Staying Safe Online

November 2020

I hope you are all keeping well during lockdown 2.0 and have enjoyed the recent presidential elections. As we run up to Christmas, I’m sure that everyone will be buying more and more online. It’s convenient and given we won’t be able to get to the shops until early December at the earliest it may be our only option.. With more and more of us shopping online, criminals are investing heavily in increasingly sophisticated schemes. We have dealt with two types of schemes over the last month. The first is what we call “Password Harvesting” and the second is “Trusted Caller”.

“Password Harvesting”

This is where you get an email that looks like it is from a trusted company. Companies we have seen that are used are: Amazon, UPS, DHL, Asda, Waitrose, Marks and Spencer’s and PayPal. The email looks just like an email that you would usually get from the trusted company. It will have an email address that at first glance looks like it is from the trusted company and will usually report suspicious activity and ask you to click a link to login and confirm your credentials (your password). The emails look very convincing. Our advice is that you MUST stop and think before you click anything. There are two things to check. We use Amazon as an example here. amazon.co.uk can be replaced by waitrose.com, ups.com etc

The first thing to check is the email address. Hover over the email address and look at the actual email address. For example, the email address may say “Amazon Shopping”, however, underneath that will be the actual email address. If the email is genuine, then you will see something like: shipment-tracking@amazon.co.uk. The important bit is after the @ gives the web address of amazon shopping. The email addresses for suspicious emails will be something like: shipment-tracking@amazon.xyz.co.uk. You don’t go shopping at amazon.xyz.co.uk. Delete the email.

The second thing to check is the link where the email is sending you to if you click “Check” or “Confirm” or something similar. Again, you need to hover over the address of the link and check that it is a valid amazon address. Valid addresses will always start with: https://amazon.co.uk/ then they can have all sorts of information after the final /. This is good. A link that says something like http://amazon.xyx.co.uk/ …. Do not click! If you click the link, then then you can still check the website address in your browser. Again if it does not have https://amazon.co.uk, then you should not continue. If you do continue to enter your details, then the criminals now have your Amazon login and password which means they can go shopping with your account. If you realise after you have done this that you should not have, then go immediately to the amazon.co.uk website and change your username and password.

If you don’t have a clue what I am talking about or are not sure, then please pick up the phone and call us for advice.

“Trusted Caller”

This is where you get a phone call from a trusted company such as Microsoft, Apple, BT, TalkTalk. The claims are usually something like your computer has been hacked, is infected with a virus or your internet service will be disconnected. The calls are usually run by robots that ask you to press 1 immediately. Once you press 1, the call is diverted to a human. The person you get to speak to is usually very convincing and asks to gain access to your computer. They will ask you to go to a website and download a program. This program will then allow then access to your computer. They then start doing some things to confuse you and say that the computer needs a lot of work. They may ask you to transfer some money from your bank account to pay for the work. They will then go on to say they will work on the computer overnight and for you to leave it on. Quite often, they will mask what they are doing by showing an image so that you cannot see what is going on behind the scenes. The Trusted Caller scams are the worst as they leave people feeling very vulnerable. The scams usually result in people loosing thousands of pounds.

The simple advice is this. Do not press 1. If you press 1 and do start speaking with someone, ask yourself why is this company calling me. They don’t call me about anything else. Ask them for a number that you can call them back on. Look up the correct number for the company and see if it matches. You can also ask the caller to confirm what your account number is or you address. Companies that we call ask us to verify ourselves, you are perfectly entitled to ask them to verify themselves.

Again, if you are not sure, then please pick up the phone and call us for advice. You can always call them back once you have spoken to us if it turns out to be genuine.