Internet scams and how to avoid them

1. What techniques do scammers use to fool you?

While computer scams use technology, they actually work using many of the same techniques as real-world scams. We call this ‘social engineering’ – the scammers manipulate how people typically think and behave to get us to divulge sensitive information or hand out money or give them access to computers or data that they shouldn’t have access to. 

For instance, you might get fraudulent emails claiming to come from your bank, which direct you to a website where you’ll enter your online banking credentials.

Or you might get a call from someone offering to fix a security problem on your computer when they really want you to install software they can use to steal your most sensitive data. Scammers will pretend that they’re protecting you, or doing you a favour, and even promise amazing offers that will save you money. All the time, they’re trying to pressure you, or even frighten you into doing what they want.

Often, they will apply time pressure; act quickly to stay safe, avoid missing out on a good deal etc. 

2. What are scammers looking for?

Most scams are financially motivated, although some are more overt than others. The scammers may want you to pay for an unnecessary product or service, or ask you to invest in something dubious. Many, though, are aimed at extracting information for financial gain, specifically any credentials you use when logging onto online banking or shopping with a credit card, or any information they can use to access your email or any online accounts.

In some cases, they want information they can use to impersonate you and sign up for loans or credit cards in your name. Impersonation fraud shot up by 84% in the first half of 2020, according to one report.

It’s not just the obvious stuff that should concern you. Even an innocuous quiz on a social media site can be used to get information – like your first pet, your first school or your date of birth – that could be used elsewhere to answer, say, a security question protecting your online banking. The increasing prevalence of biometrics means that there's been a rise in social media quizzes trying to get you to share pictures of yourself - not as innocent as you might think. 

3. How to spot a scam

In a minute we’ll run through the major types of scam, with the warning signs you should look out for. But while the main techniques the fraudsters use don’t change that much, the scams themselves keep evolving. 

Sometimes scams are cyclical, so you’ll get see emails from the HMRC appearing at the end of the tax year, or parcel delivery scams in the run-up to Christmas, which target people hoping to send presents through an online service. The Black Friday sales have also become a focal point for fraudsters operating fake online stores.

In other cases, scammers take advantage of real-world events.

The Covid-19 pandemic inspired a wave of fake emails and phone calls appearing to come from the government, the NHS, the HMRC or the Track and Trace programme, but which are phishing attempts (see below) or attempts to infect you with malware.

Other scams are just a case of the scammer trying something that they hope will affect a wide group of people, which is why so many use the TV license, BT Broadband services or a problem with your Windows laptop. You might even get messages about renewing an Amazon Prime account.

The scammers don’t actually know whether you use the products or services mentioned, but they know that enough people do that it’s worth a try.

4. Why is this scam targetting me?

These scams aren’t personal, and they’re usually designed to work across a wide range of people in the hope that even a few of us will get caught. However, some people are more vulnerable than others, and scammers love to prey on older people who may be lonely or less confident with technology, or who may have age-related conditions.

They will work hard to confuse and apply pressure to people who might not immediately spot the scam, or who might need support and advice before they say ‘no.’

The best weapon against them is to pause and take stock, as outlined by the campaign Take Five. Stop and ask yourself:

• Have you been contacted out of the blue? 
• Have you been asked to share personal details – especially unnecessary details? A
• re you being asked to install software or provide access to a computer, phone or tablet, or an online service or account?
• Does the person you are dealing with have all the information that a real representative of a company or organization would?
• Are they asking you to do something urgently or not mention what’s happening to your friends, your family or your bank?

If something seems suspicious, it probably is, so don’t get railroaded into moving forward.

For more detailed information about online banking and shopping, there are some great resources at https://getsafeonline.org/ and https://www.moneyadviceservice.org.uk/en/articles/beginners-guide-to-online-banking. 

5. What are some common types of scam?

There are a variety of different scams. Here, we explain some common types and warning signs you should look out for.

6. What are phishing scams

Phishing scams are designed to trick you into supplying passwords or personal information, usually through an email or website that claims to be from a company you do business with, or otherwise a government organization or charity.

This will look like the real deal, complete with logos, brand colours and appropriate images, and in it, you’ll be urged to sign onto a website, click on a link or enter information into a form.

But when you follow the instructions, you’ll actually be providing the scammer with the information they need to access more personal information, steal your identity or extract cash from your bank account. In some cases, a link in a phishing email or website could even install malware on your laptop or PC.

How can I spot a phishing scam?

There are nearly always tell-tale signs that you’re looking at a phishing attempt.

