its_a_scam_750px

Scams and Phishing: Keeping your data safe

In this post, we wanted to touch base on a topic which seems to be always increasing. Scams!

Pretty much every where you look someone has either had a dodgy phone call or an email to say their account has been compromised. Even as I’m writing this post I had received a phone call to say my National Insurance number has been compromised and I need to “clarify” my details.

This is why we wanted to provide some information and guidance on what types of scams are out there, what to look out for and how to avoid them. 

Keeping your data private

When it comes to scams (and phishing) either email, text or phone calls the scammer would have got your information from somewhere. It is more than likely your personal information is bought from something called a data harvest. 

What is a data harvest? Long story short is when a company or group of people (not necessarily malicious) have logged hundreds upon thousands of people’s personal information. These companies will then sell that data by the thousands. The company that bought the data will go through that data then more than likely sell that on to someone else and so on.

A common pitfall for people is entering their details on websites such as competition entry forms.

For example, there are a few competition providers who have frequent competitions but in their entry forms they have unnecessary requirements such as asking the entrant if they are a homeowner or asking who their energy supplier is.

Content like this has also started to spread onto social media like Facebook. Especially in a lot of the private location based buy and sell groups.

For example one of the groups I was in had several accounts based overseas offering competitions for the latest iPhone and all users had to do was comment saying “Yes” and they will be privately messaged the entry link. 

So of course I tried this, their link took me to some free Google made website with a simple entry form and a stock image of an iPhone. The entry form had the basic entry details which wouldn’t really raise an eyebrow but in the terms and conditions it goes onto mention that the details you provide will be sent to 3rd parties to offer you services they think you may benefit from.

In other words, you have now provided them enough data to sell your personal information and everyone else’s information to another company.

Below is a competition by a provider call Activeyou. From the first image it looks innocent enough but if you dig a little deeper and read what you are agreeing to you will sometimes find out what they will use your data for.

Some forms will even go as far as not letting you enter the competition without agreeing to receiving 3rd party material.

Everything looks OK(ish) from the first image but things start looking a bit fishy by the second image with the provider asking if you own your own home, who is your gas, electricity, TV and broadband provider, now by the time you have finished completing this page Activeyou will have the following details.

  • Your full name
  • Email address
  • Home Address
  • Your date of birth
  • Your contact number
  • Whether you’re a homeowner or not
  • Your gas provider
  • Your electricity provider
  • And also who provides your TV and Broadband

Say if 20,000 people had entered this competition, that is 20,000 people that have willingly given their data to this company.

Now as an example if 1 name and contact number is worth £50, a database of 20,000 names and numbers could be worth around £1,000,000. But no, this data is a little bit more unique as the provider now knows you residential status, utility providers, mobile providers and so on. So say this unique data is worth £100 per person (name, address, age, utility provider etc) this data could now be worth double the amount at £2,000,000.

So now these sorts of businesses will now be making a lot of money from you simply entering a competition.

Going forward we are not saying do not use companies like this, we are just saying to be cautious of the details you are entering online. Does something look too good to be true? More often than not it usually is. If anyone wants to reach out to us regarding any information or even if you feel there are some inaccuracies please feel free to reach out to us.

Scam Phone Calls

Phone scams come in many forms, but they tend to make fake promises, threats, or ask you to pay certain ways. Again we want to clarify that not all unsolicited calls are bad, just be cautious over the information you share. 

If an unknown number contacts you and before you know who they are they start firing questions at you to confirm your details, make sure you know who they are before you provide them that information. 

Some of the entries below just show a portion of the calls we have personally received and are aware of. For more information and guidance please visit the Ofcom website. Below are some of the typical phone calls we know of.

  • Imposter scam

    A scammer pretends to be someone you trust — a government agency like the HMRC or the Police, a family member, a love interest, or even someone claiming there’s a problem with your computer. The scammer can even have a fake name or number show up on your caller ID to convince you. 

    Other scam calls may refer to National Insurance number fraud or offer a tax refund and request you to provide your bank or credit card information. If you cannot verify the identity of the caller, we recommend that you do not speak to them.

    The HMRC scam starts off with an automated message explaining that the HMRC is filing a lawsuit against you, and to press 1 to speak to a caseworker to make a payment. It is recommended to hang up the call immediately but obviously curiosity got to us. We pressed 1 and was greeted with a strong foreign accent telling us that we need to confirm who we are and that if we dont pay for a specific thing a warrant will be made out for our arrest. This scam has been widely reported and often targets elderly and vulnerable people.

    If you’ve been a victim of the scam and suffered financial loss, report it to Action Fraud.

