Digital scams and how to avoid them

Guest expert, David McClelland on digital scams and how to avoid them

The lockdown has forced millions of us to embrace all kinds of new technology. While this has been really positive in many ways, it’s also opened the door to fraudsters too.

So Resolver asked TV’s top tech expert and consumer champion, David McClelland, to share his top tips on how to spot and avoid the huge range of digital scams doing the rounds at the moment – from dodgy emails to fake websites.

Part of my job as a technology expert and journalist is to demystify tech and make the web a safer place for everyone. But the lockdown has forced millions of us to get to grips with new and unfamiliar technology almost overnight. Suddenly we’re home-working, home-schooling, home-entertaining – and more reliant upon tech than we’ve ever been.

Fraudsters know this and are seeking to exploit it. That’s why we need to be extra vigilant right now.

Let’s step back from the technology for a moment: 

I always say that “fraudsters feed on fear” – and with the current pandemic there is a lot of fear to feed on right now.

• Scammers employ the same high-pressure sales tactics that have been around for years: pulling on people’s emotions and generosity, trying to create a sense of urgency.
• Fraudsters aim to catch us off-guard, to rush us into a decision without giving us time to fully consider it — clicking on a link in an email, perhaps, without properly checking who sent it, or to which website it sends us.
• We’ve also seen scammers take advantage of news events in the past – the coronavirus pandemic is a news event like no other, and scammers have been trying every trick in the book to take advantage of it.

How are scammers operating? 

Email, SMS and instant messaging apps are perfect channels for fraudsters to operate in as they often offer little security and let scammers send in bulk (like those ‘mass emails’ cluttering up your inbox) with apparent anonymity and impunity.

The types of email/phishing scams we’re seeing at the moment include:

• Advertisements for hand sanitiser or face masks – which don’t exist
• Fake fundraising campaigns
• False financial support payments from the government – and even lockdown fines from the police

Often these emails will impersonate authoritative sources – UK government, World Health Organisation, or well-known charities – to add to the credibility and urgency

Are these emails being stopped?

Google announced that it is blocking around 18 million coronavirus scam messages every day addressed to users of its Gmail email service – but many messages will inevitably still get through.

How to spot a fake or phishing email?

Scammers are sophisticated and will try to cover their tracks, so it’s not just one signal that can identify a dodgy email – there are a few red flags to look out for:

1. Look at who sent the email

Not just the name of who sent it – this can be easily faked – but the email address it came from. How you do this may vary with the email software you use. Be wary if the email address doesn’t match exactly with the company or organisation that the email claims to be from.

2. Look at who it has been sent to

If the email is addressed to “Dear Customer” or “Dear your@email.address” then again, that’s a red flag — you’d expect a company emailing you to know and use your name.

3. Check for grammar and spelling

Look for anything that stands out as not having been professionally written. While fake emails are becoming increasingly sophisticated, sometimes the tone doesn’t seem right – like it’s been through an online translation tool.

4. Look out for links

Phishing emails will lure you into clicking a link that takes you to a website they control – this site may impersonate a legitimate website and encourage you to share your login details or payment details; or it may take you to a site that installs malware (a virus or other malicious software) onto your computer.

• Depending on your email software, you may be able to check what page a link will send you to by hovering over it with your mouse before you click on it
• If the web address that shows doesn’t match the web address of the company that has emailed then – again – treat it as suspicious.
• Increasingly, firms do not put links in emails because they are so often exploited by fraudsters.

My email mantra:

If in doubt – chuck it out! Instead, visit the company/organisation’s website directly by typing their web address into your web browser – NOT by clicking on the link in an email.

It’s not just messages that scammers are using as a weapon:

Fraudsters are exploiting how many of us are working from home too.

We’re now installing and using apps and services that a few weeks ago many of us had never even heard of – video conferencing is a big example. We’ve seen fake installers for popular video apps like Zoom which bundle dangerous malware with them.

Again, visit the website directly rather than clicking on an email link – and be wary of search engine results, which may not always show the legitimate company at the top of the search results.

By the way, just because you download something from an app store, it doesn’t always mean it’s trustworthy or legitimate, so think carefully before you share things like location services and personal data.

It’s not all work: 

Television is fulfilling a very important role for all of us at the moment. However, hundreds of fake websites for Netflix and Disney+ have been spotted this month. These sites entice people to sign-up for the services – often with the promise of an offer that’s too good to miss – but instead of joining a streaming service, victims are handing over to scammers their personal details and financial information.

As with the email rules, don’t rush to sign up. Stop and check carefully that you’re on the genuine site and not clicking through a link to sign up to a fake service.

Think you’ve been scammed?

Contact your bank – they should be able to put a stop on your debit or credit card and prevent any further transactions going through. You may be able to claim back some cash too.

You can also report the fraudster to Action Fraud. They don’t investigate individual cases, but when they spot a pattern they will act.

A final thought

We all have to be vigilant in the fight against digital fraudsters. They often target older or more vulnerable people, so make sure that your family, friends and neighbours who might be targeted are aware of what to look out for too.

You can find loads more tips and some nifty videos from David at http://www.davidmcclelland.co.uk/. And if you think you’ve been scammed or ripped off, resolver can help you make a complaint for free. www.resolver.co.uk