Categories
CYBER SCAMS

Phishing Attacks – How They Work

Reading Time: 8 minutes

Phishing is one of the oldest and most common online threats used by cybercriminals to trick users into revealing sensitive information or installing malware by way of email.

Email phishing is the most widely known form of phishing where scammers send fake emails that seem to come from authentic sources in a ruse to get users into revealing personal and financial information. However, attackers can also use phone calls, text messages or social media to try to fraudulently acquire your details.

While some very complicated schemes can be devised, virtually all types of phishing are based on a basic concept: millions of untargeted phishing emails are sent out each day asking for confidential information or encouraging recipients to visit a fake website where they’re asked to update personal information.

What phishers will do is message customers with an email ostensibly from a trusted organization (such as Microsoft, your bank, Facebook, PayPal, Amazon, etc.). They know that people are more inclined to pay attention to those types of messages.

Sometimes, it can be practically impossible for the average customer to determine that the email message is not the official one of the organisation it is meant to come from. This is because it will often have the organisation’s logo and format and will look exactly like the organisation’s official email. The “From” field of the e-mail may have the .com address that looks like the company’s official website. The message will usually include a spoofed link that you can follow to conveniently login to a webpage and update your information. But the website is a spoofed version of the legitimate site. It was established with the sole purpose of stealing your personal information or infect your computing device with malware.

While this is a basic example of how phishing generally works, there are numerous accounts of increasing complexity that are typically used to try to steal confidential information. With the huge increase in remote working thanks to COVID-19, cybercriminal activities like phishing continues to be on the rise. According to security experts, as many as 3 in 10 workers worldwide clicked a phishing link in 2020. In the US, it’s 1 in 3.

So, how did these scammers get hold of your private email address in the first place? Well, here are a few methods they use.

  1. They use bots to harvest email addresses by crawling the web for the @ sign. If your email address is publicly available on any website, a scammer is likely to find it and add it to their database.  
  2. They buy lists legally or through the dark web. This is why it is important to read the privacy policy before you sign up or submit your details to an online service. You need to know exactly what they are going to do with your email address.
  3. They use specialist tools to generate common usernames and pair them with well-known domains. For example, they might send email to maryj@gmail.com, davidhamilton@yahoo.co.uk and thousands of other combinations of names.

Examples of phishing attacks

Since the first lockdown in March 2020, the number of sites impersonating online services have skyrocketed. In fact, during the first lockdown period from March 2020 to July 2020, at least 1 in 5 people worldwide received phishing emails related to covid-19. In addition, phishing email scams targeting Netflix subscribers have increased by 646%. Cybercriminals have also faked the email addresses of the NHS test and trace service, the HMRC, Amazon and Tesco. Email phishing scams have also targeted at drivers where they are asked to verify their driving license details or highlight a failed tax payment asking for banking information.

Another type of phishing scheme involves sending out emails targeting customers of well-known carrier companies. The expectation is that only very few recipients will respond. For example, over the festive period, a number of users received fake emails claiming to be from Royal Mail and delivery firm DPD, informing them that they had been unable to deliver their parcel. The legitimate looking emails asked recipients to click a link to pay a shipping fee so the parcel could be re-delivered. People who were actually expecting a package reported being caught out by the spam.

If you have any suspicions that an email or text message that you get is a phishing attempt, your first step should be to contact the company immediately. What you should also realize is that most legitimate businesses will never ask you for your password in an email. Your usernames and passwords are personal to you. You should never give your login credentials to anyone who asks you for them.

Phishing attack types:

Spear phishing

Where most phishing attacks typically cast a wide net, spear phishing are often personalized and targeted at a specific and well-researched individual, business or organization. As with other phishing attacks, the aim is to infect the recipient’s computer with malware or to steal information. Attackers tend to use information gathered from sources such as social media and other public platforms to hone in on their target. For example, if you let it be known that you will be travelling to the Caribbean on holiday, you may receive an email from a “colleague” that recommends an eatery to check out. If you click the link or attachment that is included in the email, malware is likely to be downloaded into your computer.

Smishing

This type of phishing attack is delivered to smartphone users through text messages, enticing you to click on link in the message. For example, a victim might receive a text advising that your bank account has been disabled due to suspicious activity being detected on your account, and to click a link included in the text to recover your account. These links are always dangerous and you should never click on them. They’re designed to direct you to spoofed websites that impersonate your accounts and attempt to infect your phone with malware or steal information. Some text messages specifically target HSBC customers. These messages are sent out to thousands of mobile numbers in the hope that it will reach some HSBC customers.

Social media phishing

Cybercriminals use social media sites such as Facebook as a platform to launch cyberattacks designed to steal personal information or spread malware. Some attacks are even used to hijack your accounts to attack your friends.

Examples of social media phishing attacks:

  • You receive an email claiming to be from Facebook that your account has been ‘reported for abuse’. You’re then prompted to login to a spoofed Facebook login page to provide personal information and update your credit card info to prove that your account is legit.
  • You may be prompted to like and share innocuous-looking photos of puppies and other animals on Facebook. These photos are actually posted by cybercriminals to generate tons of likes and shares. Once the photo has received a large number of likes, the fraudster will link the photo to a fake website that downloads malware to the computing device of anyone who subsequently clicks on that photo.
  • During the holidays, you’re likely to come across fake coupons from the major supermarkets, offering a certain amount off your next purchase. The ploy is to get you to fill out the details, which means you will be handing over your personal information to fraudsters.

Search engine phishing

This type of attack occurs through search engines. Cybercriminals setup well-optimized but fraudulent websites that can appear in the organic search results for popular keywords or search terms.

Voice phishing

With voice phishing (also known as vishing), the scammer impersonates a government agency or other organisation on the phone and tries to extract money or sensitive information such as banking details. Vishers use fear tactics to dupe you into thinking your money is in danger and you must act quickly. They threaten people with police arrest, deportation, license revocation, etc. Personal data can be gathered from social media profiles, providing fraudsters with sensitive details to make cyberattacks appear more legitimate. Fraudsters often spoof phone numbers to disguise the real origin of the call.

Pharming

Pharming is when a hacker manipulates the internet’s domain name system (DNS) by rerouting web traffic to a fake website with the aim of stealing confidential information. These “spoofed” websites can steal your personal data, including usernames, passwords, and banking information, or even install malware on your computer. This type of cybercrime is particularly worrisome because you can have a completely virus-free computer and still fall prey to cybercriminals.

How can I spot a phishing email scam?

The fact of the matter is, anyone can make a mistake.

It only takes a split-second lapse in judgement to fall into the hands of an attacker.

