Scammers have one goal: to get their hands on your cash. This might seem obvious, but it’s worth keeping in mind – today’s sophisticated operators use proven techniques taken from behaviourial psychology to trick you into handing over information, typically by:
- Trying to gain trust, often claiming to be from an organisation you know, such as your phone provider.
- Leading you into responding by clicking a link, replying to a text or calling a number.
- Appealing to your emotions.
- Creating a sense of urgency.
Fraud can present itself under many guises and with scams becoming more sophisticated, it’s important to stay alert and familiarise yourself with the tactics used.
You may know some of the things to watch out for when it comes to fraud, but everybody can still be caught out.
Scams come in all shapes and sizes but always look for these very common signs:
Look out for bad grammar and sentences that don’t make sense. Communications that are poorly written are a sign that it’s fraudulent.
Most reputable companies will address you by your real name. Suspicious communications may start with ‘Dear (your email address)’ or ‘Dear Sir’.
Requests for personal information
If you are suspicious of a communication, don’t click on any links, give any details or engage in any way. Check with the company in question to verify the communication, but contact them using a different method than on the communication.
Email Account Security Tips
- Use a strong password. Create a password with upper and lower case letters, numbers and special characters such as #, ! &, and %. Don’t use your first or last name as part of your password, or a phrase that is easy to guess.
- Protect your address and password. Your email ID and password are your confidential information. Don’t tell anyone your password or give them a clue to your password. Do not keep a copy of your email details on the internet or on your system.
- Use the second sign-in verification option. If available from your email provider, this option looks for suspicious sign-in attempts from a new browser other than the one that you originally used to enable this option. If there is a suspicious attempt, you will need to enter a verification code that will be sent to your mobile phone or will need to answer two security questions that you established as part of the process. If you weren’t trying to access your account and you receive the code, you’ll also know that someone was trying to access your account.
- Don’t click on links in an unsolicited email. Legitimate companies never send an email asking you to reset your password or ask you to provide personal information by clicking on a link. If you receive an unsolicited email asking you to click on a link, don’t. Instead, go to the company’s website by typing in the URL to access your account.
- Protect your computer. Install a good anti-spyware program and update it regularly.
- Take caution with public computers and Wi-Fi. If possible, avoid using public computers to access anything sensitive, such as conducting online banking, making purchases, or accessing email accounts. These computers could potentially have malware that is designed to capture the information you have entered. Avoid these same activities when using a public Wi-Fi connection as the information can easily be captured by criminals on the same connection, a VPN is recommended to ensure an encrypted Internet connection is used whenever you go online.
Signs that your email may have been hacked:
- Your inbox is full of Mailer-Daemon rejection notices.
- Your contacts are getting mail from you that you did not send.
- There are outgoing messages in your Sent, Drafts or Outbox folder that you didn’t send or create.
- Your Address Book contacts have been erased or there are contacts that you did not add.
- Emails you try to send are suddenly getting refused and returned to you.
- You keep getting disconnected when you’re signed into your account.
- You are not getting new mail, or your new mail is going straight into your Saved Instant Messages (IMs) folder.
Advice on recovering your email after you’ve been hacked:
Step 1: Change your password
If you’re able to log into your account (some hackers forget to change your password), then do so, and change your password immediately using strong password guidance.
Step 2: Regain control of your account(s)
If you’re unable to access your account, follow the directions on the email site help centre. Remember to change your security answer questions once you have regained control as the hacker may have noted this information.
Step 3: Report it
Report it to your email provider immediately.
You can also forward any suspicious emails to the Suspicious Email Reporting Service (SERS) at email@example.com. The National Cyber Security Centre (NCSC) will analyse the suspect email and any websites it links to. They’ll also use any additional information you’ve provided to look for and monitor suspicious activity. Your report of a phishing email will help Action Fraud (the UK’s national reporting centre for fraud and cybercrime) act quickly, protecting many more people from being affected.
Step 4: Communicate with your audience
Notify all of your email contacts so they can protect themselves. If emails were sent to your contacts by the hacker, send out an apology to any contacts who might have been the victim of your email hack. Explain what happened and advise your contacts that emails sent from your address might contain dangerous software so that they can protect their computers.
Other things to consider:
- Scan your computer with an updated anti-virus program. It is possible that a Trojan, which runs in the background of your computer systems, was slipped in when your email account was compromised. Hackers can obtain your passwords or gain access to personal information through the Trojans.
- Run your antivirus program. Remove any viruses, spyware, or malware that is identified. If you don’t have an up-to-date antivirus program, we recommend that you install one immediately.
- Review your internal email settings. Check for forwarding email addresses and delete any addresses that are not yours.
- Check for a signature. This is personalised text that is automatically inserted at the bottom of every message you send – delete if it’s not yours.
- Review your email folders for any data exposure. Check all folders for emails that may contain personal or account information. If you find any, immediately change the user id and passwords and contact a fraud specialist for further guidance.
- Change your password. On all accounts that you used the same hacked password on, change your password. Remember to check:
- Other email accounts
- Financial accounts
- Online merchant accounts
- Social media accounts
Computer/Laptop Security Tips
When it comes to general computer safety:
- Use a strong password. Create a strong and unique password with upper and lower case letters, numbers and special characters such as #, ! &, and %. Don’t use your first or last name as part of your password, or a phrase that is easy to guess. Whenever possible, use some form of two-factor authentication.
- Check your wireless network settings. Set wireless networks to “no broadcast” and password-protect them.