• Check who the email has been sent to. Is it just you or has it been mailed to several recipients or even ‘undisclosed recipients?’
• Do they call you by your name or include any details that might confirm that they have an existing relationship with you?
• Spelling mistakes or bad grammar are another frequent giveaways, and look out for any requests that go above and beyond what the real organization might ask for. Would, for instance, your bank expect you to enter your account number and log-in details into a website other than the one you ordinarily use for online banking?

One other way to check is to hover your cursor – and not click – over any links in the email or on the website. Look down in the bottom-left corner of your browser as you do so, and you’ll see the full address of the website that the link will take you to. Does this match the real website of the organization, or does it link somewhere else?

Check carefully, as sometimes scammers will buy a Web domain name that’s very close to an organization’s real address, in the hope that users won’t spot the difference.

What should I do if I receive a phishing email?

• If you get a phishing email, delete it immediately and make sure that you don’t reply or click on any links. You can also forward any suspicious emails to the National Cyber Security Centre’s Suspicious Email Reporting Service (SERS) at report@phishing.gov.uk. This can help them act on the phishing attacks and stop more people from being affected.

• If you end up on a phishing website, close down your browser and – for safety – run an anti-virus scan. 

• If you feel that you’ve been tricked into providing credit card or bank details, or that your account has been hacked, contact your bank immediately and explain the situation.

7. Email Spoofing

Email spoofing is really a variation on the normal email phishing scams. Still, with one big difference: the senders' name and email address are forged to make the email look like it comes from the real person or organization. The idea and objectives are much the same, but because it seems to come directly from the organization – or from someone you know – you’re more likely to believe it.

How do I spot a spoof email?

Spoof emails can be hard to spot – at least without checking the technical information embedded in the email. But look for the same telltale signs we picked out for other phishing emails. As there, hover over any links before you click. 

What should I do if I receive a spoof email?

• If you’re concerned about a suspicious email – even it comes from what looks like the right address - contact the person or company concerned through another channel, like an official phone number or email address published on their normal website. Also, think about forwarding it to the Suspicious Email Reporting Service we talked about earlier at report@phishing.gov.uk.

8. Social Media Scams

Social media and messaging apps, such as Facebook or WhatsApp, are as popular with scammers as they are with everyone else.

One favourite option is to promise special offers or vouchers in return for clicking on a link or filling out a survey.

Fraudulent app downloads might install malware, or a harmless-looking quiz might be used to harvest personal information, like your first pet, home address or date-of-birth. This might not seem important until you realise that the same information is often used in security questions for banking and other financial services.

If you want to know more about social media fraud, there’s an excellent explainer at https://www.experian.co.uk/consumer/identity/guides/social-media-fraud.html. 

What are the warning signs of a social media scam?

As always, there are some warning signs to look for. Is there an established brand or company involved, or a new and unfamiliar name?

Does the social media account match the one used normally by the brand – it’s usually listed on its website – or does it belong to someone outside the organization?

If a friend seems to be sharing lots of unusual messages at once or promotion is spreading through a group you belong to, it might be worth checking to see whether other people you know have shared or reposted a post knowingly, or if someone has hacked their account. Message them to check, but don’t let your guard down completely. They might have fallen victim to a scam themselves.

How can I avoid social media scams?

• If you’re concerned about a message or promotion on social media, you can always reach out to the organization or company through their official social media accounts or email.
• Don’t click on links in the post or message, as these will send you to the scammer, not the brand. 
• If in doubt, ignore the post or message or report it to the social media service. Facebook, for example, has a Report Post feature. Click on the three dots in the top-right corner of a post and select Find support or report post.

9. Fake News

Fake News is everywhere on social media, and too many people see it and pass it on believing that it’s true, even though facts are distorted, statements misreported and photos and videos edited to fit an agenda. By spreading these posts, you become part of the problem, helping false facts to spread to others.

The posters might be political activists or even paid employees of a ‘troll factory,’ where people are paid to spread propaganda or false information.

They want to spread the fake reports to affect public opinion – or even simply sow confusion so that people don’t know what’s true and what’s not.

How can you spot fake news?

Sadly, there’s no easy and immediate way to spot fake news, but you can use your own judgement. Look at the original source.

Is it a credible news organization or a group with a specific political bent? Do a quick Web search to see if you can find out. You can also see if the same news is being reported by familiar sources, like a newspaper or the BBC, and if the details line-up or are being misrepresented.

