malicious 'payload'.
Again, these are ALL SCAMS, every one of them. Don't be taken in.
What is the green padlock and https://...?
This just means the information transmitted is sent securely and the site is the one named in the address bar. It doesn't absolutely guarantee it isn't a fake site though, so be sure to carefully check the address - is it spelt correctly? It is very easy to miss a minor misspelling, such as a number where a letter shou1d be (0,O,o... 1,I) or an extra or missing letter!
Did you spot it?
How to know where a web address is taking you:
The important bit comes immediately before the first .com, co.uk, org and so on, and this part will usually be highlighted in the address bar:
is probably genuine, whereas
are probably not.
Have a look at the address bar now - it should say
Also, on computers at least, if you hover the mouse over a suspect link, the actual address the link will go to will usually appear in the bottom left corner of the browser. It's good practice to do this before clicking - try hovering over this link:
Finally, if you are taken in by them, don't feel embarrassed or frightened; these confidence tricksters are very good at what they do and many, many people have been tricked into parting with money or information. You are not alone, and quite safe. The main things to do are contact your bank straight away if there is any question of money being taken or potentially taken and change any passwords that may have been compromised.
At the time of writing, banks will usually reimburse you in full. Your computer should then be checked over for any signs of malware, and last of all, beware of subsequent communications from the scammers pretending to be your bank, the police or any other organisation, perhaps offering to help.
Chris Street, August 2018