- Install anti-virus and anti-malware programs. There are several free options for personal use from companies, often your broadband provider will supply one as part of your package.
- Turn on your firewall. This will prevent intruders from entering your system via the Internet.
- Turn on automatic updates. This will make sure you have the latest software patches for your operating system and web browser, which are usually published to fix known bugs and security flaws.
- Update security programs. Viruses destroy your data and malware will steal your personal information. Programs such as anti-virus and anti-malware, used alongside firewalls, will help to protect your computer.
- Update all third-party programs. This includes Microsoft Office, Adobe products and browsers such as Firefox, Chrome and Safari. Hackers often target third-party applications with known vulnerabilities.
- Store any personal files and data backups securely. Be sure to turn on all security settings built into your computer, and password-protect your computer and files with sensitive personal or account data.
- Encrypt your hard drive. If sensitive information is stored on your hard drive, you can protect it with encryption and by regularly backing up your data to a separate disk and, where possible, to a remote site or facility. Remember what your keyword is and store it in a separate location.
- Remove storage drives. Before disposing of your computer, remove all storage drives. Do not rely on the “delete” or trash function to remove files containing sensitive information.
Mobile Phone Security Tips
Mobile phones are no longer just telephones, they are integral to many of our day to day activities. Once a criminal gets access to your phone, your identity and privacy can be compromised without you even knowing about it.
- Password-protect your mobile device and voicemail with a PIN. Make the password strong and hard to guess by using numbers, upper and lower case letters, and at least one symbol.
- Memorise your PIN. Don’t record it on anything you carry with you. Change your PIN periodically.
- Use ‘strong’ PINs that are hard to guess. These will have numbers, upper and lower-case letters, and at least one symbol. For example, “3Dog$” is better than “1006.” You may be limited in PIN selection by the type of phone that you use but do the best you can to create a strong PIN.
- Never use an obvious PIN (or password). Your date of birth, your middle name or anything else can be easily accessed via other sources.
- Enable screen locking. Arrange phone settings so the screen locks after a short period of inactivity and a password is required to wake up your phone after an inactive period. Use a password that’s different from your others (cash machine, email accounts, online bill-paying accounts).
- Download anti-virus software and enable firewall protection. Make sure to update it regularly.
- Encrypt smartphones. If used for sensitive business communications, activate a timeout password, install an updated anti-malware program and ensure that you have an on-device personal firewall.
- Be wary of what you open. Don’t open unfamiliar attachments, emails or text messages from unknown sources as they’re likely to be harmful.
- Think about what you’re downloading. Many apps come with spyware or other malicious software. Consider using a more secure computer for sensitive tasks such as online banking.
- Data-wipe. Use programs to destroy a device’s data if the password is entered incorrectly a certain number of times – say 10. Take advantage of software that locks the phone or erases the data remotely if the phone is lost or stolen.
- Delete data. Delete voice and text messages with financial or personal information. Before throwing away or recycling a mobile device, delete the information on it.
- Make a list. Get out the pen and paper and make a list of everything you access on your smartphone—all the accounts and documents (or types of documents) it can access. This will make it easier to identify areas which could be at risk.
E-Commerce Security Tips
Buying through scam sites could lead not only to orders never appearing, but payment details being taken fraudulently.
- Beware of ‘unpaid shipping’ scams. These are messages claiming to be from delivery companies like DPD or Royal Mail, telling you there’s a small fee which needs to be paid to release a delivery. Clicking the link takes you to a bogus site, intending to harvest your information.
- Check the URL – The URL is the website address displayed in the browser. This can often give clues as to whether a website is legitimate. Sites such as ‘apple.com’ are legitimate, whereas variations such as ‘appledeals.net’ may not be. You can check if a URL is safe by searching ‘Google Transparency report’ online.
- Only use secure sites – Make sure that the websites you use have the padlock symbol in the browser address, as these will keep your data encrypted.
- Pay through a trusted third party – If you want to use a site which isn’t a well-known, trusted brand, avoid giving them your payment details directly. Use a trusted payment handler such as PayPal or WorldPay when you check out, if you can.
- Stay email alert – Before engaging with emails asking you to do something, check the sender matches the company’s website address. Be especially wary of emails requesting personal information, or that you change your password or payment details.
- Even if the email seems legitimate, you’ll be better off going directly to the company website, rather than clicking on the link.
- Don’t pay by bank transfer – When buying online, never be persuaded to make a direct payment into a bank account. Making credit or debit card payments comes with certain consumer protections, whereas bank transfers will not.
- Be smart about app downloads – Only use shopping apps downloaded from official sources, be cautious about what you are downloading and pay attention to details. Scammers can take advantage of people signing up for subscriptions by luring them into a short-lived free trial that then converts into an expensive, recurring expense. Also, make sure you are carefully reading what the app can access. Do you really need to give a shopping app access to your list of contacts?
- Take caution buying through ads and offers – Before you think of making a purchase through an advert on Instagram or Facebook, or even downloading a voucher, perform an Internet search about the ad you received for words like “complaint” or “reviews” and you may uncover a scam related to the promotional offer.
- If an item is significantly cheaper than through other sellers, approach with caution. Do you know the website? Is it a trusted retailer? Did you find it via an unsolicited link?
- A fraudster may set up a website designed to look like a legitimate seller, but with no plans to ship you any goods you may buy. Before purchasing from any seller, research them online for any scam reports. Duplicate favourable reviews found on different sites are a red flag of false product promises.
- Keep in mind that, much like investment opportunities, if something appears too good to be true, it likely is. This should always be in your mind.