“Good Morning. This is Ryan calling from BT. We’ve detected a problem with your internet.”
While this might seem like a harmless phone call, it can often be the beginning of a data scam.
If you’re on your guard it’s likely, you’ll realise that something isn’t quite right. But catch you when you’re busy, tired or otherwise out of sorts and it’s all too easy to fall prey to a scammer.
If you see them coming you won’t be fooled potentially saving you money, time and a lot of hassle. Not to mention avoiding egg on your face. In this directory, we provide a rundown of the scams to look out for in 2018 and how to spot them.
Remember – Microsoft have bigger fish to fry
The scam: Microsoft phone you to tell you that there’s a problem with your PC. They then ask you for a credit card payment to fix the issue taking money for nothing as there’s no problem with your computer at all.
Alternatively, the scammer might ask you to install software on your computer by following their instructions. This is to help you resolve the supposed problem with your computer. But what they’re really doing is getting you to add code to your system that will spy on your activities and steal personal information, credit card and login details.
The tell: Microsoft will never call you up out of the blue; you always need to call them yourself. The same goes for other IT service providers like printer manufacturers and internet providers.
As the Internet of Things expands, this scam is likely to increase as more electronics become connected, often with poor cyber security.
Social media scandal
The scam: Facebook quiz posts that scrape your data. Unless you’ve been on a very long holiday away from the internet, you can’t have missed the security risks posed by social media platforms.
Quizzes in particular seem to be a preferred way for fraudsters to get hold of your personal data. The answers are used by hackers and scammers to get hold of your personal details, so they can reset your password and access your account.
The tell: Think about the questions you’re being asked, like your first pet’s name or your first school. If they seem strangely similar to the questions that form part of the security checks for your online bank or other personal accounts, beware.
Don’t trust your ‘Friends’
The scam: Cyber attackers send messages that appear to have been sent by one of your friends. When opened, the message gives hackers the ability to change privacy settings on your device, steal data and spread viruses via your Facebook account.
The tell: As in the image below – taken from a real hacking attempt – there are some signs to look out for. Poor spelling and grammar is one: in this case they ask if ‘you have heard about the IFC grant program going around too’ which isn’t grammatically correct and has a double space between two of the words.
Earlier in this message chain, the scammers also took some time to respond and asked how the user was more than once. Most friends won’t ask if you’re ok three times in a row so odd behaviour like this is a clue that something’s not right.
Phishing for bank details
The scam: You receive an email from someone saying that an invoice needs paying urgently complete with bank details, so you can make “IMMEDIATE payment”. In this case the fraudster is playing on our tendency to panic if we think we owe someone money.
The tell: Check the sender. Sometimes emails are masked to appear as if they come from a genuine sender. But there are ways to tell whether they are genuine or not.
For example, an email with a sender address of <firstname.lastname@example.org> followed by <email@example.com> is clearly not quite right. You can also click on the email address to see if any other details are revealed that don’t marry up.
The other major giveaway? Poor use of English.
The scam: Another email swindle but this time you’ve won an Amazon gift card. The aim is to get ‘winners’ to complete a survey that asks them to provide their personal details. Supposed winners fell prey to this fraud towards the end of 2017 but it’s rearing its ugly head again.
The tell: Amazon don’t run this kind of competition, so you can ignore any such emails. Or take the steps outlined in the point above to check the sender.
It’s also worth paying attention to the quality of the logos and graphics used in the email. Fraudulent communications often use a poor copy of the company’s branding, so it looks a little off if you take the time to assess it carefully.
You need to verify your account
The scam: Your bank, PayPal or another big brand drops you an email to let you know they need to verify some account details with you. There’s always some sort of urgency to create a sense of panic in the hope that you’ll let your guard fall.
The verification link contained in the email leads to an online form designed to steal your personal information.
The tell: Again, check the email address to ensure it’s trustworthy. But be aware that since changes to Generic Top Level Domains (GTLDs), new website endings – like .club and .guru – have become available.
This means email addresses can be set up with these new endings making an email address sound more trustworthy than it is. For example, an email from an account ending PayPal.updates could seem aboveboard.
