Thoughts on Scams, Spam and Internet Security
Whilst technology makes our lives much easier in many ways, it also exposes us to new forms of risk. Most notably, spam and online phishing scams leave millions of users vulnerable scammers' increasingly shrewd tactics every day of the week.
I was chatting today with a client who had been called by 'BT' regarding problems they were having with their internet connection. This kind of telephone-based scam has been happening for years, and as much as we like to think we're clever enough to spot a scam, often we aren't.
My client explained how they'd been duped into giving access to their computer to this 'remote support technician' - and only when he started asking for passwords did the alarm bells ring and the call was promptly ended. Not soon enough, however, to have prevented their computer being infected with a malicious virus which took several hours of work to identify and remove.
I know we're all reminded of the importance of keeping our passwords safe and not sharing personal information with people whose identities we cannot confirm on a regular basis. But we're in just as much need of the reminder now, in 2017, as we were when these internet and telephone scams originated.
After 10 years working in the internet industry, here are my 'top tips' for staying safe online.
Never Reveal Personal Information to Third Parties
You should never be asked for passwords or other security information in full. If you are, do not continue the conversation. Nowadays most companies will ask for particular characters from passwords or security questions. This is done so that the operator never has access to the full answer, or anyone 'eves-dropping' on your conversation either.
Obviously, online, passwords are usually entered in full - so you need to ensure you only enter your secure data into the site it is intended for - which is my next point.
Always Check the URL and Look for the Green Padlock
Often spam emails will arrive appearing to have come from a reputable source. I regularly see emails dressed up to look like emails from Amazon, PayPal, eBay and others. Generally the scammers at this level are looking to get access to your online accounts, through which they might make purchases, or get access to payment information etc.
If you receive an email which appears to have come from a source you trust, you need to make sure that if you click on any link within the email that it takes you to the URL you are expecting. Here's an example. This email appears to have come from 'Amazon Gift Card':
When I hover over the link in the email (in blue) my email software shows me the destination - which is an address that begins http://my-amazon.co.uk. The trick here is that this looks like a reputable address.
However, it is not simply https://amazon.co.uk or https://amazon.com. Before clicking any link, ensure it is going to take you where you expect - hover over the link to see the destination. If there is any discrepency or uncertainty do not click the link, simple!
If you're ever asked to enter login details or other personal information you should always ensure that you can see the green padlock somewhere on your browser. It'll be up near the address bar. This indicates that the site is using a valid SSL certificate which encrypts all the information passed between your browser and the web server. If the website you're visiting does not employ a valid SSL certificate and a green padlock then do not enter any sensitive information. Please note that having an SSL certificate does not mean that the site is reputable, only that it is secure!
Don't Give Callers Access to your Compuer Unless You're Certain
As happened to my customer, and many millions of other users around the world, the scammer reuqested access to the computer. This is quite common practice, and easily done now as remote support software has become easier to setup and use.
However, once you give someone access to your computer, you've lost. Someone with remote access can have the same control that you do, and although you can keep an eye on what they're doing, it only takes a few seconds for them to ruin your computer. And they're masters of distraction - they'll have plenty of tricks up their sleeves to keep you away from the keyboard whilst they infect your machine, or worse.
You may have a remote access system setup for your IT support provider to use. My suggestion is that you go through with them exactly how the process works, and ensure that you only ever give access to someone whose identity you can validate.
Don't Fall for Telephone Scams - These Two In Particular...
I recently heard of a method of telephone scamming in which the operator requests asks the user to wait for a secure line, and then speak their password in full. They then play a pre-recorded message which fools the user into thinking the can't be heard, and then they reveal their password in full along with any other personal information requested. The operator continues the call as if nothing has happened, then promptly hangs up and uses the information to access the user's banking or other services.
The second scam I've recently heard of involves the scammer telling the person they've called to hang up and call back on the bank's (for instance) official telephone number. This number can be found on the back of the individuals credit or debit card. Surely this will prove that the call is legitimate? Well it would, but the scammer doesn't put the phone down.
Instead the user hangs up and then promptly calls the number back. Because the scammer didn't hang up the line remains open and the second call is never made. A ringing sound might be played, and the call answered by 'frontline staff' before being handed back to the original operator. Of course, at this point you'd be convinced you were actually talking to the bank - but you're not.
So sneaky! Don't fall for either.
Use Common Sense
The best defence is always common sense. Just stop to think before, clicking, calling or speaking.
Someone else I know recently queried an email that appeared to come from HMRC offering a small tax rebate. It's a scam - the government aren't going to email you about that.
Microsoft aren't going to call you about problems with your computer. It just wouldn't happen!
BT wouldn't need access to your computer to fix a problem with your internet. They don't do IT support - at least, not like that.
In the cold light of day it's easy to say we wouldn't fall for any of this stuff. But we do. Family, friends, colleagues - we're all susceptable. Use your common sense, and if in doubt, phone a friend (or me!).