Fortunately, many phishing attacks often share the same warning signs that reveal their true nature as a phishing attempt.

According to Action Fraud, the following characteristics are common to phishing scams:

  1. One of the most obvious signs of a phishing email is that the sender’s email address will always be different from the web address of the legitimate organisation.
Notice a misspelling in the URL that claims to be from Facebook.

2. Most phishing emails often use generic greetings. Most legitimate companies have enough data about their customers to address them by name when communicating with them by email. This lack of personalization is often enough to help separate real emails from fake ones.

3. Never download an attachment from an unsolicited email even when you recognize the sender, as their email might have been hacked. The risk is simply not worth it.

According to the 2019 DBIR, email attachments were the leading cause of malware delivery in 2018 cyber incidents, with 45% of malware coming from attached Microsoft Word documents.

Account disabled phishing scam

3. Phishing email attempts will often seek a quick and emotional response from the recipient using inflammatory or threatening language, such as that your account may be terminated unless you act immediately.

4. The email contains a clickable link to a different site than the one it purports to come from. The destination web address might look like the proper address, but you should always realise that even a single character’s difference means you’re going to a different website.

5. The destination address looks fishy. If the email contains a clickable link and you want to find out where it leads without clicking the link, simply hover your cursor over the link and look at the URL in the bottom left corner.

6. The email includes a request for confidential details such as login information or bank details. Always keep in mind that most legitimate companies never ask for personal details in an unsolicited email.

7. The email claims to be from a leading brand, but is full of spelling and grammatical mistakes.

How can I avoid phishing attacks?

Phishing messages are getting more sophisticated and harder to spot. No matter how observant or vigilant you are, some may still get past you. Here are some tips to help you spot the most common phishing attacks.

  • Configure a spam filter that detects blank senders, spam, viruses, etc.
  • Always hover your mouse over links in emails to check where you’re being directed to.
  • Be especially wary of emails that try to put pressure on you to perform a specific action.
  • Update your operating system and applications with the latest security patches and updates.
  • Get a premium VPN that blocks malicious websites.
  • Install antivirus and antimalware
  • Convert HTML email into text only email.
  • Be wary of emails with links or attachments from people you don’t know.
  • Do not click on links from unfamiliar sources
  • Do not enter your personal details in to any website on the basis of an unsolicited email.

Suspicious Email Reporting Service

National Cyber Security Centre

Report a Suspicious Email to PayPal

Cyber Aware

Categories
CYBER SCAMS

Recruitment Fraud – How to Avoid Being Scammed

Reading Time: 4 minutes

With the unemployment chaos and hardship brought on by the Covid-19 pandemic, fraudsters are targeting vulnerable job seekers who are looking for work. Scammers will take advantage of every opportunity they can find, and the on-going pandemic has created a perfect storm for fake job scams to thrive. This scam has been so rampant that is has prompted some big brands to go as far as releasing public announcements stating that they never ask for money during their recruitment process.

Read on to recognize how this cruel scam works so that you know how to prevent yourself from becoming another victim of a recruitment scam.

How do fake job scams work?

Recruitment scams make it appear as if you’re being offered a job role. But in reality, there is no job, and the scammers are simply trying to get at personal information that you as a job seeker would freely provide to prospective employers. These include your full name, proof of address, social security number/national insurance number, bank details and copies of your passport. The scammers can then use these credentials to assume your identity and raid your bank account, apply for personal loans and mobile phone contracts or set up fake businesses in your name.

Recruitment scams are generally well organized and sophisticated, often using fake recruitment agencies and conducting telephone and video interviews with applicants. Some job scams even go as far as offering you employment. This can make it difficult to spot a fake job offer until it’s too late.

A fake recruitment scam typically begins with scammers flooding the jobs market with fake advertisements targeting people who are looking for work. You may discover several enticing job offers on the largest and most rusted job sites such as Indeed, Reed, CV-Library or LinkedIn. And even though they might establish fake companies to facilitate the scam, scammers can also spoof real companies and steal the identities of HR managers and recruiters to make their scam appear as authentic as possible. So, just because you find an enticing job offer on a big job site doesn’t mean that the offer itself is genuine.

Some recruitment scams also involve getting you to pay for fake online training to improve your CV so that you can be considered for the role. These bogus courses may look like they were put together by professional organisations, and you may even be provided with a certificate when you complete the course. In addition, you might be asked to complete a bogus background check that costs £50.  

What to look out for:

Fake job openings can sometimes be hard to spot. Fortunately, there are things you can do to prevent yourself from becoming a victim of a recruitment scam. Before you apply for any ‘hot job’, review the following warning signs that might indicate that the job offer is actually fake.

Does the company have a professional website?

Never assume that a job is legitimate just because the ad for the job is on a well-known platform. If you come across a job listing that looks very enticing, take the time to research the company before you apply. Start with the company’s website. If they don’t have one or the site is unprofessional or thin on content, consider that a red flag. A genuine company will have professional-looking website with real information about the company.

Look up the WHOIS information on the website to find out how old it is. If the company was only launched a few months ago, consider that another major red flag. Does the company have an active social media presence with genuine followers? If the company is not present or active on social media, it is probably safe to conclude that you’re actually dealing with a job scam.

Does the job offer sound too good to be true?

Steer clear of job listings that offers you above average income for part-time hours or where the qualification requirements are very low. Job scammers often list job requirements that are very simple to get as much interest in the role as possible. When searching for a job in your field, you should have a clear idea of the average salary your job pays, so you should be able to tell when a salary is unrealistic. If the pay rate is far higher than you would typically earn, consider this to be a major red flag. Remember, if it sounds too good to be true, there’s every chance that it is.

Check for grammar and spelling

Genuine businesses employ professional writers, and their job descriptions are always carefully worded and written with attention paid to things like punctuation, grammar and spelling. If the job requirements or description is poorly worded, vague, or is littered with capitalization, spelling and grammatical errors, consider these to be a big warning sign that the job is probably not real.

They ask you for money or confidential information
Legitimate businesses will never ask you for confidential information or to pay for something as part of the application process. On the other hand, job scammers often ask for bank account details, national insurance numbers and other confidential info as part of an elaborate scam.

If the job is a sensitive role in that it involves working with children or vulnerable people, you’ll be required to complete a DBS check. But before you do so, ensure the website is listed here: dbs-ub-directory.homeoffice.gov.uk/.  If you are required to take a course prior to starting work, verify that any course you are asked to take is provided by an accredited firm on nmj.cipd.co.uk/qualification-finder.

They offer you a job right away.

