Criminal ingenuity knows no bounds and, unfortunately for all of us, online (email and text) scams have become a fact of life. The COVID-19 pandemic has provided new opportunities for fraudsters to deceive people online.
Our MD, Neil Barham, says: “the risk of becoming the victim of an online scam is increasing and the consequences can be very distressing. As a security company, our key message is that people need to remain watchful and think very carefully before divulging any personal or bank-related information that is requested from them online.”
These are some of the more common online scams to watch out for.
COVID-19 Vaccine Scam
Many of us will have received text messages, purporting to be from the NHS, advising that we are eligible to apply for the COVID-19 vaccine. The message says: “we have identified that you are eligible to apply for your vaccine”.
The message advises you to follow a link where you can get more information and “apply” to get your jab. If you click on the link you are taken to a very convincing, but fake, NHS website where your personal details are requested, including bank and card details, in order that your identity can be checked.
Don’t be taken in by this scam and give out your details – you are NOT required to pay for your COVID-19 jabs.
One of the latest scams involves text messages which appear to come from household name banks, such as HSBC, which warn the recipient either of suspicious activity on their account or that a new transfer from their account has just taken place. One variation of the message reads: “HSBC ALERT: A payment was attempted from a NEW DEVICE on 09/04 at 16:47. If this was NOT YOU, please visit: secure-hs-online-banking.com.”
Clicking on the link takes you to a fake website, which looks very much like the genuine HSBC website. If you enter your personal data on the fake site there’s a good chance that this will then be used by the criminals behind this “phishing” scam to commit fraud. Victims of this type of scam can find their entire bank balance cleaned out very quickly.
TV Licensing Scams
The typical modus operandi here is that you’ll receive an email saying that there’s a problem with your Direct Debit, and you need to fix this before you can legally continue to watch TV at home. If you click on the link you’ll be taken to an authentic looking website and invited to enter your address and bank account details. The latter will then be stolen by the scammers.
It can be difficult to tell the difference between a genuine TV Licensing email and a scam email. TV Licensing say that in emails they send, your name and part of your postcode will be included, whereas scam emails often just use your email address or address you as “Dear customer”.
Fake Anti-Virus Software Scams
While browsing the web, most of us will have encountered those annoying antivirus software ads or sudden pop-up messages saying that your computer is now infected with a virus. These are almost always an online scam which, if you respond to them, will deliver to your device a virus, malware or ransomware.
You should only trust the virus information you get from your own installed antivirus software – typically from vendors such as Norton, Kaspersky or McAfee. Software from trusted anti-virus brands typically takes care of any issues in the background and will notify you once the cyberthreat has been resolved, although you will sometimes be asked to take some specific action.
If you don’t have any anti-virus software installed on your device, our advice is to make sure you do so.
There has been a big increase in romance fraud recently. More people are trying to find love online as the COVID-19 pandemic has greatly reduced face-to-face contact.
In romance scams, the criminals create fake profiles on online dating or social media platforms, and then target individuals and attempt to gain their trust. Ultimately, the victim will be asked by the scammer to send money. This could be for travel, legal fees or investments, for example. If anybody asks you for money very early on in an online relationship, and yet they seem strangely reluctant to talk about their own lives or work, this should immediately trigger suspicion.
If you have concerns, it’s always a good idea to talk these through with someone you trust. And if you believe you have been scammed, contact your bank immediately.
Royal Mail Scams
These have been around for some time. The latest variant involves the victim receiving a text message from “Royal Mail” which says that a parcel is ready for delivery, but that an additional fee is required in order for this to be released to you. The message will have a link, which you are invited to click in order to pay the fee. At this point you will be directed to a copycat website operated by the scammers.
One victim of this type of scam revealed on social media that she had been scammed out of every penny she had, because after the fraudsters had obtained her bank details they then telephoned her, pretending to be her bank, and asked her to move money around.
Fake Shopping Websites
There are thousands of websites out there which are completely fake, but look genuine. They aim to make people believe that they are genuine and are in some way related to well-known global brands. They entice people in by offering supposedly great deals – 75% off everything!
It can be quite difficult to spot these, but you should look out for sites which have similar, but not identical, URLs to the brand they are attempting to imitate. They often have spelling errors. But it is the frankly unbelievable prices on offer that should be a red flag. If you buy from these sites you run the risk of being sent fake products, or else your money will be taken and you’ll receive nothing in return.
HMRC (Tax) Scams
There were more than 900,000 reported cases of online scams relating to HMRC in 2020, the majority of which involved emails about fake tax rebates. The methodology of the fraudsters here usually involves sending email messages saying that you are owed a tax rebate, have an outstanding fee to pay or that you’ve missed an important tax deadline.
HMRC never sends notifications about tax rebates or refunds by email so such messages should always be ignored – never open any attachments, click on any links or divulge any personal information or bank account details.
Formjacking is a relatively new cyberthreat in which credit card information is stolen. It occurs when a legitimate e-commerce website is hacked and the fraudsters are able to hijack the payment process – you get directed to a URL which looks very similar to the genuine one and any payment card details you enter are then stolen.
This type of scam can be pretty difficult to spot, so always double-check the URL when entering payment card information to make sure you’re still on the same website you came from. The criminals typically make a very small change to the URL to try to avoid detection – adding one letter or removing one letter for example.
Other Online Scams
While these are some of the most prevalent online scams, there are, unfortunately, almost limitless opportunities for fraudsters to keep adapting and trying other variants. In recent weeks there have been new Netflix scams, fake ticketing scams, Census-related scams and many others.
Our best advice is never to click on any links, or download any attachments, which come through on emails or texts unless you are absolutely certain that the message has come from a trusted source. Always be suspicious about requests to send money, and pay close attention to URLs.
If you have any concerns about the legitimacy of an email you have received you should forward it to the Suspicious Email Reporting Service (SERS): firstname.lastname@example.org