Can you spot the scam texts here? Sidmouth businesses get expert advice on cyber crime
By Philippa Davies
19th Jul 2021 | Local News
OK, so that 'can you spot them?' question was a bit of a con itself. Because all the text messages in this image are scams, sent by fraudsters to try and get the recipients to click on fake links and divulge personal and financial information.
Cyber crime isn't new – email phishing, ransomware attacks and so-called 'romance fraud' (conning people into thinking they're in a relationship with the fraudster, who then asks for money) have all been around for a while. Online fraud involving banks has been made easier for criminals by the large-scale closures of High Street branches, forcing more people to use Internet banking.
But the Covid pandemic has fuelled a massive rise in cases, as criminals saw their chances. The rapid switch to working from home (away from a skilled IT department), the huge rise in online shopping and parcel deliveries, and the financial difficulties and tax complications all created new opportunities for fraudsters. As did the launch of the vaccination programme, when people anxiously waiting for news of their jabs were targeted with fake NHS text messages asking for personal information and payment details. Romance fraud also increased steeply, as callous criminals targeted people who were feeling lonely in self-isolation or lockdown.
This week alone, Devon and Cornwall Police have received 178 reports of cyber and fraud related crime via the national reporting organisation, Action Fraud. But police think the actual number of offences is up to four times that figure. This is because most scammers target large numbers of potential victims – and also because many people don't report cyber fraud because they're ashamed of being fooled.
On Wednesday, July 14, two Cyber Protect officers from Devon and Cornwall Police gave a presentation to Sidmouth Chamber of Commerce's Zoom breakfast meeting on how to spot attempted fraud, how to protect yourself from it – and the importance of reporting incidents so that Action Fraud can build up a picture of the scams currently operating at any one time.
How can I tell if an email or text is a scam?
Many of us already know some of the typical content of a message that should ring alarm bells: offers that seem too good to be true, messages littered with spelling and grammar mistakes, claims we've won a competition we never entered.
But there are other, more subtle, giveaways. For example, many scam messages may appear genuine because the URL in the link provided contains the name of your bank or another trustworthy organisation, and looks familiar. But look more closely and you may see a tiny change in that URL – a non-English character of the alphabet, a hard-to-spot underscore, or a dot where there shouldn't be one. (Did you spot it in the link in the fake Asda text message above?) This link will take you to the fraudsters' own site – don't click on it.
Another giveaway is the way the sender addresses you. Does the message begin 'Dear Customer' or something similar? A genuine sender will know you by your account name, and that's how they'll probably start their message. By the same token, a genuine sender will already have your personal details, account number, etc. Don't be taken in by messages asking you to 'confirm' information of this kind.
Keeping the hackers locked out
The police presentation also focused on the importance of protecting your personal data. One key piece of advice was to change the password on your home router – they compared this to 'changing the lock on your front door'. The home router is the gateway to all the computer-enabled devices you have – not just laptops and mobiles, but also smart home devices – and routers can be hacked.
Another piece of advice is to be careful of the access permissions you agree to when downloading free apps. Some will ask for permission to track your location, or access your contacts. In some cases this is necessary for what you want the app to do, but if it's not, there's no reason to click 'allow' – the information could fall into the wrong hands.
Have I already been the subject of a data breach?[H2]
Very possibly. We often read about large-scale data breaches, but not all make the news. A site that holds your email address may well have been hacked – and that address could be used further down the line in attempts at cyber fraud. Luckily, it's easy to find out: visit the Have I Been Pwned website and enter your email address. (The word 'pwned' apparently comes from the word 'owned' used in gaming to mean totally defeated – gamers mistyped it as pwned so often that it became an accepted version). If you find your email address has been harvested by a hacker, change the password immediately.
[H2]If in doubt – check
If you're unsure about any communication you've received, but think it may be genuine, go back to something you know you can trust. If you receive a message asking you to urgently contact your bank or HMRC, for instance, don't click on a link - go to the official website of the organisation concerned. Rather than phoning a number in a message, find the number on some official correspondence and use that one to ask if there really is a problem.
There's plenty of good information available on cyber fraud; a good starting point is the Which Consumer Rights website.And to report incidents, visit the Action Fraud website.
Suspicious text messages can be reported to your mobile phone operator by forwarding them to 7726 – all operators now use that number, which is free of charge.