Category: email

Christmas is a time when it’s so easy to get distracted – presents to buy, family and friends to feed and, often, it involves more travelling than the big fella with the beard. But when there’s so much going on, it’s easy to let your normal common sense lapse. Scammers know that all too well, meaning the holiday season is a prime opportunity for them

How to spot scam websites

Have you ever been on a website that just feels a bit off? Something about it that doesn’t feel right? One of the most prevalent scams during the Christmas season are fake websites. Scammers create sites that mimic well-known retailers, offering enticing deals and discounts to make you want to click. These scam websites can be very convincing. But interacting with them gives criminals either your personal details, your money or both.

While losing money is bad for obvious reasons, criminals stealing your personal details is no laughing matter either. If they get vital information, such as your name, login credentials or credit card number, they can use them for identity theft or sell these details to other criminals on the dark web.

How to avoid scam websites:

• Stick to online shopping sites you know and access them only through their official websites.
• Check the website URL (web address) for any mistakes.
• If it’s an online store you don’t know or haven’t previously used, check their contact information and returns policy, as legitimate shops don’t hide them.
• Search for reviews on trusted review sites. Watch out for exclusively positive reviews from profiles that sound fake, such as Amy113 and Tim231.

How to spot too good to be true deals

We’re all hunting for the biggest bargains this Christmas, especially with the cost of living. But our search for great offers can lead to taking bigger and bigger risks. While many Christmas shopping deals are genuine, some are just too good to be true. Scammers may advertise products at unrealistically low prices to lure shoppers.

But let’s face it, no one is going to sell a new iPhone for £100. Once a payment is made, the scammer disappears. Alternatively, you’ll get something totally different than what was promised. Another trick is to offer a discount for a very limited time. For example, saying a sale ends in just 10 minutes. This trick is used to make you buy fast and carelessly, so you don’t have time to validate the seller’s authenticity.

How to avoid too-good-to-be-true deals:

• Be sceptical of deals that seem too good to be true, and very short-lasting deals.
• Shop with well-known, reputable retailers.
• If you do see a deal with a retailer you’ve never shopped with previously, do you know someone who has previously shopped there who could recommend them?
• Like with fake websites, check trusted review sites and check social media for any complaints.
• Use price-comparison websites to ensure the deal is consistent with the market price.

How to spot delivery scams

When time is short, online retailers are convenient. But while you might gain time in skipping the high street, you’ll often lose it again waiting for the deliveries to come. That can cause anxiety, especially if you need to head out on other errands, and scammers will seize on that apprehension. That’s why they’ll try their luck sending fake delivery notifications as a text message to your phone – even managing to mimic the company’s name in the sender line.

These scam messages seemingly come from the likes of FedEx, DHL, Evri or other well-known delivery companies claiming they have a package waiting for you. To arrange a delivery, they will ask you to install their app or click the link in the message. However, these apps or links are malware that may steal your bank credentials and eventually your money.

How to avoid delivery scams:

• Verify the tracking number independently through the official carrier’s website.
• If you need to arrange a delivery, do it from the carrier’s web page or on the phone.
• Do not install applications outside of official app stores and have antivirus installed.
• Never click on a link. Again, anything that needs to be verified can be done independently through official channels.
• Be cautious when providing personal information in response to unsolicited delivery notifications.

How to spot email scams

Your inbox will be filled with emails this time of year from lots of high street or online retailers featuring great Christmas offers and deals. But amongst them will also be scam emails. Scam emails combine many of the tricks mentioned above and are one of the most common ways that scammers will use to try and steal your money and personal information.

They are disguised as coming from well-known brands and direct you to scam websites with enticing offers or delivery notifications. Another typical trick is to tell you that your payment or credit card was declined, and to change it, you just must enter your credit card number again. Scam emails can also lure you to download malicious attachments.

How to avoid email scams:

• Always double-check the email sender’s address. Legitimate retailers use domain names that match their brand.
• Be wary of unsolicited emails and don’t click on suspicious links. Instead, visit the retailer’s official website directly.
• If an email says that your payment or card was declined, go to the service in question through their website, not the link in the email.
• Don’t open suspicious attachments. If your antivirus warns you, do not skip the warning.

How to spot social media scams

We spend a lot of time on socials, and these platforms can be a great way at finding deals, discovering new products (#TikTokMadeMeBuyIt) or entering giveaways or competitions. But, you’ve guessed it, because these are popular online pastimes, scammers will try and lure you in on social media platforms, often through fake contests.

You’ll have seen these posts or received direct messages like these in the past. These posts promise free products or gift cards in exchange for personal information or sharing the post.

