Scams are a huge issue in the UK, especially with the introduction of more technically advanced scams on our devices that can even hold our files to ransom (see below for more information). So how can we protect ourselves, and more importantly, how can we protect our private information offline and online? We’ve rounded up some of the most frequently used scams in the UK at the moment, with advice on how to avoid them and keep your hard-earned cash. Also see: How to avoid the latest Netflix scam.
The latest WhatsApp scam being circulated among users is an exclusive invitation to upgrade to a premium version of the app, known as WhatsApp Gold. There is no such app.
"The invitation reads: "Hey Finally Secret Whatsapp golden version has been leaked, This version is used only by big celebrities. Now we can use it too."
Click on the link in the invitation and you'll more than likely end up with a malware infection. (See how to remove a virus from Android if you've already done so.)
Fake tickets to the Rio Olympics 2016
Kaspersky has warned that scammers are selling fake tickets to the Olympic Games in Rio de Janeiro online. It first started seeing spam emails selling these fakes in early 2015, but they are becoming more common as we get closer to the games.
“It’s no surprise that cybercriminals are using the Olympic Games as a ploy to extort money and personal information from unsuspecting recipients. What’s more, beyond phishing emails, cybercriminals are creating fake sites, disguised as legitimate ones... We recommend that fans everywhere be very cautious when purchasing tickets or souvenirs. Users need to make sure that they are only trusting authorised resellers, despite how appealing the low prices may be from alternate resources,” warns David Mole, Head of Retail, UK at Kaspersky Lab.
Your Apple ID has expired
No it hasn't, but that's not what the hackers behind the latest iOS phishing scam would have you believe. Many people have reported receiving a text message purporting to be from AppleInc over the past week or so, claiming that their Apple ID is about to expire.
The message text reads: "[Name] Your Apple ID is due to be expire today. Prevent this by confirming your Apple ID at [URL] - Apple Inc."
There's a link to click to renew their Apple ID. Guess what: don't click it. It will tell you your Apple account is locked, then request you enter your details to gain access. And the phishers behind the scam will then sell on that information.
Phishing emails that know your address
A recent scam sees a phishing email land in would-be victims' inboxes that suggests they have several hundred pounds outstanding on their debt to a particular company, such as British Millerain Co Ltd. Whoever sent the email knows their name, email address and, unusually, their postal address, so it seems legit, right? Nope.
In fact if you click on the link in the email it will download ransomware such as Cryptolocker to your PC.
Dr Steven Murdoch, principal research fellow at the department of computer science at University College London, told BBC Radio 4's You and Yours: "Most likely it was a retailer or other internet site that had been hacked into and the database stolen, it then could have been sold or passed through several different people and then eventually it got to the person who sent out these emails."
Contactless payments scam
A rumour has been spreading in the past few days regarding a scam to do with contactless cards. It suggests that scammers (on the tube, but technically it could be anywhere you might use a contactless card) are carrying handheld devices that scan the bank card sitting in your back pocket and charge £30 to them without your knowledge.
One slight problem with this scam: there have been no reported incidents. The scam would be almost impossible to carry out, the UK Cards Association told Tech Radar, and any fraud can be traced right back to the recipient account.
Microsoft calling - 2016 update
One of the most common computer-related scams is the Microsoft phone scam - don't be a victim. Someone will phone you out of the blue and say they're from Windows Customer Service. They're not: Microsoft doesn't cold call people like this. The latest twist, as reported by PC Advisor reader Beryl, is that they'll say something along the lines of, "Your computer has been hacked and that the hackers are sending out emails all over the world saying you are a 76 year old widow and finding it hard to make ends meet."
Most people don't want this to happen and, as Beryl found out, they will attempt to convince you the call is genuine by telling you your name, address and phone number. After that you might be told to go to your computer and press Ctrl and the Windows sign together, and tell you they are going to take me to a unique reference number for your computer.
The bottom line: it's a scam. Hang up and don't do anything on your PC. What they want is for you to unwittingly give them remote access so they can steal more details, hold your data to ransom and many other despicable things.
HMRC tax refund scam
Now that it's possible to fill in your tax return online, fraudsters are taking advantage of people using shared computers - such as in offices and internet cafes - to steal their HMRC login details and change their tax returns. The scam usually involves manipulating the figures so that you're owed money from HMRC and specifying a new bank account for the repayment. Naturally, that's an account to which the criminals have access. HMRC recommends you don't use a shared computer to file your tax return, and you keep your password and other login details safe and secure.
