It’s Day 19 of the CS4FN Christmas Computing Advent Calendar. Every day throughout Advent we’ll be doing our best to publish a computing-themed post that relates to the picture on the advent calendar’s door. If you’d like to judge how well we’ve done please scroll to the end of this post where we have a full list of our attempts on Days 1 to 18.
Yesterday’s picture was a Christmas cracker, so our theme was cyber security (cracking and hacking into computers). We’re staying quite close with that theme with today’s jingle bells – bells also put me in mind of warnings, and today’s post is about computing scams. So keep your bells pealed and your eyes peeled 🙂 Learn about scams and tell other people about them so they can avoid them too.
Fake emails or text messages asking for bank details including passwords is known in the trade as ‘Phishing‘ – it’s an example of social engineering, in which someone tries to manipulate someone else into giving away information. Like fishing the criminals scatter lots of bait and once in a while someone bites on the hook and replies. Criminals have even created fake Internet banking sites, direct copies of the real sites, in an attempt to scam customers’ details. This type of crime would never have been possible before computers. Few criminals would have the ability or funds to build a fake copy of your bank in the high street, but they can write programs to simulate them online.
1. A gift for scammers
Scammers love Christmas. It’s the perfect time of year to try and extract money or information (or both) from frazzled, busy and distracted Christmas shoppers.
“We’re sorry we missed you”
This popular phishing scam will come via text, saying that there’s a problem with delivering your item and you need to pay some small amount of money to rearrange delivery.
In the run up to Christmas so many people are expecting deliveries so this scam is successful because even if only a small percent of people fall for it that’s still a lot of people. The text message will contain a link that looks like it’s for the genuine web address of a delivery company where you might already have an account. But… the link’s taken you to the scammer’s replica website in the hope that you hand over your login information and possibly your bank card details to pay. The scam is quite subtle as once you fill in your details and press send you are then redirected to the genuine company’s website, so it’s easy to miss what’s happened at first.
How to stay safe: were you expecting this text message? If not, be alert. Look at the link carefully – does it seem correct? If it seems fake you can forward the message from any mobile phone to 7226 (which spells SPAM on your keypad). Learn about scams (See further reading) and tell people about them so they know what to watch out for.
See how well you do on Google’s Phishing Quiz (you can make up a fake email address to use) – some are genuine, some are trying to steal information. Can you spot which is which?
• Phishing: Spot and report scam emails, texts, websites and calls, from the National Cyber Security Centre
2. Logging on, to your computer
Some phishing attempts are a bit more involved. You might get a phone call from someone claiming that ‘bad people’ have ‘got into your internet’ and you need to take immediate action to prevent being cut off. Sometimes the scammers pretend to be from a well-known computer company (such as Microsoft) or from the company that provides you with your broadband internet.
Sometimes they’ll try and engage you in conversation – this is ‘social engineering’. This is a to try and gain your trust while keeping you anxious that something has gone wrong and which they are going to help you with. They may even use some tricks to convince you they’re legitimate. If you use a Windows computer they might ask you to open up the Event Viewer and count the errors, suggesting that there’s a problem (in reality it’s all pretty normal and harmless).
The next thing they might want you to do is to download some ‘desktop sharing’ software onto your computer. The software is real enough (and can be used genuinely to help people) but in this case they want to be able to access your computer and cause havoc. What they probably want to do is see if you have online banking (so they can steal your money) or they might delete some important files and say they’ll give them back only if you pay them. Don’t let them in!
How to stay safe: you can just hang up! Definitely don’t download any software, don’t visit any links they suggest you go to and don’t give them any information.
• Remote access scams: the call that could wipe out your life savings (Nov 2020) Which?
• Who scams the scammers? Meet the scambaiters (October 2021) The Observer
3. And you are…?
This ‘friend in need’ scam will likely come via WhatsApp. Someone pretending to be a family member or friend gets in touch claiming they’re contacting you from a new phone after their old one was lost or stolen. They then claim they need money for some urgent reason and ask you to send them some via online banking.
This scam relies on people’s kindness and goodwill, and not wanting to be seen to be stingy or unhelpful, but sadly it causes thousands of pounds to be stolen and it’s often very difficult to recover that money.
How to stay safe: be suspicious. Try and contact your friend / family member in another way to check it’s really them. Or do a bit of social engineering yourself – make up something and ask them about it. Rather than admit they don’t know about it they’ll probably answer ‘yes’ and give themselves away!
• ‘We lost festive savings in family WhatsApp scam’ (11 November 2021) BBC News
• ‘Friend in need’ message scam costs victims almost £50,000 in three months (24 November 2021) Action Fraud
Previous Advent Calendar posts
CS4FN Advent – Day 1 – Woolly jumpers, knitting and coding (1 December 2021)
CS4FN Advent – Day 3 – woolly hat: warming versus cooling (3 December 2021)
CS4FN Advent – Day 11: the proof of the pudding… mathematical proof (11 December 2021)
CS4FN Advent – Day 12: Computer Memory – Molecules and Memristors – (12 December 2021)
CS4FN Advent – Day 15 – a candle: optical fibre, optical illusions (15 December 2021)
CS4FN Advent – Day 17: reindeer and pocket switching (17 December 2021)
CS4FN Advent – Day 18: cracker or hacker? Cyber security(18 December 2021)