If a company contacts you out of the blue and wants to hire you right away based on your CV which they found online, you should be very wary of that job offer. Legitimate companies will always have a formalised procedure which involves at least a formal interview. You should be wary of any vacancy that offers a job without an interview process, as it is likely to be fake.

For more information on how you can protect yourself from recruitment fraudsters, visit: www.safer-jobs.com

If you have been victim of recruitment fraud, contact Action Fraud on 0300 123 2040.

Have you been a victim of a fake job scam? Please share your story in the comments.

Categories
CYBER SCAMS

LinkedIn Scams – How to Avoid Them and Protect Yourself

Reading Time: 4 minutes

As the world’s largest professional network, LinkedIn is probably the last place you would expect to be associated with internet scams. It is a powerful platform that you can use to cultivate professional business relationships. But cybercriminals target websites with large user bases, and LinkedIn’s 760 million members are very attractive to them. Furthermore, LinkedIn provides attackers with easy access to a treasure trove of personal information and corporate data that can be used to commit a range of cybercrimes such as spear phishing attacks and identity fraud.

Here are some of the most prolific LinkedIn spams to watch out for in 2021.

Phishing emails

LinkedIn phishing emails are fraudulent emails that are designed to fool the unsuspecting recipient into thinking that they have received an email from the social network. LinkedIn is the world’s most trusted social network, and that trust is why emails with “LinkedIn” in the subject line have an open rate of almost 50%.

Here are the most common LinkedIn phishing emails:

Bogus connection requests

Fake connection requests from fake users is one of the most prevalent scams on LinkedIn. LinkedIn members get used to clicking on links in these messages, and therein lies the threat. The email will look like an authentic LinkedIn email, with the exact LinkedIn logo and branding. It may also ask you to click the link to “visit your inbox now”, or ask you to “accept” or “ignore” the invitation. If you click any of these links, you are will be directed to a spoof webpage mimicking the official LinkedIn website where you will be prompted to type in your login credentials. The aim is to steal your personal information which can be used to commit identity-related fraud.

Cloned profiles

A LinkedIn profile gets cloned when a fraudster creates a brand new LinkedIn account in your name. When the account is created, the fraudster will copy all of your personal information to the fake profile, including photos, projects and credentials that they find on your account to make it look identical to your own profile. Once the cloned account is setup, your connections might receive a LinkedIn message from the fraudster that includes a malicious, active link for your connections to click on.

Fake support emails

Fraudsters send you a bogus email pretending to come from LinkedIn support. The email will often contain a clickable link to a bogus webpage where you’ll be prompted to confirm your login credentials by clicking on the link. In some variations, it might also say that your LinkedIn account has been blocked due to inactivity. Clicking on the link in the email can result in malware, spyware or some other type of malicious software being downloaded to your device. Alternately, you may be taken to a bogus LinkedIn webpage where you’ll be prompted to enter your login credentials.

What to do if you receive a fake LinkedIn message

  1. Do not click on links in emails that purport to come from LinkedIn unless you are absolutely sure of its source. You can check where the link is going by hovering over it. As you do this, look at the bottom left of your web browser, which will show you where you will be taken to on clicking the link. If it shows anything other than LinkedIn’s home page, you can be sure that you’re dealing with a scammer.
  2. Create a stronger password straightaway.
  3. Increase the security of your account by setting up two-factor authentication.
  4. Contact LinkedIn support.

Fake LinkedIn profile

There has been an explosion of fake LinkedIn profiles created by scammers for a variety of purposes. Some scammers create fake profiles to pose as recruiters or candidates in order to attract new connections. For example, a scammer might create a bogus profile pretending to be a job candidate so they can connect with other candidates who are in the same field. The goal of the spammer is to earn your trust and agree to connect when they send you an invite.

But connecting with a fake LinkedIn profile can give scammers a lot of important information about you, including details about your history and contacts. In addition, when you accepted their invite, fraudsters also got access to your LinkedIn email address. They can now check that email on sites like haveibeenpwned.com to find out if you’re using the same password on multiple sites.

Once you accept their invite, scammers will leverage this trust to send you messages that could contain malicious links. You might also receive fake job offers designed to steal personal information and other devious schemes. So, if you receive an invitation to connect with someone you don’t know on LinkedIn, be sure to check out the user’s profile before you accept that invitation.

How can I identify a fake LinkedIn profile?

It is important to know how to spot fake LinkedIn profiles so that you can avoid connecting with them. There are certain things to look out for that will indicate you’re dealing with a fake profile.

1. Fake photo

This is probably the most obvious sign that you can use to identify a fake profile. Scammers know that a profile without a photo is less trustworthy than a profile with a picture, so they tend to use professional, stock images for their photos. If you have reservations about a particular profile, you can check whether the photo is legitimate by doing a reverse image search of the photo on Google.

  1. Go to images.google.com
  2. Click the camera icon
  3. Paste in the URL for the image.

Google will show you where that image has been used online. If you see that the profile photo is a stock photo from Shutterstock, Getty Images, etc. or has been used on multiple LinkedIn profiles, then there’s very little doubt that you’re dealing with a fraudster.

2. Thin content

Fake profiles will have sketchy background information about the person that just doesn’t add up. It will often be incomplete, lack cohesiveness and contain generic work titles such ‘Manager’. Real profiles often contain relevant information that helps you understand the user’s background. If a LinkedIn profile lacks any meaningful information about the member, it is highly likely that the profile is fake.

3. Poor spelling and grammar

Many fake profiles will often have general presentation issues such as poor grammar and misspellings. The name might be spelt in all caps or all lowercase. Generally, these types of errors in a profile should raise a red flag.

If you come across a fake profile, follow these steps to submit a report:

  1. Click the More icon on the member’s profile.
  2. Click Report/Block
  3. Select Report this profile in the window that pops up.
  4. Select a reason why you think the profile is suspicious.
  5. Click the submit button to complete the process.

Categories
CYBER SCAMS

Impersonation Scams – What You Need to Know

Reading Time: 5 minutes

An impersonation scam occurs when a person is tricked into making a payment or providing sensitive information to a fraudster that claims to come from a trusted organisation such as a bank, the police, a utility company, or a government department such as the HM Revenue & Customs (HMRC). Almost 15,000 impersonation scam cases were reported in 2020, up 84 percent when compared to the same period in 2019.

