[This is a quickly written post in response to an event which occurred recently in my family. It is my hope that by sharing this message I can prevent others from experiencing this. I shall try to update this to be as useful as possible as time goes on.]
Black Friday and Cyber Monday have swiftly passed, and Christmas is soon upon us.
Please. Do not let the internet grinches of the world spoil your or your family’s Happy Christmas.
That special gift!
I’m sure many of you out there will be buying loved ones laptops, computers, smart phones and tablets this year (or passing on your old equipment as you get new items). While they will make a wonderful present, perhaps bringing the family closer by giving them access to Skype, Facetime, Facebook and email.
I’m sure they will be presents which will no doubt will bring them many hours of joy!
Unfortunately, there are those out there who do not subscribe to the “Season of Goodwill to all Men [and Women]” ethos and franky will stoop to any low to swindle your loved ones out of money for their own gains. Often, the damage is not the money involved (which can be several hundred pounds) but more the psychological effect of finding out they have been conned. This can be very upsetting to those involved, and often is a huge violation into their perceived personal safety. Much like being burgled, the items can be replaced but the thought that someone has done it remains.
Often gifts of computers and tablets will be for family members who may have never used the internet before, they may even be young and inexperienced, or older and not technologically confident. While you are most likely clued up on the pitfalls and dangers of the internet, the people you are introducing to this world may not be. So when you give them the device, make sure you also pass on plenty of advice with it.
Remember it is likely by giving your loved ones a computer that they will not want to “hassle you” or appear stupid, they will want to be independent so they may not ask when they are unsure.
Unfortunately this makes them prime targets for these people.
The MO – Modus Operandi
The main scam I want to highlight is one which my family has recently been hit with, and I feel it is particularly personally upsetting.
The bogus Microsoft call.
The BBC technology correspondent Rory Cellan-Jones had a similar experience although was better placed to deal with it. It makes great reading:
A phone call for Mr Sellan – http://www.bbc.co.uk/news/technology-15690898
He even got another chance encounter and for our entertainment managed to record it:
More information (an interview by Which with a Microsoft employee):
Although the serious point here is that they are just as likely to be calling your loved ones at some point, so I feel it is important you make them aware this is happening and more importantly what do.
They call claiming to be from Microsoft, stating that your computer has been flagged on their system as having been hacked, or your licence is invalid or similar. They will probably claim to be Microsoft Certified (while not wishing to offend anyone this is relatively meaningless – at the basic level, even if they are telling the truth) this does not mean they are authorised by Microsoft. They may have details such as your address, and will gamble that you have a windows computer in the house. They will probably keep calling until they are totally sure you are not going to bite.
They will request that you allow them access to remotely connect to your computer so they can check it. They may ask for money immediately, or perhaps install some software and run some scans, and then charge you or get you to sign up for a service.
There are lots of cleaning tools, and anti-mal/spyware programs which will always generate lots of results over really trivial things, so don’t get scared by 100’s of results and red flags. Often they are detecting things like cookies, which are just records of the sites you visit – like amazon so that it knows you want the UK version of the site etc, or records of which bit of the site you visited, things you put in the checkout basket or which adverts on the site were last shown. Typically the software they use is Free anyway, you can do all that yourself, they are not doing anything special here (and in most cases nothing that really needs to be done if you have Antivirus software anyway).
If you are lucky, they will pretend to provide some kind of service and support, but as mentioned below, you are giving them full access to your computer, which means they are free to do whatever they want to it, including installing monitoring software or take information off it.
Beware, if you refuse their kind offer of service, you may be told “your computer will be blocked”, “your computer is infected” and “your computer has been accessed by hackers” you must have it cleaned. There is no way these people will have that knowledge, typically they are banking on the scan programs to find some trivial things to make you think there was something wrong when there wasn’t.
Your computer will not take over the world overnight (regardless of if it really had been hacked), and a quick update of your anti-virus software and scan will probably confirm this. If you are unsure, friends and family will check it over or a decent computer shop will give it a proper check-up (the difference is with a computer shop is they will have to operate legally or will be closed down very quickly).
Always remember the person you are in contact with could be anybody. Imagine they are a random person knocking on your door, you’ve never seen them before and you’ve not asked for someone to visit. What information would you be happy to give them? Your name? Your Phone number? Your bank account? Your date of birth? Your credit card? Would you let them have a look through your bedroom, your office?
IF they called you, never answer security questions! You do not know who they are, so your identity is irrelevant. Tell them they should never call customers and ask security questions, if they are legitimate they should amend their policies. Get an official number to contact them on, which you can check is legitimate. If there is a problem with some account, you should be able to confirm it by contacting your provider using contact information on their normal website, or use directory inquiries to give you a helpline number. Remember some numbers can cost a lot of money to call, so don’t take their word for it that they have given you a valid and non-premium rate number.
Even if they have details about you (your address, date of birth etc) this does not prove who they are (unfortunately a lot of information is easy to get hold of and they will use it to convince you).
Never allow anyone to access your computer remotely (never visit sites a caller asks you to visit or type commands they tell you to do). If you do, you have just handed them a key to your virtual house and are letting them wonder around it to poke in every draw and filing cabinet. As soon as you allow someone access to your computer, the potential is there for them to take whatever they want from it (be it internet history, personal documents) and also leave behind key-loggers (programs which will capture your keypresses including credit-card numbers or passwords), or hidden software to remotely control it at any time. Remember you may have a built-in microphone, or webcam installed, they could access that too.
