Protect yourself against online scams and 'phishing' expeditions

Internet fraudsters are getting increasingly sophisticated. Promises of winning the jackpot on the Nigerian lottery have been replaced with official-looking emails, and you’re now more likely to be contacted by what appears to be your bank than by someone claiming to be an African prince.

tbc
With this increased level of sophistication comes an increased level of threat; even just clicking a link within an email can send a virus or trojan horse into your system that can access any sensitive data you have stored on your hard drive. 

This data is then sent back to the fraudsters who can use it to take money from your accounts or steal your identity for other nefarious purposes.

And it’s not just your finances that you have to worry about. If scammers get even the tiniest crumb of information from you they could hack into any cloud-based accounts that you may have linked, such as an Apple ID or Gmail account, and gain access to your whole online life, including photographs, emails and social networking accounts.



So, what can you do to spot the scammers and how can you make sure you stay safe online? Let’s take a look…

Email ‘phishing’ scams

Even if you don’t realise it, there’s a good chance that you’ve received a ‘phishing’ email at some point. Phishing is where a bogus email is sent to you in attempt to acquire sensitive information such as usernames, passwords or PIN numbers that can be used to steal money from your accounts or for other criminal activities.

But where these once regaled you with tales of an outlandish inheritance claim or foreign lottery win, they are now designed to look like official emails from banks or other financial institutions and will usually encourage you to click on a link to ‘confirm your details’.

For instance, Steve Allen, one of the guys behind the excellent MoneySupermarket videos brought to our attention a suspicious-looking email that purported to be from his bank, warning him that his account would be deactivated within 24 hours if he didn’t click the link included in the email and verify his account information.

However, being no stranger to such emails – it’s common to get them from any number of banks, even ones you’ve never banked with – Steve immediately disregarded it. But, as you can see below, the email could have easily caught out less suspecting customers.

tbc


If Steve had followed the link, he’d have been taken to another webpage and asked to enter all his personal banking details, including passwords, and the criminals would have had all the data they needed to access his account and take his money.

There are even more sophisticated phishing scams that don’t even require you to enter your details as simply clicking on the link can release malicious software onto your computer. This will then access and transmit to criminals any sensitive information, financial or otherwise, that is stored on your system.

How to spot a phishing email

Although they will look genuine at first glance, phishing emails often include threats, contain bad spelling or grammar, and any links contained will often point to an address different to the one typed in the message.

For instance, as you can see from the clipping below, the Halifax scam contains a threat that “your account will be deactivated within the next 24 hours” but rest assured that no professional organisation would use language like this in an email, particularly one that wasn’t even personally addressed to the intended recipient.

Other clues are in the spelling and use of English, as ‘attempts’ is incorrectly spelt as “attemps” and the line: “To prevent this to happen…” would not have made it past the proofing process had the email been genuine.

tbc


In addition, the web address connected to the email doesn’t match the link that was typed in the message. This is probably the greatest indicator that the email is not genuine.

If you want to see where a link is really going to take then just hover your cursor over the link, but don’t click on it. The real web address will then appear in a little pop-up box; if they don’t match, it’s more than likely a fake.

Other online phishing scams and hacks

Although email phishing scams are probably the most widely recognised, there are a host of other ways in which online criminals will try to get their hands on your personal data.

For instance, instead of sending malicious software into your system via emails, some scammers will do this through simple pop-up boxes that will appear when you’re online and promise something like free music or software downloads.

Once you click on the pop-up, a virus will be sent to your computer that can then access your data and share it with criminals.

Social media accounts are also often hacked. BBC business editor, Robert Peston, recently Tweeted how he was hacked after he re-entered his details after clicking on a link that made it look that he had logged out.

tbc


These hacks also come in the form of Tweets or direct messages that encourage you to click on a link. If your social media accounts are hacked you need to log in and change your password as soon as possible.

And while this type of hack is usually not as serious as others – any malicious software will usually just send links via your Twitter feed that will perpetuate the process – one US-based journalist found that a hack on his Twitter account was the catalyst for a series of events that saw hackers access, and subsequently destroy, his entire online life.

For more about the pitfalls of social networks read my article 'Stay safe in a world of apps and social networks' and for more on malicious programs such as worms, viruses and Trojan horses check out my video 'Protect your PC from online viruses'.