Top impersonation scams

Clone firm investment scams

Clone firms are bogus companies that have been setup by fraudsters using the details of genuine companies authorised by the FCA (Financial Conduct Authority). With this scam, legitimate Investment firms are impersonated to trick people into parting with their cash. Victims are often contacted via social media platforms, marketing emails or search engine channels. Clone firms may offer you investments in products such as student accommodation, cryptocurrency, FX, shares and bonds that are non-tradeable, worthless and even non-existent. According to the FCA, consumers reported average losses of £45,242 each when investing with fraudsters impersonating legitimate investment companies.

How do clone firm scams work?

The process begins with fraudsters setting up a cloned website using the name, address and Firm Reference Number (FRN) of legitimate firms authorised by the FCA. Many of the content on the bogus website will be the same, but the contacts will be changed so that when you try to get in touch with the legitimate firm, you’ll be corresponding with the fraudsters instead.

How can I avoid being scammed in this way?

Clone firm scams are highly sophisticated, and often very difficult for ordinary people to spot. Even if you do some due diligence by checking the FRA register, it isn’t enough because you’re dealing with impersonation of a legitimate firm. This means the Firm Reference Number will be genuine. In fact, fraudsters often encourage victims to check the FRA register as proof of their legitimacy. If you are currently considering an investment opportunity, here are tips offered by the FCA to avoid falling victim to this scam.

  • Check out the regularly updated warning list of firms that you should avoid doing business with.
  • Only deal with investment firms on the FCA register to ensure you’re dealing with an authorised firm.  
  • Use the phone number on the FCA register to ensure that you are dealing with the legitimate firm.
  • Consider getting impartial advice before going ahead with the investment opportunity.
  • Contact the FCA’s consumer helpline for advice.
  • When researching a company online, make sure the name of the firm is spelt correctly.

Make sure you check the register by typing register.fca.org.uk because the Register has also been cloned by fraudsters.

HM Revenue & Customs (HMRC) Scams

In the UK, scams impersonating the tax authorities have been going on since at least 2016. HMRC is a key target for fraudulent campaigns mainly because it is a government department and one of the UK’s most trusted bodies. Media reports suggest that nearly 1 million people in the UK have received calls, emails, texts or emails from criminals impersonating tax officials in the last year. According to the National Trading Standards eCrime unit, HMRC scams are most prevalent around paper and online tax deadlines.

Tax refund email scams

Millions of self-employed Brits who file Self-Assessment tax returns each year are the primary targets for tax refund scams, especially in the run up to January’s tax return deadline. Around this time, many received legitimate-looking emails with the HMRC logo that claims they are owed a tax rebate to help protect themselves from the coronavirus (COVID-19) outbreak. The aim of these scams is to trick you into providing sensitive information such as your bank details.

Tax scam emails are becoming increasingly sophisticated, and can be hard to spot because they often appear to come from official government email addresses. They contain the taxman’s official GOV.UK logo, along with the crown. They can also include official-style reference numbers, reference your government gateway account, and are even signed off with the name and/or signature of a real HMRC employee.   

How to spot fake HMRC tax emails:

Fake HMRC tax emails are becoming increasingly difficult to differentiate from the real thing. HMRC have also admitted that many smart fraudsters now have access to falsified ‘from’ addresses to look like an authentic HMRC address, for example ‘@hmrc.gov.uk. But here are a few things to keep in mind that should make it easier spot a fake email purporting to be from HMRC:

  • Spelling errors and mistakes with the email’s text is an obvious give away.
  • HMRC does contact people about outstanding tax bills, and uses automated messages at times. However, these calls will always include your taxpayer reference number.
  • HMRC will never ask you to disclose confidential information such as your full address, postcode, Unique Taxpayer Reference or bank details
  • Be suspicious of tax emails that pressure you to act immediately. HMRIC have confirmed they do not make these types of threats or demands.
  • HMRC will never send an email or text asking for sensitive information like bank details or personal information for tax rebates or refunds. They only ever send such letters by post. If you’re asked to share sensitive information like bank details to get a tax rebate, you can be 100% sure that it’s a scam.
  • Be cautious of an email that starts with a generic greeting such as “Dear customer”. Emails from HMRC will always use your registered name.
  • HMRC will never provide a link to a secure login page. Customers are advised to avoid clickable links within emails and text messages and navigate directly to the secure website and log into accounts directly.

What to do if you receive an email you suspect might be fake

If you receive such an email, HMRC requests that you forward all suspicious emails to phishing@hmrc.gsi.gov.uk for investigations. You can forward suspicious text messages to 60599. Text messages will be charged at your network rate. And if you have cause to believe you may have fallen victim to such a scam, you are advised to report the matter to your bank/card issuer ASAP. 

If you are ever unsure about the legitimacy of an email, here’s HMRC’s phishing email guide that provides some insights into how to recognize a fake tax email. HMRC have also published guidance on what’s genuine HMRC communication, and what’s bogus.

HMRC Phone Scams

HMRC phone scams involving criminals impersonating a tax official are often targeted at the elderly and vulnerable. They typically begin with an automated call from “Officer xxx from HMRC” with a warning that there is a criminal court case filed against you and a warrant out for your arrest.

You are urged to call the number provided in the call immediately. On calling that number, you’re likely to be informed that you have an outstanding tax bill that requires urgent payment. You may also be threatened with a criminal record if you refuse to pay. The amount of personal information that the professional-sounding man shares about you is likely to convince victims that the impersonator is genuine.

Tax scam text messages

One of the most widespread messaging scam is bogus notifications from HMRC. Cybercriminals use text message spoofing where they substitute the SMS sender ID to make the message appear to come from HMRC rather than a phone number. These messages will typically include hyperlinks to websites that will harvest your confidential information or download malware to your device.

Examples of messages you might receive include:

  • Tax refund: Recipients are told they are entitled to a tax rebate and to click on the included link to claim their refund.
  • Goodwill payment: A Covid-19 scam informing customers they are entitled to a “goodwill payment” with a link where you can apply for this payment.  Here’s an example of the scam wording: ‘As part of the NHS promise to battle the COV- 19virus, HMRC has issued a payment of £258 as a goodwill payment. Follow link to apply.’.
  • ‘£250 fine’ text message: This text message claims you are going to be fined £250 for leaving the house more than once. The message also includes an 0800 number to call to appeal and a link for more info.
Categories
CYBER SCAMS

How to Easily Spot and Avoid Instagram Scams

Reading Time: 4 minutes

With over 1 billion active monthly users, Instagram is now the most popular photo and text sharing platform in the world. 100 million users login every day to share everyday activities and moments. Unfortunately, this popularrity has also made Instagram become a regular hunting ground for ruthless attackers. According to the BBC, Instagram fraud reports hae increased by almost 150% since the pandemic began. And if you don’t have your guard up, you might unwittingly become the next victim of the numerous scams that proliferate on the platform.