How to avoid social media scams:

• Verify the legitimacy of the social media account or page before participating in any giveaway or contest.
• Be cautious when asked to provide personal information in exchange for freebies.

It’s important to recognise that scammers are active all the year-round. While they may amplify their efforts during Christmas, they don’t take a holiday for the rest of the year. Whether it’s Christmas or any other time of the year, remember to remain informed, stay safe, and safeguard your financial well-being. Happy shopping, and may your online journeys always remain free from scams.

Public encouraged to continue reporting suspicious emails after 6.4 million reports were received in 2022.

• NHS tops list of government impersonation scams reported and taken down through the Suspicious Email Reporting Service  (SERS)
• GCHQ’s National Cyber Security Centre shares top tips on how to spot and report suspicious messages  
• Public urged to stay alert for scammers using exploitative tactics as we head into 2023 

Cyber security experts have today revealed the top six government impersonation scams they have removed from the internet in 2022 as they urged the public to remain vigilant to cyber crime in the year ahead. 

The scams unveiled by the National Cyber Security Centre – a part of GCHQ – included phishing emails and messages from cyber criminals impersonating well-known HMG brands, such as the NHS, HMRC and Ofgem.  

Phishing involves the attempt by hackers to trick people into doing ‘the wrong thing’, such as clicking a bad link that will download malware or direct them to a fake website. Their aim is often to make recipients visit a website, which may download a virus onto their computer, ask you to make a payment or steal bank details and other sensitive information. 

Cyber criminals often seek to exploit topical events to make their phishing attempts more convincing. In 2022, the NCSC saw scammers exploit the rising cost of living with Ofgem energy bill support scams and HMRC tax rebate scams, while scammers continued to take advantage of the coronavirus pandemic to attempt PCR test scams.  

The top HMG branded attacks that have been reported to SERS that have resulted in takedowns are:

1. National Health Service (NHS)
2. TV Licensing
3. HM Revenue & Customs
4. Gov.uk
5. DVLA
6. Ofgem

The NCSC encourages the public to forward suspect emails to its Suspicious Email Reporting Service at report@phishing.gov.uk, while suspicious texts should be forwarded to 7726.

SERS received 6.4 million reports during 2022, with 67,300 scam URLs removed as a result. This brings the total number of reports to SERS since its launch in 2020 to 15.8m, with 198,500 takedowns.

Sarah Lyons, NCSC Deputy Director for Economy and Society Resilience, said:  

“We know cyber criminals try to exploit trends and current affairs to make their scams seem convincing and sadly our latest data shows 2022 was no exception. 

“By shining a light on these scams we want to help people more easily spot the common tricks fraudsters use, so that ultimately they can stay safer online.   

“There is much more advice on the NCSC’s website about spotting suspicious messages, along with our Cyber Aware guidance to help people protect their devices.”   

Mike Glassey, Ofgem Chief Information Security Officer, said:

“Protecting consumers is our top priority and it is alarming that vulnerable customers are being preyed upon when people are already struggling so much with energy bills.

“That’s why, as energy regulator, on top of issuing our own warnings and advice, we have asked all energy suppliers to ensure clear and up to date information on scams is easily accessible on their websites.

“We take these attempts to exploit consumers very seriously and work with the National Cyber Security Centre to prevent these malicious attacks – identifying and responding- in near real-time- to over 100 of these phishing campaigns in 2022 alone. Our Energy Aware campaign is a one stop shop for all energy consumers to get help, support and advice on scams and other energy bill issues – Energy advice for households | Ofgem.”

Ahead of the New Year and the January sales, the NCSC is also urging people to follow its Cyber Aware advice to protect their online accounts from scammers seeking to steal personal details and sensitive information.  

Specifically, people should set up 2-step verification and use three random words passwords to prevent cyber criminals gaining access to email accounts.  

The NCSC also urges shoppers to check before they buy, and use secure payment methods in order to stay ahead of the threat from criminals during 2023 and beyond:  

• Choose carefully where you shop: Research online retailers, particularly if you haven’t bought from them before, to check they’re legitimate. Read feedback from people or organisations that you trust, such as consumer websites. 
• Pay securely: Use a credit card when shopping online, if you have one. Most major credit card providers protect online purchases and are obliged to refund you in certain circumstances. Using a credit card (rather than a debit card) also means that if your payment details are stolen, your main bank account won’t be directly affected. Also consider using a payment platform, such as PayPal, Google or Apple Pay. And whenever you pay, look for the closed padlock in the web address bar – it means your connection is secure.