Introduction

You have probably read or heard about this already, but to be on the safe side, this paper is a reminder for you to beware of text, phone, and email scams. There are loads of scams around at the moment – just make sure you don’t become a victim by following some simple rules. If you get an unexpected email, the most important thing you should do is to check the link before clicking on it. Often, the sender will use links like “Hermes.abc.org” (Hermes is a proper company, but abc.org is not).

You should never type in any account or card information from a link you are sent and, if someone calls you, even if they seem to know something about you, ask for their number so you can call them back before providing any information.

What are Scams?
MoneySupermarket defines Scams^[1] like this:

“Scams are fraudulent schemes that dupe people into parting with their personal details and/or cash. They’ve been around for as long as we can remember, but they’re no longer confined to shady door-to-door salesmen or dodgy second-hand car dealers.

“Scammers now frequently target people through emails, online banking systems, text messages and online transactions. While fraud is becoming ever more sophisticated, people are still getting caught out by traditional scam letters and phone calls. So you need to be wary.

“Some scams are obvious. Someone emails you to say a distant relative has died, and there’s no one but you to inherit their multi-million fortune – all you need to do is pay £500 upfront to release the funds. But some scams are a lot less obvious, and a lot more intelligent.”

What clever scammers try to do
Scammers often pretend to be contacting you on behalf of the government, your bank, or a utility company. They might use a company name you know or make up a name that sounds official.

They use technology to change the telephone number that appears on your mobile or landline so that when you call them back, you get a message saying that the telephone number is unobtainable.

The caller tells you they are calling on behalf of an organisation that wants you to make a decision. They might say you’re in trouble with the government. Or an official body – such as the National Crime Agency. Or you owe money. Or that your broadband service or National Insurance number will be suspended.

Some scammers tell you there’s a problem, and they are trying to restore a service to which you subscribe. But first, they need some information from you or need you to confirm what’s on their file. Scammers want you to act before you even have time to think. It may be difficult for you to call them back to check out what they are telling you.

Some scammers threaten legal proceedings and arrest. They might tell you that your email system and computer files have been corrupted. Or that their records show you were involved in an accident that wasn’t your fault. They often insist that you pay in a specific way – perhaps on your credit card – to restore a service to which you subscribe or to take advantage of a wonderful new offer that will expire very soon.

Whatever scam you may face, they all have one thing in common: they are designed to get hold of your money. The scammers do this by tricking you into revealing your personal details, stealing your information, or even tricking you into willingly handing over your hard-earned cash.

Avoiding a Scam: Top Tips

• Block unwanted calls and text messages. If necessary, block unwanted calls and filter unwanted text messages to your mobile.
• Don’t give any personal or financial information about you or your family in response to a request that you didn’t expect. 
• Resist the pressure to act immediately. 
• Never buy from doorstep sellers. Ask for a ‘No cold callers’ sign from your local council or get a printable version online and put it in your window. Set up a password with your utility providers to be used by anyone they send round so you can be sure they’re genuine.

Protecting your identity from being stolen 
Identity Fraud happens when someone steals your identity and uses it to apply for credit and services, leaving you to pay the cost. They use several methods – including going through your rubbish bin, finding old letters, bank statements paperwork and then applying for financial products using your details.

MoneySupermarket warns that some cybercriminals sweep personal details from social media accounts such as Facebook, LinkedIn or Twitter to build up a stronger profile of your identity, so be very careful what you publish.

Online Resources
A free download on avoiding scams is available from Age UK – available from https://www.ageuk.org.uk/globalassets/age-uk/documents/information-guides/ageukig05_avoiding_scams_inf.pdf.

The Metropolitan Police has produced a guide (The Little Book of Big Scams) which you can download from their website at https://www.met.police.uk/advice/advice-and-information/fa/fraud/personal-fraud/prevent-personal-fraud/

You can also contact Ofcom for advice on dealing with nuisance calls or telephone scams – details at https://www.ofcom.org.uk/phones-telecoms-and-internet/advice-for-consumers/problems/tackling-nuisance-calls-and-messages

The MoneySupermarket guide at https://www.moneysavingexpert.com/shopping/stop-scams/ tells you what to do if you do get scammed. It also provides advice on avoiding being tricked in the first place. Fraudsters want to get their hands on your identity so that they can enter into transactions, usually online, and pretend they are you. MoneySupermarket have some tips for you at https://www.moneysavingexpert.com/credit-cards/identity-fraud/

Statistics

Picture Credit: “what-is-business-or-commercial-identity-theft” by DJANDYW.COM is licensed under CC BY-SA 2.0

Only a fraction of fraud and cybercrimes in the UK are being reported to the authorities, according to estimates compiled by the Office for National Statistics (ONS) in its new telephone-operated Crime survey for England and Wales (TCSEW). In June 2021, research from pollsters YouGov revealed that 25% of UK adults receive some form of scam messaging each day, with a further 39% saying they get them every week and 17% suffering the intrusion once a month. The so-called Romance Fraud alone reached £73.9m.