Read on to learn about some of the most common scams on Instagram so that you can protect yourself, your money and your identity.

Counterfeit products

According to a study by analytics company Ghost Data, fake brand accounts selling counterfeit goods have almost tripled on Instagram over the last three years and account for 65 million posts a month. The most commonly faked products are bags, shoes and clothes by high-end retailers such as Apple, Gucci, Nike and Louis Vuitton. These fake accounts boost their popularity with fake likes and followers and make consistent posts that help to make them look like the real deal. Ghost Data estimates that as much as 20% of all posts covering fashion promote fake products and more than 50,000 accounts are hawking counterfeit products every day.

To avoid getting scammed, check the account you want to buy from carefully. Is the account verified? The big brands should have a blue verification badge on their account. Click the link on the account to find out at what the URL links to. Most importantly, use common sense and consider whether it makes sense for a traditionally expensive product to be offered at such a low price. If they have odd payment methods, that should be another major red flag.

Fake Investment schemes

One of the most prolific scams on Instagram are the fake investment schemes that are has ensnared many young people. The scam targets followers of financial institutions on the platform. According to an Action Fraud report, hundreds of young people aged between 20 and 30 are increasingly falling for these cheap “get rich quick” schemes which has cost 164 victims £358,809 in the UK alone. The scam often begins with a direct message that lures the unsuspecting user to an awesome looking Instagram page featuring a man surrounding himself with exotic cars and private jets.

The criminals convince their victims to hand over money with the promise that they will multiply their value by trading on the stock market or by buying and trading foreign currency. The scam promises a massive return on a £600 investment within 24 hours. The feed of the page contains genuine-looking proof in the form of images, testimonials, reviews and videos. But shortly after, the scammer gives the victim excuses as to why they cannot return their money and profits unless more money is sent. Eventually, the victim is blocked from contacting the scammer.

You can avoid falling for this scam by not responding to direct messages that include requests for money from strangers. Before you sign up to any investment-related offers, always verify the identity of the supposed financial company with the Financial Conduct Authority (FCA) or the Securities and Exchange Commission (SEC).

DM Phishing Scams

There are several variations of this scam. For example, you might get a direct message supposedly from Instagram claiming that your account has been hacked or that you’ve been approved for a verification badge. In other cases, you might get a message that your photos have been featured on a porn site, or a message warning that you’ve infringed upon an image’s copyright and will need to fill out a form to avoid having your account suspended.

Whatever the case may be, the aim of these types of messages is to get hold of your login credentials. These messages will usually include a malicious hyperlink. If you click on the link, you’ll be taken to a fake Instagram login page where you’ll be prompted to login with your email address and password.

Here’s what can happen if you do login to that page:

  • You’ve provided your login details to a fraudster.
  • You will usually be locked out of your account.
  • Your identity is likely to be stolen.
  • The scammer will attempt to login to all of your online accounts.
  • Malware will likely be sent out to your followers, friends and contacts. 

Use common sense when dealing with any message you receive. Avoid clicking on links that are included in any of these type of messages. You may also want to enable two-factor authentication to protect your account.

Fake giveaways

Giveaways are generally used as a legitimate marketing tactic, but some are scams with non-existent prizes. The main aim of these fraudulent giveaways is to gather as much personal information as possible. The best way to identify a fraudulent giveaway is by looking at the account sponsoring the promotion. If the account has an official company name plus “giveaway” as it’s username, it’s probably fake. When real companies have a giveaway, they don’t create a separate account or the giveaway. They do it through their official account.

Useless courses

This scam consists of rip-off courses and workshops promoted by so-called experts. Aspiring bloggers and influencers are often caught out by this scam. Before you spend big money on courses, it is important to vet them carefully. Ask for unequivocal money-back guarantees and testimonials from previous students.

Have you been targeted by fraudsters on Instagram? Please share your story in the comments.

Categories
CYBER SCAMS

Facebook Scams: How to Stay Safe and Secure

Reading Time: 12 minutes

If you have a Facebook account, you must realize that you’re at risk of being targeted by fraudsters. With opportunistic criminals doing everything they can to take advantage of a user’s social and psychological naivety, it’s no surprise that scams on social media are at unprecedented levels, and Facebook’s 2 billion+ monthly active users makes the platform super-attractive to fraudsters looking for potential victims. 

Read on to learn about some of the most common scams that have occured on Facebook.

On average, over 4.75 billion items are shared by Facebook users each day. Many of these items include links posted to open community fan pages. Unfortunately, many of these links are primarily designed to redirect you to pages that have been infected with different types of malware. Be aware that, unlike in the past, viruses can be downloaded to your computing device just by visiting to an infected webpage.

  • Whenever there’s a big news story, attackers will hijack the story to create posts that contain malicious, clickable links and post them all over Facebook. Clicking the link often leads to a blank page, and users might think they’ve simply clicked on a bad link. But just by visiting that page, malware has already been downloaded to that user’s computing device.
  • Attackers create posts with sensational headlines that are designed to appeal to your emotions and entice you to click on the link. For example, “Win a free iPad!” or “Win a trip to Dubai!” More often than not, these posts are scams. They’re an attempt to get you to enter your personal information into a bogus webpage that you’re taken to once you click on the post.
  • If any of your friends’ accounts have been hacked, attackers will often create posts that contain malicious links and post them on your timeline. The fact that the post was shared by a friend is designed to lure you into a false sense of security that the link in the post is safe because it is coming from your friend.
  • Fraudsters use links to videos with the tag “is this you?” or “Hey (your name), what are you doing in this video lol! ” The message will be sent from someone you’re friends with on Facebook. The aim is to get you to click the link, which either directs you to an infected page or asks you to download an application to view the material.

Spoofed Facebook Phishing Emails

According to Vade Secure, a company that specializes in email security, Facebook ranks second in their list of most impersonated brands in phishing campaigns. These campaigns can take several forms. In one example, potential victims are told in an email that their posting privileges have been temporarily restricted for violating Facebook’s standards.

You may also receive fake notification emails. Basically, they spoof Facebook’s email messaging service to make it look as if you have an official message from the platform. The main objective is to get you to click on a malicious link to a bogus Facebook page. Cybercriminals can also develop spoofed Facebook webpages that mimic the real thing. Once you login with your username and password, you’re handing over your credentials to the cybercriminals that created the page.

If you come across a webpage that prompts you to re-login to your Facebook account, take a good look at the address in your browser’s address bar. It must read ‘facebook.com’. Close any page that either doesn’t start with www.facebook.com or contains something between Facebook and .com. The page is fake.

