How to avoid scams and malware
For some time now it has been very common to receive phone calls, messages, website content or post with some warning, offer or information about your computer, phone, tablet, Internet connection or indeed some other aspect of your life. This is a guide to some of the tactics used, but is by no means exhaustive - there are many ways of getting hold of your money, and undoubtedly many more new ones to come.
Communications may appear to come from the genuine source, but email addresses, phone numbers, text messages etc can be spoofed or faked.
Here are some simple ways to identify and avoid being a victim of a scam, based on real cases encountered on the Isle of Wight as part of my everyday computer repair business.
First, rest assured, they are almost never targeting you as an individual - tens of thousands of others will have had, and will receive the same communications.
Please do not respond in any way other than putting the phone down, deleting the message or leaving the webpage. Feel free to shout at them if you like, but they may shout back!
Contact similar to that listed below should ALWAYS be treated as being fake, and a prelude to a scam. These people are very good at what they do, usually located abroad and use various tricks to try to convince you they are genuine:
- Saying it is urgent, rushing you.
- Relying on you not knowing how things (computers, phones, Internet etc.) work.
- Fear, uncertainty, doubt, greed, flattery.
- Threats of a loss of service, data, connectivity, reputation and more.
The communication may appear to come from:
- Your bank
- Your phone/broadband provider
- Law enforcement agencies (the police)
- HMRC (the tax office)
They may say:
- There is a problem with something (computer, broadband, account etc.)
- Your licence/registration/domain name will expire
- You have a virus/malware/spyware
- You can improve something (speed, appearance, security, safety, reliability...)
- You must pay something. Perhaps in Bitcoin or gift cards, such as iTunes tokens
- You have won something or are to receive compensation
- They may pretend to accidentally overpay, then ask you to refund the difference
- They have filmed you doing unmentionable things
- They have evidence of illegal activities
- You must phone a number immediately (this may be premium rate)
- You must cover the screen with a towel or similar, to guard against 'UV rays'
You should not:
- Click on links or buttons, or phone any number in any email or website that you are not absolutely sure of
- Follow any instructions to press any keys, type anything, go to websites or run any applications
- Reply to emails or messages
- Use any contact details (email, phone number etc.) given to you - if you need to contact anybody, look it up from an independent source such as a bill, bank statement, card, phone book or (be careful with this one) a search engine such as Google.
- Allow them to take over your computer, a common request is to run an application called Teamviewer
- Pay anything, ever (they will probably not mention money straight away...)
- Tell them anything about you, your finances or your system
- Download anything without checking it (try a Google search with the word 'malware' after the name of the application)
- Give your password, banking details, memorable questions or PIN to anybody
Ensure the site you are downloading from is a genuine one - it is common practice for a malware distributor to take a perfectly legitimate application and add a malicious 'payload'.
Again, these are ALL SCAMS, every one of them. Don't be taken in.
What is the green padlock and https://...?
This just means the information transmitted is sent securely and the site is the one named in the address bar. It doesn't absolutely guarantee it isn't a fake site though, so be sure to carefully check the address - is it spelt correctly? It is very easy to miss a minor misspelling, such as a number where a letter shou1d be (0,O,o... 1,I) or an extra or missing letter.
Well done if you spotted the number one in 'should' above...
How to know where a web address is taking you:
The important bit comes immediately before the first .com, co.uk, org and so on, and this part will usually be highlighted in the address bar:
is probably genuine, whereas
are probably not.
Have a look at the address bar now - it should say
Also, on computers at least, if you hover the mouse over a suspect link, the actual address the link will go to will usually appear in the bottom left corner of the browser. It's good practice to do this before clicking - try it by hovering over this link with your mouse:
Finally, if you are taken in by them, don't feel embarrassed or frightened; these confidence tricksters are very good at what they do and many, many people have been tricked into parting with money or information. You are not alone, and quite safe - they won't come round your house, despite what they may tell you. It is extremely unlikely that they are even in this country.
You should now have your computer checked over for malicious software, contact your bank straight away if there is any question of money being taken or potentially taken and change any passwords that may have been compromised. If you suspect your address list could have been accessed, it is worth informing your contacts that they may receive correspondence that appears to come from you, for instance the 'I'm in a foreign country and have had my wallet stolen, please send money' style of scam. Fraudsters often make this difficult by deleting your address book!
At the time of writing, banks will usually fully reimburse you.
Last of all, beware of subsequent communications from the scammers pretending to be your bank, the police or any other organisation, perhaps offering to help. I have actually been present a couple of times, checking over the computer, when this has happened!
Chris Street, October 2018