In our latest bumper Scam Watch, James Walker from Rightly and Louise Baxter from the National Trading Standards Scams Team help you spot the tricks scammers use to induce people to give away their money and personal data.
They also explain the importance of cleaning up your data to avoid the fraudsters. It’s time to take control, know how to spot a scam and what to do about it.
As we officially start spring, it’s good to clean up your data. This will help protect it from scammers, who will use it against you if they can.
There are so many scams around these days, it’s worth knowing what to look out for. And it’s worth knowing the things that can make us more vulnerable to scams that might target us.
Spotting a scam
A scam can be started in many different ways. Often you receive an email or text message appearing to be from some official organisation or a government institution such as HMRC, DVLA or the TV Licensing Authority.
There are telltale signs that the message is the first step in trying to set up a scam to either steal your money, or capture personal information that the scammer will use later.
If an unexpected email or text arrives, make some simple checks.
- Check the email for bad spelling and grammar
- If it starts with a general greeting, eg ‘Dear HMRC user’, it’s more likely to be a scam
- Search the internet for the sender’s details, the email subject line or the organisation’s name – you might find people discussing a scam
- If the email asks for personal information, such as account numbers or address, remember that organisations like banks or HMRC will never do that
- Check whether the email address matches the sender’s name or organisation – hover over or click on their name to see the actual email address
There are also some intuitive checks you can make.
If ever you feel rushed into responding to an unexpected message, take a breath and pause. It could be a scam if:
- Something seems too good to be true. Examples include a super-cheap smartphone or a holiday that costs far less than it should
- Someone you don’t know contacts you unexpectedly with an offer
- You simply suspect you’re not dealing with a real company. Sometimes scammers present themselves as a company but there’s no postal address – a warning sign
- You’re asked to transfer money quickly. Scammers often use urgency to make you act without thinking it through
- You’re asked to pay in an unusual way – like by BitCoin, by vouchers for Amazon or iTunes, or through a transfer service like MoneyGram or Western Union
- You’ve been asked to reveal personal information like passwords or PINs. Remember, no legitimate bank or genuine organisation will ask you for complete passwords or PINs
Keeping yourself safe
Scammers are very resourceful and constantly coming up with new, clever ways to capture your money or personal information. Here are a few tips to keep yourself safe:
Beware of fake shops!
Are you sure the online retailer you’re about to use is real? Scammers are clever at making online shops look like the real thing. They may make up a name for the store, or else pretend to be a popular brand.
Spend a few minutes checking things, including the store’s terms and conditions. In there you should find a proper postal address, not just a PO Box number. Check online what people have said about the store. Read reviews on independent sites, not just on the website itself.
You can no longer rely on the padlock symbol in the address bar of your browser to show a site is secure. Scammers have found ways to copy it.
Don’t click on links
You may have received messages by email or by text message that invite you to click on a link. Don’t do it!
If the link is not from someone you know, it may lead to a download of malware to your phone or computer that could be used to compromise your personal information. Or it could download a virus.
Keep it personal
Some scams aren’t designed to rob you directly, but to capture personal information.
Scammers build profiles of people using publicly available information, such as details they can scrape from social media profiles such as Facebook and anything they can collect from data breaches.
Hackers sell data they steal from company databases to scammers. If a scammer gets enough data on an individual, it can make it easier for them to dupe the unwary. They can be very convincing if they have a few details included in their approach.
So keep your personal data close, and minimise who has it. If someone is asking for personal information, in general, don’t give it.
Keep it secret, keep it safe
Make sure that passwords for your email, social media accounts and any online shopping, banking or other commerce accounts are kept secure. Use passwords that are strong, very hard to guess, and never used on more than one account.
A password manager app can help. It will generate complex, unique passwords for every account you have. Using it will mean you are not tasked with having to remember dozens of different and complicated passwords.
Dance the two-step
In addition to creating complex passwords, many online accounts offer two-factor authentication.
This is a system that requires you to make a second step in addition to the password. It makes it much harder for a scammer to access any of your accounts, even if they have the password.
The Government operates an email alert system for scams which you can sign up to. It provides alerts on the latest online, telephone and face-to-face scams. You can sign up to the police-run ActionFraud updates here.
Spring clean your data
When people are shown how many organisations have their data, they are often amazed. Amazed by how many companies – and because often they have no idea who some of the organisations are.
That’s because data is bought and sold, legally and illegally, every day. It can become difficult to keep a grip on who has what information on you, or how they’re using it.
Data brokers are organisations that trade in personal information. Mostly it’s legal, and they scrape people’s online activity and digital footprint to profile them.
Then the data brokers sell that data on to literally thousands of companies. They subsequently bombard us with marketing information, porn and other communications we never asked for. Sometimes our data falls into the hands of criminals leading to ‘spear phishing’.
It’s well worth carrying out a digital spring clean, getting your data under control so you know exactly where it is, who’s got it and what they’re using it for.
How big is your digital footprint?
When any of us go online, we leave a digital trail of where we’ve been. Almost everyone has a digital footprint. Online activities such as photo sharing, dating, banking, shopping, gaming, professional networking, and social networking all add to it.