  • Debt relief and credit repair scams

    Some scammers will offer to lower your credit card interest rates, fix your credit, or get your student loans forgiven if you pay their company a fee first. But you could end up losing your money and ruining your credit.

  • Charity scams

    Scammers like to pose as charities. Scams requesting donations for disaster relief efforts are especially common on the phone. Always check out a charity before you give, and don’t feel pressured to give immediately over the phone before you do.

  • “Free” trials

    Some callers may also promise a free trial but then sign you up for products, sometimes lots of products then you are billed for every month until you cancel.

  • Loan scams

    Loan scams include advance fee loan scams, where scammers target people with a poor credit history and guarantee loans or credit cards for an up-front fee. Legitimate lenders don’t make guarantees like that, especially if you have bad credit, no credit, or a bankruptcy.

  • Travel scams and timeshare scams

    Scammers promise free or low cost vacations that can end up costing you a lot in hidden costs. And sometimes, after you pay, you find out there is no vacation. In timeshare resale scams, scammers lie and tell you they’ll sell your timeshare — and may even have a buyer lined up — if you pay them first.

Do you know what a fraudster sounds like?

This is a recording of an elderly victim from Lancashire on the telephone to an offender who was attempting to trick her out of thousands of pounds.

The victim, who is in her 70s, spoke out on BBC Crimewatch Roadshow this morning to raise awareness of this type of fraud to help others spot the warning signs.

Det Insp Mark Riley also appeared on the first episode of the new series offering tips on how to avoid being a victim of courier fraudsters, who target the elderly and vulnerable over the phone.

Offenders, often purporting to be police officers, request large sums of money claiming that it is required as part of an investigation of fraud and needs to be collected by a “courier”.

If you would like to add an extra layer of protection on your mobile. Consider installing Truecaller, which is an app designed specifically to enable you to easily identify incoming calls from unknown numbers.

Scam Text Messages

Scam text messages seem to be getting more and more popular in recent years with it becoming easier to spoof the number it has been sent from. Majority of the time it just requires thinking out the box a bit. By checking which number it was sent from, a mobile number or “Unknown” would be a giveaway. Obviously these scammers cannot put too much information into these text messages so they will try and lure you away to either get you to pay for something e.g postage for an item, verifying your details for service you may have.

The links they provide can also be a big giveaway that the text message is not legitimate. For example if you had received a message from PayPal, the URL (website name) would be Paypal.com, not Palpay or PaypaI (swapped the L to an I to make it look more believable).

If you have received a text message and you are unsure whether it is legitimate or not always get in touch with the company directly and do not open any links in the message.  

Scam Emails

Email scams have been around for a long time now and come in many different forms. Some of them are quite simple in design to try and get you to click their link while you are thinking you are being directed to the official site, while other can be downright scary.

I’ve had a number of scam emails coming through and sometimes I quite enjoy reading them for some reason as they are quite funny. Same as the text message scams these emails are here to try and lure you away so always check the sender, if it doesn’t look right it probably isn’t and some of these emails don’t even try to hide the fact the are fishy.

If you look at image one below, you can see that this person has sent an email to us, their email address is [email protected] but they have changed their name to [email protected] So with some email inboxes they may only show you the name of the sender rather than the email address so this one was quite obvious.

In the second image this is a Netflix scam and I have a variety of these ones, from update your details, your direct debit failed and also one stating there has been some unusual activity on the account.  The main flag for me is that I have never had a Netflix account registered to this email address and again making sure I check the sender and also checking the link they have provided either by hovering over the link on PC or long press on android.

As always if you have received an email and you are unsure, always double check where it has come from and if you are still unsure confirm with the company directly.

Data Breaches

As a data harvest is where people have entered information, and that given information is then sold. A data breach is where the any data the affected business holds on you is stolen. Having your personal information breached by these people will likely increase your chance of getting scam calls and emails as its possible the stolen information is then sold on. We posted a while back regarding data breaches and how to check if your email address (and other information) had been breached – Visit: Have I Been Pwned

But what is a data breach?

A data breach is the intentional or unintentional release of secure or private/confidential information to an untrusted environment.

Incidents range from concerted attacks by black hats, or individuals who hack for some kind of personal gain, associated with organized crime, political activist or national governments to careless disposal of used computer equipment or data storage media and unhackable source.

Definition: “A data breach is a security violation in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an individual unauthorized to do so. Data breaches may involve financial information such as credit card or bank details, personal health information (PHI), Personally identifiable information (PII), trade secrets of corporations or intellectual property. Most data breaches involve overexposed and vulnerable unstructured data – files, documents, and sensitive information

Have a story to tell us? Feel free to comment below and we hope you have found our post helpful or get in touch with me on [email protected]

Add a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.