How to avoid scams and malware
For some time now it has been very common to receive phone calls, messages, website content or post with some warning, offer or information about your computer, phone, tablet, Internet connection or indeed some other aspect of your life. This is a guide to some of the tactics used, but is by no means exhaustive - there are many ways of getting hold of your money, and undoubtedly many more new ones to come.
Communications may appear to come from the genuine source, but email addresses, phone numbers, text messages etc can easily be spoofed or faked.
Here are some simple ways to identify and avoid being a victim of a scam, based on real cases encountered on the Isle of Wight as part of my everyday computer repair business.
First, rest assured, they are almost never targeting you as an individual until you reply - tens of thousands of others will have had, and will receive exactly the same communication.
Please do not respond in any way other than putting the phone down, deleting the message or leaving the webpage. Feel free to shout at them if you like, but they may shout back!
Contact similar to that listed below should ALWAYS be treated as being fake, and a prelude to a scam. These people are very good at what they do, usually located abroad and use various tricks to try to convince you they are genuine:
- Saying it is urgent, rushing you.
- Relying on you not knowing how things (computers, phones, Internet etc.) work.
- Fear, uncertainty, doubt, greed, flattery.
- Threats of a loss of service, data, connectivity, reputation and more.
The communication may appear to come from:
- Your bank
- Your phone/broadband provider
- Law enforcement agencies (the police, fraud squad etc)
- HMRC (the tax office)
- Somebody you know
They may say:
- A friend needs money for some medical, travel or financial emergency
- You need to transfer money to a 'safe account'
- You need to pay a small fee to Royal Mail, DHL, UPS or any other organisation to receive a parcel
- There is a problem with something (computer, broadband, bank account, card etc.)
- Your licence/registration/domain name will expire
- You have a virus/malware/spyware
- You can improve something (speed, appearance, security, safety, reliability...)
- You must pay something. Perhaps in Bitcoin or gift cards, such as iTunes tokens
- You have won something or are to receive compensation
- They may pretend to have accidentally overpaid or transferred money, then ask you to refund the difference
- They have filmed you doing unmentionable things (they haven't!)
- They have evidence of illegal activities
- You must phone a number immediately (this may be premium rate)
- You must cover the screen with a towel or similar, to guard against 'UV rays' or similar
You should not:
- Click on links or buttons, or phone any number in any email or website that you are not absolutely sure of
- Follow any instructions to press any keys, type anything, go to websites or run any applications
- Reply to emails or messages
- Use any contact details (email, phone number etc.) given to you - politely tell them you will call them back and obtain the number from an independent source such as a bill, bank statement, card, phone book or (be very careful with this one, as you may get a fake website) a search engine such as Google. Use another completely separate phone if possible - if they called your landline use a mobile, and vice-versa.
- Allow them to take over your computer, a common request is to run an application called Teamviewer
- Pay anything, ever (they will probably not mention money straight away...)
- Tell them anything about you, your finances or your system
- Download anything
- Give your password, banking details, memorable questions or PIN to anybody
Ensure any site you are downloading software from is a genuine one - it is common practice for a malware distributor to take a perfectly legitimate application and add a malicious 'payload'.
Again, these are ALL SCAMS, every one of them. Don't be taken in.
What is the green or closed padlock symbol and https://...?
This just means the information transmitted is sent securely and the site is the one named in the address bar. It doesn't absolutely guarantee it isn't a fake site though, so be sure to carefully check the address - is it spelt correctly? It is very easy to miss a minor misspelling, such as a number where a letter shou1d be (0,O,o... 1,I) or an extra or missing letter.
Well done if you spotted the number one in 'should' above...
How to know where a web address is taking you:
This may take a few reads to understand, sorry!
The important bit comes immediately before the first .com, .co.uk, .org and so on that is followed straight away by a forward slash (/), and this part will usually be highlighted in the address bar at the top of the page:
is probably genuine, whereas
are almost certainly not.
Have a look at the address bar now - it should say
Also, on computers at least, if you hover the mouse over a suspect link, the actual address the link will go to will usually appear in the bottom left corner of the browser or in a pop-up window. It's good practice to do this before clicking - try it by hovering over this link with your mouse, or pressing and holding on a phone or tablet:
Finally, if you are taken in by them, don't feel embarrassed or frightened; these confidence tricksters are very good at what they do and many, many intelligent people have been tricked into parting with money or information. You are not alone, and physically safe - they won't come round your house, despite what they may tell you. It is extremely unlikely that they are even in this country.
You should now have your computer checked over for malicious software, contact your bank straight away if there is any question of money being taken or potentially taken and change any passwords that may have been compromised. If you suspect your address list could have been accessed, it is worth informing your contacts that they may receive correspondence that appears to come from you, for instance the 'I'm in a foreign country and have had my wallet stolen, please send money' style of scam. Fraudsters often make this difficult by deleting your address book!
At the time of writing, banks will usually fully reimburse you.
Last of all, beware of subsequent communications, perhaps the next day or so, from the scammers pretending to be your bank, the police or any other organisation offering to help or transfer money to a 'safe account'. I have actually been present a couple of times, checking over the computer when this has happened. Remember - call back on a number you have obtained independently, using a different phone.
Chris Street, May 2021