Image courtesy of https://www.freeimages.com/photo/working-woman-1440176

Online Fraud: My Experience of Beating Internet Scammers

Image courtesy of https://www.freeimages.com/photo/working-woman-1440176I like to think of myself as an intelligent guy who can spot phishing and fraudulent attempts to scam me into handing over my personal information, and for the most part I’m successful. I get so many calls from scammers using private numbers or from places with area codes I’m not familiar with that I know what’s going to happen as soon as I pick up: either the line goes dead or I’m told by a robot that my Amazon Prime account is going to be renewed, that I was involved in a car accident which wasn’t my fault, or that BT Internet has discovered my neighbours are stealing my data and I need take action immediately to stop them.

Just for fun, since it costs me nothing and I’m interested to see how the scam works I go along with it. The scams are so incredibly obvious it’s astonishing they can work, yet some poor, overly trusting marks must fall for it, else they wouldn’t keep using the same old methods.

The Amazon fraud works by telling you that you’re going to be charged for something you don’t want. So naturally you talk to the ‘customer service representative’ and press 1 to fix it. They tell you to go to a website which is hosted on Wix, a perfectly respectable web hosting business which is in no way connected to the scam. The problem with the fraud is that the scammers are too cheap to even pay for hosting so the website they use has a .wix suffix and has adverts for their other premium services popping up during your visit. Not something you’d expect from a multi-billion dollar company such as Amazon. The rep tells you to click on a link, except the link is a download for software which is sure to damage your computer and give up your details. I don’t know what is supposed to happen next as I gave up my pretence of credulity and told them off for having such a pathetically obvious scam, and that I would be ashamed if I was to try anything so amateurish.

It’s an old scam, but it works.

The BT scam is very old, but details are updated to keep it fresh and make it relevant for internet users today. The representative claims to be calling from BT Internet and states that because your neighbours are stealing your WIFI and using it to download illegal material they’re going to cut your service off if you don’t fix your internet security. If you buy this you’re told to go to the search panel on your task bar and search for a particular file or folder. Once you open this they’ll read aloud the numbers you can see in front of you as a means of “authenticating” that they know what they’re talking about and that you’ve already been penetrated by malware. In reality this data is the same for all PCs using Microsoft Windows, if you disagree with them and say” no, I’m showing XYZ” instead they’ll know you’re using a Mac and adjust the scam accordingly. Next they’ll tell you to open up a new browser window and enter a web address which is clearly going to install a range of harmful software and again, I’m not going to do that!

So how did I nearly get caught by internet scammers?

Not very long ago I was self employed and, naturally, I had to deal with HMRC to pay my tax, claim back VAT, legitimate business costs, et cetera. It’s all online, it’s frustrating and bureaucratic, and incredibly dull. But it does mean that I’m in the system and likely to get updates, information and feedback. Consequently it was no surprise to get a text advising me to go to the HMRC website to claim back a tax rebate which I’m owed. The website does contain the .gov.uk suffix which is supposed to ensure that it’s a legitimate government resource so I clicked the link and saw exactly what I expected to see, a basic, no frills website with all the right livery, logos and fonts which I’m familiar with.

In order to avoid delays and frustration all I had to do was fill in the bank details I had registered and they would transfer my money straight back to me. I have no particular recollection of registering my bank details, but it’s not altogether unlikely, and it was a long time ago that I registered, so I put in my account number, sort code, long card number, but then I saw something which rang alarm bells. They wanted the three digit security number from the back of my card. Being an habitual online shopper I remembered that this number was only necessary when making purchases, and not when registering with any other business or government entity. So I checked, and it was true, I had nearly fallen for an online scam.

So what was the difference which had nearly suckered me in?

What the Tax Scam had successfully achieved was securing my trust. They didn’t phone me from an unknown location (it should be pointed out that the callers never have the accents you’d expect someone calling from their professed location to have, nor is their claim that their name is Simon or James particularly believable. If you want to gain my trust don’t lie to me in the very first thing you say!)

They used a web address which included something I expected to see from an official government resource instead of free web hosting. The .gov.uk suffix was followed with another .suffix which looked perfectly fine, but upon closer inspection should have been a /suffix. Very sly, very sly indeed.

Further, they had successfully imitated the look of the government website, including the bureaucratic tone of the instructions, and because in all cases it was exactly what I expected to see, I almost fell for it.

Protecting yourself from online scammers

As we’ve seen, some scams are so obvious it’s hard not to feel bad for the poor guy on the other end of the phone having to read that script aloud. These con tricks are easy to spot and you just need to hang up or, if you’re bored, play along. Waste their time. Why not? The more time they spend with you the less time they have to call someone who might be more vulnerable or less savvy.

If the call comes from someone who seems believable, for example they’re calling from a company you do have dealings with ask for a call reference number and tell them you’ll call them back. If you can, call back from a different phone as there is another scam where the caller stays on the line and gives the impression that you’ve dialled out, whereas in fact you’re still on the original call. This is possible since the call was never disconnected from their end. If you do call back, don’t use the number they give you, but use the number you find on the ‘contact us’ section of their website. If the call was legit you should find you have no problems getting through to the right department.

Never download software because someone tells you too. Be wary of even clicking on links as they can be used to disguise downloads. If you hover your cursor over a link a description of where that link will take you should appear, either next to the link, or at the bottom of your screen depending on the browser you’re using. If it doesn’t look like the link it purports to be DON’T CLICK IT! This is the easiest way of getting the unwary to download malware. If you’re suspicious, but still not sure, tell them the link doesn’t appear to be working and ask them to read you the URL instead. If they’re legitimate then they’ll have no problem doing this. If they are evasive or try to tell you to right click and open in a new tab/window then hang up.

Never trust a cold-caller who isn’t prepared to let you call back

And if after all that you still trust them, remember to keep being careful! As with my almost getting caught out experience, it was only remembering one detail that saved me from giving up access to my current account to these people! If something seems even a tiny bit off, stop what you’re doing, find the genuine contact details and phone instead. Phoning is usually the quickest and easiest way to get confirmation that you’re either dealing with the right people, or ensuring that you did the right thing by not trusting a stranger calling you out of the blue.

Briant Communications doesn’t currently offer scam protection, but we do supply and install a range of Smart home and office security devices such as Smart Cameras, Smart intruder/motion detectors and alarms. We offer a free, no obligation site survey which allows us to advise you on what the best solution for your needs would be. So if you just want a Smart doorbell to watch the front door for Porch Pirates, or you need a comprehensive array of cameras and Smart Security devices to cover outbuildings, workshops and perimeters, call us on 01273 465377 or email on enquiries@briantcomms.com to book a consultation and free cost estimate.

Comments for this post are closed.