For instance, double-check any quotes. Has the person quoted ever actually said what’s listed? And while it’s always tempting to believe that some stories are too ‘hot’ for the mainstream media or that the established sources are biased, the truth is often that the story doesn’t hold up when subjected to any serious scrutiny.

What can you do if you see fake news?

If you start receiving fake news, the most important thing is not to share it, like it or spread it forwards. You can always comment on it and bring the news and the source into question, but the sad fact is that this often just causes an argument rather than discrediting the fake news story.

10. Remote access software scams

Over the last few years, there’s been an explosion in remote access software scams. It's import to recognise that despite the increase in scams taking advantage, there is nothing inherently wrong with remote access software. AbilityNet volunteers, for example, use TeamViewer to access your computer and help resolve technical issues.

• Find out how we have helped people during the pandemic using Remote access software.

Nonetheless, scammers have jumped on this software as a way of exploiting vulnerable people ActionFraud received nearly 15,000 reports between October 2019 and September 2020.

How does a remote access scam work?

First, you’re contacted by phone, email or a pop-up on a website, which suggests that there’s something wrong with your computer.

The scammer will often claim to be calling from a legitimate company, such as Microsoft, and they may try to frighten you with news that your computer has a virus. They’ll then suggest that you install remote access software so that they can investigate your computer and fix any problems. 

However, the real problem will be that they’ll find and copy any personal data that they find, then potentially install malware of their own.

At the least, they’ll try to charge you hundreds of pounds to sign up for a bogus computer protection service.

This is actually an easy scam to spot in that no legitimate technology company works in this way. Neither BT nor Microsoft, for example, will contact you to inform you of a virus or a problem on your computer, then offer to fix it over the Internet. Also, ask yourself if you’ve been experiencing any problems. If you haven’t noticed anything, why would anything be wrong?

How can I avoid a remote access scam?

In the case of AbilityNet, we won't cold call you but will only respond to calls to our helpline. If you're at all worried, hang up and call our Helpline on 0800 048 7642. If you're not comfortable installing the software, we can find other ways to help you.

Don’t get talked into installing any software by unsolicited cold callers. 

11. Viruses and spyware

Viruses, Malware and Spyware, can all affect your PC, but how do they fit in with scams?

Well, while some malware is purely designed to destroy files and data or stop your PC working properly, other forms are built to pave the way for further infections, giving cyber-criminals access to your computer. Some work quietly in the background, sending information back to hackers, including personal data, screenshots and even audio and video streams.

This again gives cybercriminals material they can use to access your bank accounts or online services, or spy on you in the hope of getting something valuable.

What’s more, there’s now an increasing problem with ransomware. Ransomware usually encrypts the data on your computer and threatens to destroy it unless you pay the people who released it a fee. You might also get told that the hackers have found sensitive information – or even illegal material – and that they’ll spread the news to your contacts or the authorities unless you pay.

It’s worth finding out more about ransomware at https://www.actionfraud.police.uk/campaign/ransomaware. 

How to spot the signs of malware?

With ransomware, it’s obvious when you’ve been infected, but that’s not always the case with other forms of malware. Signs to look out for include a PC that’s running slower than it should be or a particularly bad Internet connection for no good reason. If apps and programs keep crashing, this can be another telltale sign. 

How can I protect against malware, spyware and viruses?

• Your best defence against viruses and spyware is not to get infected in the first place. Ensure that you have anti-virus software installed and running on your PC, and back it up with another package that can run periodic checks on demand. This gives you a second line of defence. You can find a good comparison of different anti-virus packages at https://www.techradar.com/uk/best/best-antivirus.

• We’d recommend putting together a software toolkit to help keep your PC and your online identity safe. LastPass and BitWarden are both great, free password managers that you can use to track your passwords and avoid using weak examples. P

Privacy Badger is a useful tool that can help you block the invisible trackers that some organizations use to spy on what you do online.

• If you believe you are infected, run a virus scan on your PC, selecting the deep virus scan option if one is available. Running a scan with a package like the free Malwarebytes can also help you track down Internet nasties that your usual package might miss. You can download it free at www.malwarebytes.com/mwb-download/

• As for ransomware, the key thing is not to pay. If you’re lucky, you can restart your PC in a safe mode, then run an anti-virus package like Malwarebytes to detect the virus and remove it. If that doesn’t work, there’s another option. If you keep a regular backup of the data on your PC you have other options; you can reinstall your computer’s operating system then restore the backup and carry on. If you’re at risk of losing something important, there are often decryptors for the most common forms of ransomware, which can decrypt your data and get it back.

You can find some of these at www.nomoreransom.org.