Spotting a Bogus Website
The internet is home to roughly 1.7 billion websites. This number changes dynamically every minute of every day as new websites are registered or lost. The Web is massive, and around 4.5 billion people worldwide contribute with online interactions.^[2] 

Unfortunately, many of these websites exist only to scam you out of your personal data or your money or, worse still, both. Here are a few signs^[3] to look out for to spot a fraudulent website^[4].

Is the URL Name valid?
Before visiting a site, the first thing you should do is make sure that the domain name is the one you intend to visit. Those sneaky fraudsters create fake sites masquerading as an official entity, usually in the form of an organisation you would likely recognise, such as Amazon, PayPal, or Wal-Mart. Sometimes the difference between the real site’s name and the fraudulent site’s name is almost unnoticeable. For example, the cybercriminal may build a site using rnicrosoft.com (note the “r” and “n” at the beginning of that address, which looks similar to an “m”), but you think you’re visiting microsoft.com.

There are two basic ways the cybercriminal gets you to visit a fraudulent site. The first way is by a method known as phishing – it’s a form of cyberattack that is delivered mainly by email. The perpetrator (called a threat actor) tries to entice you to click a link in the email that redirects you to a bogus copy of the real website.

Another way the threat actor may get you to visit the fraudulent site is by a method known as typosquatting, which uses common misspellings of domain names (for example, amazom.com) to trick users into visiting fraudulent websites. You think you entered the domain name correctly, but you’re actually visiting a fraudulent copy of the genuine site. If you’re lucky, your web browser will warn you.

Regardless of how you get to the site, once you log in to this fraudulent website, the threat actor will harvest your login credentials and other personal data, such as your credit card information, and then use those credentials themselves on the actual website or any other website where you’re using the same login credentials.

The first and most basic method of spotting a fraudulent website is to make sure the domain name is the one you truly intend to visit.

Look For the Padlock, Then Look Harder
When you visit a website, look for the padlock to the left of the URL in the address bar. This padlock indicates that the site is secured with a TLS/SSL certificate, which encrypts data sent between the user and the website.

If the website hasn’t been issued a TLS/SSL certificate, an exclamation mark ( ! ) will appear to the left of the domain name in the address bar. If a site isn’t TLS/SSL certified, any data you send is at risk of being intercepted. The downside to this is that not all SSL certificates are authentic. These sites are usually caught pretty quickly, but it’s still best to look a little harder at the padlock just to be sure. Unfortunately, you can only dig deeper if you’re browsing the Web using a desktop.

First, click the padlock and then click “Connection is Secure” from the context menu. If the certificate is valid, then you’ll see the “Certificate is Valid” text on the next menu. Go ahead and click that for more details.

A new window displaying the information about the certificate will appear. You can check which site the certificate was issued to, who it was issued by, and its expiration date.

While this won’t always protect you from fraudsters, the padlock (and the certificate information) is a good indicator that you’re visiting a legitimate site.

What to do if you’ve been Scammed
If you’re a victim of an online scam, there are a few measures you can take to protect yourself (and potentially protect others). What you need to do next depends on what type of information you believe the scammer may have on you.

If you purchased something using your credit or debit card from the fraudulent site, the first thing you should do is call your bank or credit card company immediately and report what has happened. They’ll freeze your account and cards so that the fraudster can no longer purchase anything with your details. If you believe the fraudster may also have your personal information, such as your National Insurance number, date of birth, address, and so on, you’ll want to freeze everything so that the fraudster can’t take out any loans or open any accounts in your name.

Once that’s taken care of, file a report with your local police and notify the UK’s National Cyber Security Centre website address: https://report.ncsc.gov.uk To report fraud or cybercrime, please refer to the Action Fraud website at https://www.actionfraud.police.uk/ and report the site to Google.

Phishing: Spot and report scam emails, texts, websites and calls
‘Phishing’ is when criminals use scam emails, text messages or phone calls to trick their victims. The aim is often to make you visit a website, which may download a virus onto your computer or steal bank details or other personal information. The following text explains how to report phishing attempts and protect yourself from scammers.

The steps you should take are set out on the webpage for the National Cyber Security Centre^[5]. Reporting a scam is free and only takes a minute. By reporting phishing attempts, you can:

• reduce the amount of scam communications you receive
• make yourself a harder target for scammers
• protect others from cybercrime online

Picture Credit: “phishing” by Richzendy is licensed under CC

1. At: https://www.moneysavingexpert.com/shopping/stop-scams/ ↑

2. Source: https://websitesetup.org/news/how-many-websites-are-there/ ↑

3. Source: Article by Marshall Gunnell at https://www.howtogeek.com/729972/how-to-spot-a-fraudulent-website/ ↑

4. URL means Unique Resource Locator – it’s the ‘postcode’ for a website. ↑

5. At: https://www.ncsc.gov.uk/collection/phishing-scams/ ↑