Hijacked Facebook accounts

Unfortunately, Facebook hacks occur quite often. The New York Post reports that as many as 160,000 Facebook accounts are compromised every day. When an attacker hacks into a Facebook account, the victim’s connections are often the targets, not the account owners themselves.

The attackers can exploit your family and friends by reaching out and asking for money. They will look through your message history to identify the people that you interact with the most. They will then impersonate you and engineer some kind of crisis to convince the people who care about you to send money to a special account to help you out. Some messages will include a malicious link that infects the devices of people that click on it with malware or leads to a bogus web page designed to steal personal details.

Fake vouchers

For years, fraudsters have been flooding Facebook with tons of discount vouchers supposedly from the likes of the biggest supermarkets and high street stores such as Primark, Waitrose, Morrison’s, Tesco, Aldi and Sainsbury’s. The post includes a clickable link that takes victims to a bogus website where they’re prompted to enter personal information.

Users are also asked to share the voucher with their friends on Facebook. These vouchers exist to steal your personal details and infect your device with malware. As mentioned earlier, simply clicking the link to check out the website is sufficient to download a virus to your computer.

Examples of fake vouchers:

Facebook ad scams

Scam ads on Facebook are bogus ads created by cybercriminals that are designed to not only con people out of their money, but to steal their identity as well as their financial details. According to consumer group Which?, scam adverts aimed at UK consumers have conned almost one in ten people into paying for sham purchases. To facilitate their scams, cybercriminals hijack Facebook accounts and run fake ad campaigns through those accounts using stolen credit cards. Even if those ads only run for a few hours before getting terminated, a few hours are all fraudsters need to see massive returns.

The subscription trap.

The subscription trap is a scam that is targeted towards baby boomers, and different variations of the scam have appeared on Facebook and various search engines. The scam begins with an ad in your news feed that features an intriguing story about one of your favourite celebrity likes. When you click on the ad, it takes you to a fake news article on a spoofed website that mimics Fox News, TMZ, or People magazine. According to the article, the celebrity has created an amazing new skin cream that they can try for a small fee. Model Christie Brinkley was actually used in one of these fake celebrity endorsements for a fake anti-aging skin cream scam. You are encouraged to make a small credit card payment for a “free trial” of the product. At that point, you’re charged $4.99 for shipping.

Although you do get the product which Christie Brinkley has nothing to do with, by purchasing the free trial, you’ve inadvertently signed up to an expensive monthly subscription which can only be cancelled by cancelling the credit card used for the purchase. Within a month of paying for that product, another charge is made on your credit card. It is estimated that fraudsters have stolen more than $1.3 billion from unsuspecting users with this scam. 

In the UK, baby boomers were hit with scam ads on Facebook promoting CBD oil falsely endorsed by Fern Britton and David Attenborough. According to one victim, the ad promised a sample for £2.50, but £170 was later removed from her bank account.

Nonexistent products.

Fraudsters are setting up ads on Facebook without any intention of delivering those products to customers. Ads are hooking victims by offering these products at insanely low prices. And scammers are able to target users with many different types of scams based on their likes, interests, age, location and behavior. Furthermore, if you happen to click on one scam ad, you’re likely to see more of those ads because of the way the Facebook algorithm works. What you must always keep in mind is that if it sounds too good to be true, it is definitely too good to be true.

Cryptocurrency investment trading software scam.

The cryptocurrency scam is one of the most prolific internet scams that has ever appeared on the internet. The scam has appeared on Facebook, MSN News, Twitter, Instagram, and many search engines including Google and Yahoo!. Individual losses have been as high as £200,000, and it has impoverished people in several countries with many victims around the world losing their homes and assets.

How does the scam work?

There are countless variations of the scam, but generally, they all proceed in the same way. The scam begins with a potential investor searching for terms related to Bitcoin or cryptocurrencies. The budding investor is then presented with a fake news story in their newsfeed that features a well-respected, famous celebrity appearing to discuss a specific bitcoin investment scheme. Who you see in your feed will depend on where in the world you live. For example, users in France might see football sensation Kylian Mbappe, users in Australia might see actor Chris Hemsworth, and so on.

After clicking the advertisement, the unsuspecting user is automatically directed to a spoofed website that is built to resemble a well-known mainstream media publication. For example, if you are in the UK, you could be redirected to a fake Mirror news website using a stolen image of the celebrity that was featured in the fake story in your newsfeed. Other users may be directed to a fake BBC news page featuring different famous personalities appearing to endorse the bogus bitcoin investment scheme.

Entrepreneur Richard Branson featured on fake Mirror page
Martin Lewis fake endorsement crypto scam
Finance expert Martin Lewis featured on fake BBC page
Entrepreneur Lord Sugar featured on fake News Media

Using highy trusted websites and famous faces are designed to build trust in the product. The fake news stories all claim that the featured celebrity made an astronomical amount of money using a revolutionary automated cryptocurrency trading software which touts itself as “software which enables anyone to trade Bitcoin profitably.” In reality, the news stories are fabricated advertorials, the software doesn’t exist and there are no profits to be made.

If you choose to believe the hype, you’re asked to scroll down to sign up if you want to earn “life changing amounts of money”. Those sucked in by the well-known faces and promises of quick riches register for an offshore CFD (contract for difference) broker.

Shortly after signing up, you’re contacted by an “investment manager” who convinces you to get the ball rolling by purchasing £250 worth of bitcoin. Once you sign up, you’ll receive a link and login details by email to a bogus trading platform.

Over time, your bitcoin value will appear to soar, and the investment manager will keep contacting you to encourage you to buy more and more bitcoin. For example, if you invest £5,000 into the scheme, your investment will be valued at £50,000 on the platform. But once you decide to cash out, the investment manager will transfer some funds to your bank account which is often enough to reassure some people to continue investing rather than cashing out.

But when you do decide to cash out, the investment manager will submit a request for their 10% commission, which you’re required to pay into a bank account before you can cash out. Once that payment is made, you’ll never hear from the investment manager again.

In the UK, at least 108 people claimed they had lost just under £1.5 million in total to the scam.

Fake goods on spoofed websites

Counterfeit products are being peddled by fraudsters impersonating big high street names. What fraudsters will do is use website spoofing to create malicious online shopping sites that are replicas of legitimate and established retail websites. These spoofed websites will have the corporate logos, fonts and brand colours of the real sites. These malicious online shopping stores are hosted by legitimate e-commerce service providers like Shopify.