If you’re unsure, go to the website of the firm the email purports to be from and check out their guidance. PayPal has a whole web page dedicated to helping its customers tell whether an email is genuinely from them or not.
It’s also worth being aware that scammers often tap into major trends like the FIFA World Cup or Bitcoin as they know people are interested in these subjects and will be more likely to open content and take action.
Attachments that come as an added cost
The scam: An oldie but a not-so-goodie. You receive an email with an attachment that, unbeknown to you, contains malware or spyware. Once you open the attachment, it triggers malicious code which will:
- Lock down your files and display a message demanding payment, usually in untraceable Bitcoin, to unlock them
- Install itself on your computer so it can spy on your activities and steal your data
Gangs of hackers often target large numbers of people so entire organisations can be impacted. Depending on your network and security arrangements, the ransomware or spyware can spread across your whole business bringing operations to a standstill.
It’s also becoming increasingly common for websites to contain fake advertising banners or text advertisements that link back to a malicious URL.
The tell: Don’t recognise the sender? Don’t open the email.
If you do and you become infected you’ll usually find out pretty quickly as the scammers will set up an alarming message on your desktop background with instructions on how to pay to unlock your files. Often, the program warns you that there’s a countdown at which point the ransom will increase or you will not be able to decrypt your files.
In other cases a window will open to a ransomware program and you’ll find that you can’t close it. Or you might notice your device contains files with names such as HOW TO DECRYPT FILES.TXT or DECRYPT_INSTRUCTIONS.HTML.
The first thing to do in this situation is disconnect from any network and turn off wifi or bluetooth. Then get in touch with your IT support provider immediately.
For true peace of mind, ensure you have advanced cyber security measures in place and back your systems up in the cloud. This should prevent attacks from happening and enable you to recover quickly if they do take place.
The scam: With the increasing move to digital tech more people have their personal details saved in online wallets. In some instances, convenience has trumped security making them ripe for the picking and another place for criminals to target with malware.
The tell: Like the Artful Dodger, online pickpockets are sneaky so you won’t know your pocket’s been picked until it’s too late. In fact, you’ll probably only find out when you try to buy something that your bank account has been drained.
Using well-known providers, like Apple Pay and Google Wallet mean you’re likely to be better protected in comparison to using lesser known sites. Again, installing sufficient IT security measures will help keep you safe too.
The hardware devices that sniff out your keystrokes
The scam: Criminals place keyloggers near your device to find out which keystrokes you’re making. This helps them work out usernames, passwords and other personal details.
The threat also comes from hardware that can do this wirelessly. One example is by capturing data typed into a wireless keyboard that connects via USB to your device.
The tell: Wireless keyboard risks are mostly associated with Microsoft keyboards so avoiding that brand is a good way forward. As is ensuring you have high quality anti-virus and anti-malware solutions protecting your technology.
Your phone is leaking personal data
The scam: Mobile phones that use Near-field Communication (NFC) – a form of contactless communication between devices – enables hackers to upload malware.
Often used by bumping devices, the technology relies on trust between owners. However, an accidental contact in the street with an unscrupulous scammer can result in malware being installed on your phone or tablet.
The tell: Again, this is a difficult one to detect unless you have anti-malware software installed. Indicators can include not being able to open files, receiving error messages about corrupt files or you may notice files with the wrong extension.
Disabling NFC and going back to more secure methods of transferring data is one option. Installing good cyber security software is another: it will identify threats, neutralise and report on them so the first thing you know about is an avoided scam.
Protect your business
Knowing what to look for and how to avoid it is all well and good. But real peace of mind comes from having the right security protocols and software in place. Particularly when you know that the average cost of a cyber security breach to a small business is £75k – £311k.
Strong security means installing the right combination of software on your devices and networks. But it also means backing up your systems, data and software so that you can continue with as little downtime as possible.
A combination of physical server plus cloud based technology is the best combination to ensure you don’t fall foul of 2018’s scams.
This article was written by Barry Lowe, Founder and Managing Director of San-iT a specialist in Cyber Security.