Do not let them press you into paying for things. A common trick is to make offers which will expire and they will claim it will cost you more if you don’t sign up now. Always allow yourself time to check things out. If the company is genuine (which I hope by now you will guess they are not) they will understand if you want to check things out by asking someone else. If they are providing something of value, there is nothing to gain by forcing quick choices from you.
Always ask yourself, do I want this? They will have a long list of reasons why you must have this service ready to run off. Don’t let them convince you that you must have it done. There is nothing which they can do which most local computer shops would be able to do for you. They have called you, telling you need a service which you weren’t planning on having and chances are you don’t need.
Again, this shouldn’t have got this far. However, for the sake of other scams keep in mind the following:
Generally, if you pay for things online or over the phone, use a credit card! Even better use a pre-paid credit card so that any extra/large amounts have no way to be withdrawn. If you use a credit-card these is at least something your bank can do to help, you have should have built in protection and they have much better control of payments even once they have left your account. If you use a Debit-Card then there is very little they can do once the money has left your account.
Never EVER pay anyone using money transfer services (services such as Western Union Money Transfer should ring alarm bells immediately). These services are not traceable and there is no going back, once they have that transfer code from you, that money is gone (and most likely so will they)!
Things to do!
Know your rights!
There are regulations which cover these things, such as the Distance Selling Act.
Again if you have made a mistake and you have paid by Credit Card, your bank will be able to help you resolve it. Inform them as soon as you can, and give them all the information you can. Write down key things you remember, claims which were made and your responses to them. The more information you have the better the bank will be able to investigate it, be able to uphold your claim to fraud and potentially stop it happening to others.
Install good anti-virus software
Don’t take my word for it!
Visit Gizmos Freeware Reviews (http://www.techsupportalert.com/) is one of the best places you can go to find recommendations on Free software which you can use to keep your computer protected.
Take a look in computer magazines, most will recommend the current best software available at the moment.
Or simply purchase a commercial antivirus tool from one of the big names: Norton, McAfee.
Use Live-CD scanners
A great way to be sure that computer has not been infected by a virus is to use a Live-CD. This is a special CD which will allow you to scan your system without starting windows at all. This allows all the files on the system to be checked without the risk of an active virus getting around the scan. Often this is the best way to remove a virus too, since it will ensure that there is nothing running on an infected computer which is reinstalling viruses as soon as you remove them.
I currently use BartPE (http://www.nu2.nu/pebuilder/) which although can take time to setup has the advantage that it has lots of different tools from different sources, so there is excellent coverage. Most Anti-virus packages will have some equivalent Live-CD Rescue disk.
If you can set one up on a USB-stick it also means you can easily keep the virus definitions up to date too (which makes the scans far more effective).
Protect your online identity
Ensure your personal information is set to private on sites like Facebook and Twitter. Remember if you sign up to forums and other sites, does it really matter if they have your real date of birth, or your real name? Use different passwords, and for unimportant things, use a completely different password so you know not to use your passwords you use for important things on that site.
When registering to vote, opt-in for the “edited” Register
While the edited register is still available to credit agencies, unlike the full register it is not openly sold.
Sign up to the Telephone and Mailing preference service
Each of these services instruct providers not to contact you via Telephone or Mail for advertising purposes:
Note: Both are 100% free, so please don’t ever pay for it.
“It is a legal requirement that all organisations (including charities, voluntary organisations and political parties) do not make such calls to numbers registered on the TPS unless they have your consent to do so.”
This means if you determine a call is a cold-call, then you can inform them “I am on the Telephone Preference Service and you are breaking the Law by calling me. You must remove my details from your directory, and if I am called again your company will be reported.”
If nothing else, it can be a quick way to end a cold-call politely without having to make excuses (which you shouldn’t).
There are many scams which take place on the internet, such as the usual Spam emails ranging from:
– Phishing which pretend to be your bank or similar and request you to provide your login details and passwords, or account details. Never respond to these emails, even to tell them you are not interested, since that will flag your account as active and you will get more and more messages. If you feel you must do something, go direct to your bank and use their reporting system to send them a copy of the email (they can investigate it and most likely locate the destination of the site and shut it down).
– The Nigerian Prince or Lottery Scam. This usually suggests you have been selected to receive a large sum of money, but they need details from you to give it to you (or some money to release the funds).
– Pop-ups. Often some sites will have pop-ups or adverts claiming their computer is infected and needs to be cleaned immediately. Of course all of these will link to software to download which with either load up viruses and spyware on the machine, or load fake anti-spyware software which will claim the infections need to be cleaned (by purchasing the full version). You may not even notice that anything has happened, but behind the scenes you computer could be accessed and used remotely without your knowledge.
The internet is open to all, and as such you will find people out there who are not who they claim to be and will be using the amenity of the internet for their own gains. People are not always who they say they are, and will go to great lengths to deceive others (sometimes just for fun, sometimes for lots of money).
Finally, if you have provided access to the internet to younger members of your family, then be extra careful and be sure they are aware of basic internet safety and where suitable check that they are being careful. What may flag up Red Flags of danger to you are most likely to go unnoticed by them, so don’t be scared to talk about what they are doing.
Lastly I would like to add that “The Internet” is also full of great things, wonderful people and fantastic things to see. For every bad experience there are a 1000 amazing things the internet can provide. But be careful.