There are a lot of scammers that operate Shopify stores because the platform has a low barrier or entry, and it’s very easy to get a Shopify store up and running within hours. These scammers also make sure that the country that they’re based in is one with lax fraud prosecution laws. This makes Shopify a perfect platform for scammers.

What these fraudsters will then do is steal photos of branded images and retailers’ stock from legitimate websites and feature these products on their stores at knockoff prices, lower than you can find anywhere. They will then setup Facebook and Instagram ads using the stolen photographs and brand images. When you click on the link in the Facebook ad, you are redirected to one of these spoofed websites which looks exactly the same as the retailers.

How to identify a fake website

Cybercriminals are very good at what they do, so it can be difficult to identify a spoofed website. But the last thing you want to do is to enter your financial details into a fake website. This means you need to be super vigilant when shopping online. Here are a few things to look out for when identifying a fake website.

1. The domain name is fishy. This is often the best way to identify a spoofed website. Many of these websites even use HTTPS, so it can sometimes be difficult to tell that you’re on a scam website. But if you take a closer look, you’ll see that the domain name will always be off, 100% of the time. And even though these fake websites will sometimes use a domain name that references an established brand name, it will never be the actual brand name. For example, instead of www.asos.co.uk, you may be taken to something like www.asosdiscounts.com or something like www.discountbrandstore.com.

2. The offer is too good to be true. If it sounds too good to be true, it is probably a scam. Fraudsters target bargain hunters by advertising fake or counterfeit products at heavily discounted prices, using stolen photos or branded images.  

3. They use odd payment methods. If you buy something that doesn’t turn up or turns out to be counterfeit with a credit or debit card, you are entitled to get your money back. Fraudsters are well aware of this, so they will often ask for payment by bank transfer or some other methods. If you’re asked to pay via bank transfer, wire transfer or some other method, that should be a major red flag.

4. Take a closer look at different pages on the site. Look for contact information. If there is no contact information and all the site offers is a form to fill out, consider that a red flag. 

Facebook Marketplace

Facebook Marketplace is an online shop similar to sites like Gumtree and Craigslist. It allows users to flip old items they no longer need or buy second-hand goods in their local area.The platform has added Facebook Checkout which provides some degree of protection from scammers through Facebook Purchase Protection. Nevertheless, you should always have your guard up when doing business on Facebook Marketplace.

Here are potential scams to watch out for on Facebook Marketplace.

  • Counterfeit or fake products: a seller advertises genuine products at an incredibly low price, but when you receive the item, you discover the item is either fake or doesn’t work. If the seller is in your local area, try to inspect the item before you pay for it.
  • Criminals often use Facebook Marketplace to quickly get rid of stolen goods, especially things like bicycles, tablets, laptops and smartphones. Buying stolen goods can get you into a lot of trouble with the police if they’re traced back to you, so be cautious when buying.
  • If you will be using PayPal to pay for an item, never select friends and family payments. If you do, you’ll never be able to dispute a transaction if something goes wrong, and fraudsters are well aware of this. If a seller insists on that method of payment, consider it a major red flag.
  • If you’re selling anything, avoid using Venmo as a payment processor. The app forbids using the platform to receive funds for selling anything. It is also often used by scammers to buy items using stolen credit cards. Sellers have suffered huge losses with buyers using the app.

Before you do business with anyone on Facebook Marketplace, first of all make sure that the person has a full Facebook profile with history. If you see only a few pictures, very few or no friends or the profile was only recently created, consider that a major red flag. If you’re selling anything, be wary of anyone who insists on one form of payment.

How to avoid being scammed on Facebook

Facebook has been putting a lot of effort into tackling scams on the platform, and you can do your bit by report ingsuspicious activity directly to Facebook.

Facebook has also launched a scam fighting tool to combat scams on social media. In addition, Facebook has also donated £3m to fund Citizens Advice Scams Action, a new anti-scams project now providing one-on-one help to people who have been victims of scams.

But the scammers are still out there. Here are some things you can do to protect yourself.

  • Update your Facebook settings so that you are notified and have the ability to allow or disallow tagging of your profile by anyone.
  • Uninstall apps that ask for permission to access your Facebook credentials. These apps are often spyware.
  • Do not save login information on your smartphones or browsers.
  • Logging into your Facebook account over a public computer or shared computer can leave your account at risk.
  • Remove malicious Facebook applications.
  • Don’t forget to log out of your account whenever you use shared computers.
  • If you receive a message that looks suspicious, report it to Facebook by tapping the ‘Something’s Wrong’ button.
  • If your account wasn’t just compromised, but the hacker is actually sending out spams to your friends, report it to Facebook via Facebook.com/hacked.
  • If you received an email supposedly from Facebook that looks suspicious, forward it phish@fb.com.
  • Always keep in mind that Facebook will never send strange links or attachments in their emails. If you get any of these emails, report it.
  • If you’re being targeted by anyone on Facebook, you can block, report, ignore or delete their messages.
  • If you suspect that something is not right with a particular account, report it.
  • If you have received notifications from Facebook that you find suspicious, you can report them by clicking here.  
  • If you purchase a product that never arrives, you can report the seller. To do that, visit the seller’s profile, which can be found at the bottom of the product profile. Tap on the “Seller Info” section, and there you’ll find a “Report” button.

If you’ve been the victim of scam, you can report it to Action Fraud on 0300 123 2040 or use their online reporting tool.

Categories
CYBER SCAMS

The Most Common Apple ID Scams to Watch Out For

Reading Time: 7 minutes

Apple devices have a strong reputation for being highly secure and even resistant to most forms of malware. However, users of Apple platforms and devices can still be susceptible to online scams that target user trust to solicit sensitive data such as login credentials and personal information. Cyber scams involving Apple IDs are generally phishing attacks, and accounted for a third of all data breaches in 2019.

There are over one billion active Apple devices which require Apple IDs to access Apple services such as iCloud, iMessage, Apple Music, etc. Apple have repeatedly stated they will never ask for personal details by text or email. But the nature of some of these scams means there are times when you may be fooled into thinking that you’ve been sent some legitimate correspondence by Apple.

Why fraudsters want your Apple ID

Your Apple ID is valuable to fraudsters because it is what you use to access anything Apple-related and store a lot of valuable information. You use it to login to your all of your Apple devices. It includes your payment and shipping information, and it allows you to access your subscriptions, in-app purchases, etc. Your Apple ID is also used to access iCloud, where you can store private photos and other types of valuable files that can be used to target you if they fall into the wrong hands. This is why you need to guard your Apple ID with everything you’ve got.