Other people can contribute to your digital footprint by posting photographs or information about you online.
Can I delete my digital footprint?
The short answer is, no, you can’t completely. But there are ways to minimise your digital footprint, lowering the chances of your personal data being spread widely, sold, or used by data brokers.
Does clearing my browsing history remove my digital footprint?
Unfortunately, no. To access the Internet, all our web traffic passes through an Internet Service Provider’s (ISP) servers. This allows the ISP to know exactly which websites you visited. So, deleting your browser history on your laptop doesn’t stop your ISP from having the entire list of your web-browsing habits.
How can I minimise my digital footprint?
There are several things we can all do to reduce the amount of personal data out there. Here are our top tips:
Say no to cookies
Every time we use a website, a box will pop up asking if you accept cookies. It’s easy just to click ‘accept’, but do you know what information you’re giving away if you do that?
Cookies capture all sorts of information, from basics like your name, date of birth and email address to more in-depth information such as your hobbies, buying habits, bank details and sexual orientation.
With just one click you could be inadvertently handing over a lot of personal information.
Cookies can even capture information such as what web page you were looking at before the one you’re on, and where you go next.
It’s worth clicking on ‘manage’ or ‘reject all’ cookies to minimise how your online activity is tracked.
Check or ditch old accounts
Do you have any accounts you don’t use, sitting out there in the cloud, still with your personal information?
Have a look for accounts or profiles you’ve created online. Many of us have created multiple accounts over time – for gaming, online shopping, socialising or even just out of curiosity. They’re easy to forget… but important to manage.
Think about which networks you have social media profiles on. Aside from the obvious (Facebook, Instagram, Twitter, LinkedIn), do you still have old accounts on sites like Hotmail? MySpace? Which shopping sites have you registered on?
To get rid of these accounts, go to your account settings and look for an option to deactivate, remove, or close your account. You may find it under Privacy, Security, or something similar. If you’ve forgotten your username, search your email inboxes for emails from the websites.
Most large websites will have a process you can follow to retrieve your account details. Then create a second email account to use when shopping online, registering for online services, and all those other unnecessary boxes.
Take control of your search results
It’s time to decide how easily you’d like people to find your information. If you want to remain private, then ensure your security and privacy settings are up to date.
Break from data brokers
Data brokers collect data from everything you do online and then sell that data to interested parties, to more specifically advertise to you.
You have a right to ask data brokers what information they hold on you and to instruct them to stop processing your data. Rightly has a service to help you do this.
Have you been breached?
A Google search won’t tell you whether your usernames and passwords have been hacked. But some browsers now help with this.
In Apple’s Safari for instance, if you check under settings and then select ‘passwords’ it will tell you whether a particular username or password has appeared in a data breach. Checking this regularly can help you keep on top of places where your data may have been compromised, so you can change a password or close down an account.
You can also do this at haveibeenpwned.com, which checks your email against databases on the dark web. The dark web is where hackers sell stolen data to anyone who will buy it. Then, you can change key information and passwords to prevent being hacked or scammed.
You can opt out of marketing communications with any company you don’t want to hear from. Plus, remove yourself from as many databases as possible that store your contact details and personal information. For example, The Direct Marketing Association, the Telephone Preference Service, and the Mail Preference Services all allow you to opt out of communications and to remove yourself from their marketing databases.
However, bear in mind that unsubscribing from marketing communications is not the same as getting your data deleted.
If you unsubscribe, your data still sits there, on company servers, moved from here to there without your knowledge. It’s vulnerable if a hacker breaks into the company’s systems, or if the company simply loses it.
You can use your rights under the General Data Protection Regulation (GDPR) to remove your personal data from as many companies as you’d like, for free. The law states that a company must completely erase your information if you ask them to.
You can do this yourself by emailing each company individually, or you can use our Rightly Protect service to make data deletion requests to a whole range of companies. It’s quick, simple and free.
I think I’m due a tax rebate, but I’ve seen all sorts of articles recently about HMRC scams. How can I ensure I get my tax rebate while avoiding being scammed?
A wide range of increasingly inventive scams carried out by criminals impersonating HMRC are in play. At this time of year when many tax refunds are due, scammers will be particularly active.
Scammers use a variety of tactics. Many play on people’s emotions, such as exciting you by saying you’re due a tax refund or scaring you by calling you saying you owe HMRC unpaid tax.
The key thing is that HMRC will never text, email or phone asking for bank details, PINs or passwords. Nor will they send a message via WhatsApp or social media saying you’re due a tax rebate.
While HMRC does email in certain circumstances, they will never send emails requesting personal information or advising you you’re due a refund. So if you get one – it’s a scam.
How to fight back against scammers
Report it: If you’ve received a text you think is a scam, forward it to 7726. Or take a screenshot and send it to firstname.lastname@example.org.
Reclaim it: If you are receiving lots of unwanted phone calls or text messages you can also consider removing your details from data brokers, ensuring that you use a right to object to processing of your data. You can learn more about this on Rightly to stop the sharing of your data exposing you to scams.
Get training: Take a free training course on how to fight scams at friendsagainstscams.org.uk. The more we talk about scams, the more we take away the shame.