October is Cybersecurity Awareness Month, and here we take a look at some of the scams and frauds that we’ve seen doing the rounds recently – and at how you can protect yourself.
Have you fallen victim to an email scam? Or did you spot the warning signs? Either way, you’re not alone. More than 1 million reports of scam emails were made to the National Cyber Security Centre just two months after it set up its Suspicious Email Reporting Service earlier this year.
Cryptocurrency scams, which cost the public millions of pounds every year, were the main scam detected, but were also numerous examples of fake online shops and spoofs involving organisations including TV Licensing, HMRC, Gov.uk and the DVLA.
Fraudsters have been quick to take advantage of the COVID-19 pandemic too, whether it’s faking tax refunds or spurious online sales of essential PPE. But the authorities are clamping down hard.
In July, a London scammer was jailed for 30 days. Mohammed Khan, from Camden, had sent 1,000 text messages claiming to be from the authorities, offering refunds to people as part of the government’s response to the pandemic.
He obtained 191 sets of personal details and used 49 for fraud, netting more than £10,000 in the process. One text message read: “UKGOV: You are eligible for a Tax Refund as a result of the COVID-19 pandemic. Please fill out the following form so that we can process your refund.”
The messages contained links to fraudulent websites that looked identical to the real ones. Recipients were told to go to these and enter their personal details, including their name, address, card security number, mother’s maiden name and passwords.
Would you have spotted that this was a scam? Particularly if you had applied for one of the government schemes designed to support self-employed tradespeople during the peak of the pandemic?
The Suspicious Email Reporting Service is part of the Cyber Aware campaign, which promotes protective behaviours to keep your online accounts and your devices as secure as possible. To use the reporting service, just forward suspect emails to firstname.lastname@example.org. If they are found to link to malicious content, it will be taken down or blocked.
Criminals are experts at impersonating trusted organisations and will use a range of methods to approach their victims, including scam emails, telephone calls, fake websites and posts on social media and auction websites, says Action Fraud, the National Fraud and Cybercrime Reporting Centre. Its advice is to always ‘Take Five to Stop Fraud’ – that is, take just five minutes to stop and think before you part with your money:
• Don’t be rushed into making a decision that you later come to regret
• Always Stop, Challenge, Protect, if you’re asked for money or information
• Never click on links or download attachments as criminals may infect your devices with malware or ask you to enter your personal or financial information into fake websites
• Beware of phone calls offering you protective face masks, hand sanitiser, testing kits or medicine
• Check all requests for you to make urgent or immediate payments or amend your bank details to confirm they are genuine before processing them.
Gas Safe Register is aware of scams that specifically target gas engineers and other tradespeople too. One is the so-called guaranteed contract. Here, a company contacts you, offering you exclusive and substantial guaranteed work in your postcode area. The company, often describing itself as a property maintenance firm, says it’s giving you a contract to provide landlords’ gas safety record checks and maintenance of gas appliances in a postcode area local to you.
It sounds great, doesn’t it? But here’s the catch: you’ll be asked for a fee to secure the ‘exclusive’ contract, usually around £2,000. Or you may be invited to apply through a tender for the work.
However, several gas engineers have contacted Gas Safe Register to say that they have never received any work. Then they can’t get hold of the company to which they have paid their hard-earned money and can’t recoup it. These companies pop up regularly, and change name frequently. Their addresses are often serviced offices and any phone numbers provided are not in service or go through to virtual assistants only.
Remember: If it looks too good to be true, it probably is.