Stay safe from scammers

21st October 2020

October is Cybersecurity Awareness Month, and here we take a look at some of the scams and frauds that we’ve seen doing the rounds recently – and at how you can protect yourself.

Have you fallen victim to an email scam? Or did you spot the warning signs? Either way, you’re not alone. More than 1 million reports of scam emails were made to the National Cyber Security Centre just two months after it set up its Suspicious Email Reporting Service earlier this year.

Cryptocurrency scams, which cost the public millions of pounds every year, were the main scam detected, but were also numerous examples of fake online shops and spoofs involving organisations including TV Licensing, HMRC, Gov.uk and the DVLA.

Fraudsters have been quick to take advantage of the COVID-19 pandemic too, whether it’s faking tax refunds or spurious online sales of essential PPE. But the authorities are clamping down hard.

In July, a London scammer was jailed for 30 days. Mohammed Khan, from Camden, had sent 1,000 text messages claiming to be from the authorities, offering refunds to people as part of the government’s response to the pandemic.

He obtained 191 sets of personal details and used 49 for fraud, netting more than £10,000 in the process. One text message read: “UKGOV: You are eligible for a Tax Refund as a result of the COVID-19 pandemic. Please fill out the following form so that we can process your refund.”

The messages contained links to fraudulent websites that looked identical to the real ones. Recipients were told to go to these and enter their personal details, including their name, address, card security number, mother’s maiden name and passwords.

Would you have spotted that this was a scam? Particularly if you had applied for one of the government schemes designed to support self-employed tradespeople during the peak of the pandemic?

The Suspicious Email Reporting Service is part of the Cyber Aware campaign, which promotes protective behaviours to keep your online accounts and your devices as secure as possible. To use the reporting service, just forward suspect emails to report@phishing.gov.uk. If they are found to link to malicious content, it will be taken down or blocked.

Criminals are experts at impersonating trusted organisations and will use a range of methods to approach their victims, including scam emails, telephone calls, fake websites and posts on social media and auction websites, says Action Fraud, the National Fraud and Cybercrime Reporting Centre. Its advice is to always ‘Take Five to Stop Fraud’ – that is, take just five minutes to stop and think before you part with your money:
• Don’t be rushed into making a decision that you later come to regret
• Always Stop, Challenge, Protect, if you’re asked for money or information
• Never click on links or download attachments as criminals may infect your devices with malware or ask you to enter your personal or financial information into fake websites
• Beware of phone calls offering you protective face masks, hand sanitiser, testing kits or medicine
• Check all requests for you to make urgent or immediate payments or amend your bank details to confirm they are genuine before processing them.

Guaranteed contracts
Gas Safe Register is aware of scams that specifically target gas engineers and other tradespeople too. One is the so-called guaranteed contract. Here, a company contacts you, offering you exclusive and substantial guaranteed work in your postcode area. The company, often describing itself as a property maintenance firm, says it’s giving you a contract to provide landlords’ gas safety record checks and maintenance of gas appliances in a postcode area local to you.

It sounds great, doesn’t it? But here’s the catch: you’ll be asked for a fee to secure the ‘exclusive’ contract, usually around £2,000. Or you may be invited to apply through a tender for the work.

However, several gas engineers have contacted Gas Safe Register to say that they have never received any work. Then they can’t get hold of the company to which they have paid their hard-earned money and can’t recoup it. These companies pop up regularly, and change name frequently. Their addresses are often serviced offices and any phone numbers provided are not in service or go through to virtual assistants only.

Remember: If it looks too good to be true, it probably is.

Cookie	Duration	Description
CookieLawInfoConsent	1 year	CookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie.
viewed_cookie_policy	1 year	The GDPR Cookie Consent plugin sets the cookie to store whether or not the user has consented to use cookies. It does not store any personal data.

Cookie	Duration	Description
test_cookie	15 minutes	doubleclick.net sets this cookie to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	YouTube sets this cookie to measure bandwidth, determining whether the user gets the new or old player interface.
YSC	session	Youtube sets this cookie to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the user's video preferences using embedded YouTube videos.
yt-remote-device-id	never	YouTube sets this cookie to store the user's video preferences using embedded YouTube videos.
yt.innertube::nextId	never	YouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	YouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen.

Cookie	Duration	Description
CONSENT	2 years	YouTube sets this cookie via embedded YouTube videos and registers anonymous statistical data.
_ga	1 year 1 month 4 days	Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.
_gat_gtag_UA_*	1 minute	Google Analytics sets this cookie to store a unique user ID.
_ga_*	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.
_gid	1 day	Google Analytics sets this cookie to store information on how visitors use a website while also creating an analytics report of the website's performance. Some of the collected data includes the number of visitors, their source, and the pages they visit anonymously.

Stay safe from scammers

Related Articles

Plumber defrauded customers and claimed he was Gas Safe registered

Police are on the trail of guaranteed contract fraudsters