Another part of the scam involves 'phishing'. The criminals will send you an email or text message telling you that you are owed a sum of money from HMRC as a tax rebate. It may sound genuine or tempting, but the website link will be fake and will try to get you to enter your login or other personal details which the scammers can then use to try to access your real account.
iOS Crash Report scam
The iOS Crash Report scam originated in the US around 9 months ago, and while it appeared to be exclusive to the states, it has started to appear on UK users’ devices. The scam appears in the form of a ‘crash report’ when using Safari, and informs users that their iOS has crashed and they should call a ‘toll free’ number for an immediate fix.
The full notification reads “Warning iOS Crash Report - Due to a third party application in your phone, iOS crashed. Contact support for an immediate fix” and lists a series of numbers for you to call, ‘1-800-480-4170’ in the US or ‘0800 279 6211’ or ‘0800 652 4895’ in the UK.
Once you call the number, you’re greeted by a ‘rep’ that informs you that third-party software on your device is stealing all your private information “right now”, and for a sum (which is somewhere between £30 and £50 usually) the rep will ‘install iOS’ and neutralise any threat. Of course, this is all a lie to get you to hand over your credit card information, and the high pressure situation means that many people won’t question what’s happening, and will happily hand over bank details.
Nobody is 100% sure as to how these ‘crash reports’ are appearing on users’ devices, as iOS devices are usually renowned for their levels of security. One popular theory is that it’s a result of website adverts being infected with malicious code which transforms them into the reports people are seeing on their devices.
There’s a simple way to get rid of this ‘crash report’ without needing to hand over your private details to scammers. Simply toggle on Airplane mode, force quit Safari, then head to Settings > Safari and tap “Clear History and Website Data”. Once your history and data has been cleared, disable Airplane mode and reopen Safari – the pop up should no longer appear. To avoid seeing it in future, you can go one step further by heading to Settings > Safari and make sure that “Block Pop-ups” is toggled on.
There’s also a scam disguised in the form of an email from Royal Mail. There have been reports of emails from [email protected] and, more recently, [email protected] claiming to be Royal Mail, informing the recipient that the service is holding an item for them, and that a response to the email is required for the item to be redelivered.
The scam, more known by the name “Cryptolocker” aims to install ransomware on the victims’ computer, which will then encrypt their files. Whenever the victim tries to access an encrypted file, a popup window appears and requests payment, usually in Bitcoins, to decrypt the files. It adds another level of pressure as its also noted that the longer the victim waits to pay, the more money it’ll cost for the filed to be decrypted.
The initial sum is usually somewhere in the region of £300-360, but will soon rise to as much as £600-660 if not paid within a specific period of time.
To avoid being a victim of this scam, there are a handful of things you should know:
- Royal Mail will never send an email asking for credit card information
- Royal Mail will never ask customers to enter information on a page that isn’t a part of the official Royal Mail website
- Royal Mail will never include attachments in emails
- Never send sensitive, personal information or bank details by email
- Never click on a link in an email if you’re unsure of it
- Make sure you have a spam filter on your email account
Telephone bank scam
Another scam that’s rife in the UK at the moment is the telephone bank scam, which cost victims in the UK £23 million in 2014, according to Financial Fraud Action UK. The scam typically works when the criminal calls the victim and pretends to be representative from their bank. The ‘rep’ will then inform the victim that fraud has been detected on their bank account, and they have to act fast and transfer all their money into a “safe account” before they loose it all.
Some fraudsters have been known to spoof the telephone number on the victims’ caller ID to make it look like their banks official number, and they’ve also been known to make reference of genuine account information that’s obtained one way or another. These techniques help to dupe their victim and make the call seem more genuine.
But if a fraudster can spoof the caller ID and obtain genuine account information, how do we know that it’s a scam? The best advice we can give is to hang up and call your bank yourself - using a different phone, such as a mobile or neighbour's landline - and enquire about the issues raised in the call. If fraud really has been detected in your account, an official bank representative will put you into contact with the right people and will (usually) reimburse you for any money taken. There’s no need to hand over details to a stranger over the phone who presents you with a high-risk, high-tension situation. Always question and be suspicious.
See also: How to spot a 'Free iPhone' scam