The Molesey, Dittons & Hinchley Wood Neighbourhood Watch Group
Total Page:16
File Type:pdf, Size:1020Kb
The Molesey, Dittons & Hinchley Wood Neighbourhood Watch Group Chairman – John Haberfield Contact Tel 0208 398 5256 Email [email protected] SPRING / SUMMER 2015 Special Scams Edition You will no doubt have seen the recent revelations in the press concerning the sale of volumes of individuals’ pension, medical and other personal data. If you weren’t already, this should convince you that there are organisations out there that know a lot about you. Now having your personal data they may attempt to target you to sell you products or services, which may be legitimate or could just be scams; either way, they will be after your money! This just adds to the existing plethora of scams and needs to be treated in the same way. You could be approached to reinvest your pension fund or take out medical insurance, but it could equally be anything else; double glazing, solar panels, security alarms, a damages claim for PPI mis-selling, road accident or medical negligence, or many more. Regardless, however you are contacted (by email, phone, letter, or doorstep caller),and no matter how convincing the approach might seem to be, the safest and most sensible response is to ignore it or just say ‘no thanks, I’m not interested’ and refuse to participate in any further discussion. Delete the email, bin the letter, hang up the phone, or shut the door. Think about it; if you were really interested in what they’re offering, you would have already looked into it yourself; and if you are now interested, do look into it yourself! Do your research; seek quality consumer guidance (e.g. from Citizens Advice Bureau) on the best organisations to provide sound advice, and then shop around and find several options from different providers before making any decisions. And the best option may be ‘do nothing’. John Haberfield Scams in the spotlight (part 1: more in the next newsletter ……) We receive so many notifications of new scams that it’s impossible to pass them all on without overwhelming members with too much information. However, almost every new item is a ‘variation on a theme’ so what this article sets out to do is to outline the basic types of scam, the logic behind them, and hopefully how to spot them and avoid being hoodwinked. One way to categorise scams is by how they are sent to you, i.e. written, by voice or in person. With the first we mean text, either by email (possibly involving a link to the internet) or letter; these can be implemented by criminals with no direct human involvement, and not necessarily even from within the UK, so at very low risk to themselves. By voice, we mean by phone; this requires more time, effort and ingenuity from the criminals as they have to make one-to-one contact and spend time in a conversation with you where you can ask questions and are more likely to recognise the scam. It’s still fairly low risk for them, as they could be phoning from anywhere in the world. Finally, ‘in person’ means someone at your door, attempting to con you face-to-face. This is the most time-consuming and costly for them (it involves travel time and costs) and the most risky – they’ve been seen, can be identified and could be caught. Email scams are the criminals’ favourite; they can target thousands of potential victims with minimal cost and risk, as sending emails costs nothing and they can do this from anywhere in the world. They acquire huge lists of email addresses by buying or stealing them. Each time you provide merchants with your email address and contact details you’re on another list. Merchants sell or share their lists with partner organisations (if you’ve ticked their data privacy boxes allowing them to do so – ‘would you like to receive information from our partners‘ etc.). Criminals exploit weaknesses in network and computer security of suppliers and email service providers to steal customer data lists. They target addresses they’ve acquired with emails designed to trick recipients into unwittingly allowing them access to their PCs, where the criminals can then access emails and contacts to add to their own lists to target or sell on. So, one way or another, it’s very likely that criminal gangs will have your email address and you’ll be a target for their scams. (These methods are also used to obtain addresses to target malicious emails –with viruses etc.) The aim of most email scams is to trick recipients into believing they have received a genuine message from an organisation they trust and to act on the content of the email. Criminals will construct an email with all the look and feel of one from a real organisation, typically a bank, building society, credit card company, on-line supplier, high street chain store, mobile phone company, Post Office, parcel delivery service etc. Take as an example a fake ‘Barclays Bank’ email. This will be sent to thousands of addresses; many recipients won’t have a Barclays account so it should be obvious that there’s something wrong, but some will have and may be fooled. If it’s sent to 10,000 addresses and 5% have a Barclays account, then there are 500 potential victims. If similar messages are sent purporting to come from other high street banks, the hit rate continues to rise. If criminals are successful in convincing recipients the email is genuine, what are they after? With a bank, payment card provider or similar, the most lucrative outcome is to persuade recipients to part with enough information (ID, password, PIN etc) to give them direct access to their accounts. They can then quickly empty accounts or run up huge card bills. They’ll attempt to persuade recipients there’s been a problem (security breach, unauthorised access to their account, etc.) that requires them to follow a link in the email to the bank’s website, where they’ll need to login to deal with the issue. Of course, the bank’s website is fake (probably a good one) and all the login does is provide the criminals with the information they need. Emails allegedly from on-line or high street suppliers are aimed at capturing information to allow criminals to masquerade as recipients, change account details (e.g. delivery address) and order expensive items. These are more risky to the criminals, as they involve delivery addresses where the criminals have to collect delivered goods, which could be watched by the police if the scam has been discovered. Hopefully these examples should persuade you that you should be suspicious of any communication that asks you to provide personal information, to open an attachment to an email, or click on a link to web site. Tips on Email scams Fraudsters will try and fake emails from almost any reputable organisation (recent examples: Adobe and LinkedIn) to trick you into opening an attachment or following an internet link, which will infect your PC with software to capture personal data such as bank account or credit card details, IDs and passwords. NOTE: Never open the attachments or click on the links. If you are uncertain whether the emails are genuine, don’t use any information in the email; check elsewhere for the organisations genuine phone number or web site and call or log in there. It’s the start of a new tax year. Watch out for emails from HMRC; one offering a tax rebate for which you need to provide your bank account details including password, another telling you you’re made a mistake on your self-assessment form, which will require a copy of your passport to confirm your identity. NOTE: Never respond to these emails! If in doubt, look up the real HMRC phone number and call them. Tips on telephone scams Fraudsters may try to convince you they’re a genuine organisation e.g. the police, or a fraud department of a bank, credit card company etc. They’ll already know many of your personal details. They’ll spin a story to persuade you something fraudulent has occurred with your account and to prevent it, or to protect your money, you need to allow them to access your account on-line, or handover your PIN numbers and bank cards to a courier, or transfer your funds to a ‘safe’ account etc. To prove they’re ‘genuine’ they may ask you to phone the police, or your bank or the fraud number on the back of your card to confirm. NOTE: Real banks etc. will not call you like this. They will not ask you for account details or PIN numbers. The criminals will not hang up when you end their call to phone for confirmation, so it will still be them pretending when you make that call. (If you really want to make that call, make another call first – to a friend, the speaking clock, anything to ensure they are no longer on the line). Have you received a call from Microsoft (or one of their approved partners), who have identified that your PC is running slow because it has been infected with a virus and you need to give them access so they can correct it? How do you tell if this is genuine? NOTE: It’s simple. It’s a scam. Neither Microsoft nor any of its partners will EVER phone you. What’s more, nobody can tell how your PC is performing, or if you’ve even got a PC.