Telephone phishing scams

It may seem like an outdated model but, unfortunately, telephone scams are alive and well. One popular one is where criminals call you claiming to be from a software company, warning you there is a problem with your computer.

Once they have gained your trust, they ask for your usernames, passwords or account details, or ask you to type them in on a web page they have directed you to, so they can access your account and ‘fix’ the problem.

However, as soon as you do this your computer and information is as risk and fraudsters have everything they need to access your data.   One very sophisticated – not to mention frighteningly plausible – scam occurred earlier this year when criminals acting as representatives of a ‘Visa theft department’ telephoned people and claimed that there had been some suspicious looking transactions on their account.

Personal information was stolen by taking victims through security checks, asking for PIN numbers to be typed into the telephone keypad – which lent the scam greater authenticity as the caller was not directly asking for them – and then sending a motorcycle courier to collect the cards that had supposedly been used in these suspicious transactions.

This gave the criminals everything they needed to withdraw cash or transfer funds from their victims’ accounts. Click here for the full story.

 

What to do if you receive a phishing email or phone call

If you have received a phishing email then the first thing that you need to do is make sure that you don’t click on any of the links contained within it as this alone can be enough to compromise your online security.

You should then forward the email on to the fraud prevention or online security department of the company it is supposedly from, details of which will be available on the website of the company in question.

If you receive what you suspect is a fraudulent phone call then make sure that you never disclose any details and simply hang up on the caller.

And you need to remember that, whether via and email or a phone call, or even in person, no genuine company representative would ever ask for things such as passwords or PIN numbers. They may ask for certain letters or digits, but never the full password or PIN.

If you realise too late and fear that your details have been compromised then you should contact your bank immediately. They’ll put the processes in place to make sure that any cards are cancelled, PIN numbers re-issued and passwords changed.

As an extra precaution, you should also immediately change the passwords on any email and social networking accounts as well as on any shopping sites that may have your details stored.

If your credit card has been used fraudulently then you may be protected under Payment Services Regulations and the Consumer Credit Act, provided you have not acted negligently.

If you can demonstrate that you have been the victim of fraud then, under the Banking Code, you’ll only be liable for the first £50 of any loss. But you certainly want to avoid the hassle of proving your innocence to the bank and going through the rigmarole of changing all your security details, so it is important to protect yourself.

And even if you’ve not been hacked, it’s always a good idea to change your passwords every couple of months and don’t have the same password for all of your accounts, particularly any that may be linked to others.

5 tips to stay safe online

  • Passwords – Always try to use ‘strong’ passwords with a mix of letters and numbers and don’t use the same password for different websites, especially for important accounts like online banking and email. Never give out your password to anyone and remember that reputable companies will never ask for complete passwords or PIN numbers.
  • Software – Make sure that you update your operating system or anti-virus software as soon as new versions become available as they often contain security fixes that will make your system more difficult to hack into. Regularly scan your computer for viruses.
  • Emails, pop-ups and websites – Always be wary of suspicious looking emails, even if they look like they’ve been sent by friends or contacts – and never enter any passwords on an unfamiliar site after clicking on a link to get there. It’s best to never click through from pop-ups. Instead, enter a site’s address in the address bar, and if an offer looks too good to be true, it probably is.
  • Padlocks and https – If you are entering any sensitive information, such as account numbers or debit/credit card numbers, then make sure that the site address begins with ‘https’ and that there is a padlock symbol within the browser frame as these denote that a site is secure.
  • Wireless networks – Hackers can access your wireless router to eavesdrop and gain access to sensitive data. So make sure that wireless network is password protected and completely secure and never let any outsiders have access to your network.
For more tips to stay safe online, click here.

It’s also worth checking out Google’s guide to online safety as well as the FSA website which not only offers ways to stay safe from scams but also has a list of firms and individuals to avoid so you can check them out before you deal with them.     Are you worried about internet fraud? Or have you ever been a victim? Let us know at our weekly poll, here.     Follow Les on Twitter @LesRobertsMSM

Please note: Any rates or deals mentioned in this article were available at the time of writing. Click on a highlighted product and apply direct.

Did you enjoy that? Why not share this article

SAVE MONEY NOW

Other articles you might like

Popular guides