Here are 7 of the most common and dangerous Apple scams to watch out for.

iCloud phishing scams

Cybercriminals behind Apple email phishing campaigns create authentic-looking invoices and email messages that can be very convincing if you’re not paying attention. You may receive messages purportedly from Apple support saying that your iCloud account has been locked for security reasons. The message often includes a live, malicious link that will take you to a bogus Apple login page, hoping you’ll be tricked into giving up your credentials on the fake page.

Some of these emails will include Apple’s support number and official address which can be a near carbon copy of an email you might actually receive from Apple. These emails have been successful in tricking many unsuspecting Apple customers into handing over sensitive data to fraudsters.

Here’s an example of a fake iCloud message:

If you have received a phishing email that is designed to look like it came from Apple, send it to reportphishing@apple.com.

Fake receipt or invoice scams

This type of scam is designed to fool the recipient into thinking that a 3rd party has misused their Apple ID to make a fraudulent purchase. The receipts or invoices used appear to be official Apple documentation, and if you’re not paying attention, they can fool you into thinking it came from Apple.

Here’s an example:

If you’ve received such a message, your first instinct would be to contact Apple to cancel the purchase. This is what the fraudster is banking on. And the fake invoice will conveniently have a link that you can quickly click to cancel the purchase. When you do click, it will bring you to a bogus Apple webpage that is designed to steal your personal information.

iMessage scams

With the exponential rise in smartphone users, you’re just as likely to receive a phishing message through iMessage. There are various variants of this scam. You might get a message that claims to come from Apple support saying your Apple ID has expired or is going to expire on the day you receive the message. You’ll be prompted to click on a link in the message to restore your account.

Other variations of the scam inform the recipient that their account is about to be deleted unless they click on the link included in the message. If you happen to click on the link, you’ll be taken to a fake webpage that mimics the legitimate Apple website. When messages are sent via iMessage, they often arrive from an undisclosed sender. Some of the text messages include an anonymised phone number with an overseas code. 

Here are Apple’s top tips that can help you spot phishing scams:

  1. The sender’s phone number or email doesn’t match the company name it claims to come from.
  2. Apple will NEVER ask you to provide personal details by text message or email.
  3. Your email address doesn’t match the one you gave the company.
  4. The message asks for sensitive information such as your credit card details, account password or personal information.
  5. The link in the email looks authentic, but takes you to a website with a URL that is different from the company’s website. 
  6. The message uses a generic message such as “Dear customer” rather than your real name. Legitimate companies will often address you by your real name. 
  7. The grammar and spelling is often poor, but this is not always the case.
  8. The message looks very different from other messages you’ve received from the company.
  9. The message is unexpected and includes an attachment.

Persistent pop-up ads in Safari

Pop-ups include random ads, offers or alerts that suddenly open in your current browser window or in a new window. There are many variations of this scam. Some will claim your Apple device has been infected with a virus. Others might provide a fake number for you to contact Apple support. They may also claim to offer software updates, plug-ins or free downloads to try to trick you into downloading malware onto your machine.

Be aware that some ads and pop-ups have fake buttons that resemble the close button, so you’ll need to be very careful when closing them. If you’re not sure how to close them, simply close the Safari window.

Here are some tips from Apple to help you manage pop-ups and other random interruptions.

·      Always ensure that you’ve installed the latest security updates for all of your Apple products. Many of the updates contained in the latest releases include enhancements that help to control pop-ups.

·      The App store is the safest place to download apps for your Mac. If you need 3rd party software for your computing device that is not available in the Apple App Store, get it directly from the developer or a trusted source, rather than through an ad or link.

·      Keep Safari’s security settings switched on, especially Block Pop-ups, for pop-up windows, and Fraudulent Website Warning.

To switch on these settings on your iPhone, iPad or iPod touch, go to Settings > Safari. On your Mac, you can find these options in Safari > Preferences. You can switch on fraudulent site warnings in the Security tab.

If you see persistent ads or pop-ups on your Mac, you may have inadvertently downloaded and installed adware when downloading apps or games on 3rd party sites. To get rid of adware from your Mac, update to the latest version of MacOS. This operating system includes a built-in tool that removes known malware when your Mac is rebooted.

Fake apps

Apple is extremely vigilant at keeping malicious apps out of the iOS App Store. However, hundreds of counterfeit apps masquerading as the real thing have been able to slip through the cracks. Some of these dangerous apps have ranked in the Top 100 of the official app store. In some cases, they have been downloaded more than 100,000 times. One example of this type of malware is a backdoor malware that masquerades as a legitimate software program. It performs the same functions as the real app, but also installs additional malicious software that can provide a backdoor into your Mac platform, allowing attackers access to your sensitive data.

Due to bugs in Apple’s app store algorithm, some of these apps can appear high in the search rankings, increasing the likelihood that they will be downloaded by some unsuspecting users. This is why it is so important to always be on your guard for apps with vague app titles and questionable reviews.

Ransomware

Ransomware is a type of malware attack where your computer is rendered inaccessible until you pay a ransom to get your files decrypted. Even though ransomware is mainly a concern for Windows computers, Macs have been affected by ransomware attacks, even though there hasn’t been a serious ransomware outbreak on the Mac or any Apple hardware.

Nevertheless, security experts maintain that Apple users are vulnerable to WannaCry-type attacks. To protect your Apple device from ransomware, consider installing the free RansomWhere? App. This app runs in the background and watches for any activity that resembles a ransomware attack, such as the rampant encrypting of files. It then halts the process and lets you know what’s happening.

Scam phone calls

An Apple phone scam begins with you getting a call from a fake support technician claiming to be calling on behalf of Apple. The scary thing is that some fraudsters may contact you using spoofed phone numbers. This means the number that is displayed on your phone would be a real Apple number, with Apple’s logo, official website, customer support number, and actual address. This way, everything looks authentic. But what is even more scary is that if you are an iPhone owner and you request a call back from Apple’s customer support, the bogus call will get indexed your phone’s “recent calls” list as a previous call from Apple Support line.

The reason fraudsters will give for the call is that your device has been infected with malware, and they’re calling to help you get rid of it. They will try to talk you into downloading remote access software, which will allow them to connect to your computer and be able to access everything on it. The plan is to download malware and take full control of your computer to steal all of your sensitive information.

How to deal with scam Apple phone calls

·      Apple support will never contact you out of the blue to fix anything. You would have to initiate the process with a request for support. If anyone calls you claiming to be from Apple, turn down whatever they are offering and hang up the phone.

·      Never provide personal information over the phone.

·      Never grant remote access to anyone over the phone unless you initiated the process yourself, and you are 100% sure that you are dealing with Apple support.