No excuses: how to tighten up your online security in 10 minutes | Cyber Aware | The Guardian

It’s one of those “it’ll never happen to me” things. Sure, we’ve all got a friend whose cousin had their identity stolen online, but cybercrime is so uncommon, isn’t it?

Not according to an Office for National Statistics survey. There were 3.7 million victims of fraud and computer misuse in the year ending September 2017, meaning you are 35 times more likely to encounter it than robbery. The good news is there are very simple things you can do to tighten up your online security right now, according to the government’s Cyber Aware campaign, which has been set up to help the public and small businesses better protect themselves from cybercrime.

Don’t say ‘remind me later’ to updates
It’s tempting to flick away a software or app update reminder, telling yourself you’ll do it tomorrow, but updates are crucial to help protect devices from viruses and hackers. They’re designed to fix weaknesses in software and apps that hackers could potentially take advantage of. Set up your devices so updates are done automatically or, even better, at night when you’re sleeping.

Pa55word! is not gonna cut it any more
Cyber Aware says passwords are prime territory for hackers – so it’s high time you gave up using your dog’s name. Make sure you use strong, separate passwords for your most important accounts like your email, so that if hackers do manage to steal your password for, say, your fitness app, they can’t use it to access your banking app. Try using three random words which you can supplement with numbers and symbols, for example, 4wartschickenbath32£.

You should also use two-factor authentication, when available, to protect your email account, a handy tool to give it an extra layer of security. New research from Experian and Cyber Aware reveals that over half of all those surveyed aged 18-25 reuse their email password for other accounts – putting their cybersecurity and identity at risk. As a result, they’re urging Brits to help protect their email accounts from hackers with a strong and separate email password through the just-launched #OneReset campaign.

Set up screen locks
Did we say dead simple? Yes, this is about as easy as it gets in making your online security watertight. All devices should go to lock mode when you’re not using them. Pins, patterns or passwords to unlock them shouldn’t be easy to guess, like 1, 2, 3, 4 or an L shape (we’ve been through this, you’re better than that).

Back up, back up, back up
The one golden rule of smart online behaviour is to back up your data regularly. If your device is infected by a virus, malware or is hacked, you may not be able to access your data as it could be damaged, deleted or held to ransom. Use an external hard drive or the cloud to save copies of your photos and documents, but make sure the external hard drive is not permanently connected to the device – either physically or over a wifi connection – as it could become infected too.

Not all wifi is created equal
We all love a bit of free wifi, but be careful about using public hotspots to transfer sensitive information like credit card details. Hackers can set up networks, enabling them to intercept information you’re sending online. So it’s best to do your online banking and shopping on a trusted network.

‘Jailbreaking’ is a no-no
Here’s one for the more tech-savvy. “Jailbreaking” or “rooting” your smartphone means disabling software restrictions set up by the manufacturer so you can download apps and tools which aren’t available through official app stores. Doing so leaves your phone vulnerable to malware and invalidates the warranty of the device. You will also stop receiving software updates, which, if you’ve been paying attention, is bad news.

Spot the imposters
Cybercriminals can set up fake websites that look very similar to the real thing, in an effort to get you to share sensitive information such as your bank details. There might even be a padlock or “https” in the address bar but check thoroughly for misspelled names, and logos and design features that don’t quite look right. Wherever possible, type the address of the website directly into the browser yourself, or find the website using a search engine. If you notice something is up, get out quickly.

Resist the urge to open suspicious links or attachments
Haven’t heard from your cousin John in eons and he’s now sent an email with a link to win a free iPhone? Back away. Even if something arrives in your inbox supposedly from someone you know or a company you trust, it could be fake. Never respond to suspicious or unexpected emails, as this will let the sender know your email address is active. Flag it as spam and send it to trash where it belongs.

For advice on simple ways to be more secure online, visit the Cyber Aware website

Source: No excuses: how to tighten up your online security in 10 minutes | Cyber Aware | The Guardian

WhatsApp fraudsters turning ‘naive’ young people into money mules

New data, compiled from the National Fraud Database by not-for-profit fraud prevention body, Cifas, suggests in the past year there has there has been a “sharp rise” the number of 18 to 24 year-olds being tricked into using their bank accounts to transfer the proceeds of crime. According to the figures, there were 8,652 cases of ‘misuse of facility’ between January and the end of September this year, a 75 per cent rise.

Speaking to The Telegraph, Sandra Peaston, Assistant Director at Cifas, said social media was being increasingly tool used by fraudsters to convert young people into accidental money launderers – by offering them fake money making schemes or even fake job offers, and then convincing people “who don’t ask many questions” to transfer money as a favour. ” The use of social media is one of the things we know is happening… be that by instant messages, or via adverts on YouTube. Ms Peaston said they were known to be using messaging apps such as WhatsApp to communicate with would-be victims.

Cifas is launching a ‘Don’t Be Fooled’ campaign alongside UK Finance that aims to deter young people – in particular, students – from becoming money mules. UK Finance added: “If an offer of easy money sounds too good to be true, it probably is.”

Source: WhatsApp fraudsters turning ‘naive’ young people into money mules

Common fraud threats

Being aware of common threats, knowing how they work and what to look out for can help to protect you against falling victim to fraud.

Here are some of the common techniques fraudsters attempt to use to trick you into giving away your personal information, banking details or even access to your computer.

Scam emails, texts or social media messages (Also known as Phishing and Malware)

Fraudsters send fake messages which appear to be authentic and from legitimate organisations.

Scam telephone calls (Vishing)

Fraudsters may phone you out of the blue and claim to be from the bank, police, or other reputable organisations, in an attempt to obtain your personal information and banking details.

 Investment scams

Investment scams or get rich quick scams happen when fraudsters pose as pushy salespeople and trick you into putting your money into a fake investment.

 

 

Pension scams

Pension scams happen when fraudsters pose as pension advisors and trick you into releasing your pension early or transferring your money into bogus investments that are guaranteed to grow in value and make you lavish returns.

Romance Fraud Scams

Online dating can be a wonderful way to get to know someone and find love, but it’s also a common way for fraudsters to scam you.

 

Invoice re-direction scams

Invoice re-direction scams can result in losses that run into hundreds of thousands of pounds. It happens when a fraudster tricks a business into changing bank account payee details for a known supplier.

Seniors & Cyber Crime – 5 Tips to Protect Yourself Now

Definition: hacker [ˈhakər] a person who uses computers to gain unauthorized access to data.

Decades ago, hacking used to be something of a joke. A tech nerd living in their parents’ basement would see if they could gain access to the CIA or send a digital virus around the world. But today, it’s much more pervasive and sinister.

“This is now organized crime and their intentions are financially motivated,” says cyber security expert Daniel Tobok, CEO of CytelligenceTM. “They want to make money and they want to steal money.”

Tobok says although we’re all vulnerable to cybercrime, seniors are much most at risk. “They understand how to protect themselves from a bad guy at the door, they don’t always understand that the person pretending to be your friend on Facebook® could be a hacker trying to steal your information, access your computer to obtain your financial information and so much more.”

“I think everybody can be dumb at times,” says Dr. Tom Keenan, author of Technocreep. “People are generally pleasant, but if a weird, creepy person came up to you in the park and started asking you about your medical history and stuff like that and offered you a free magazine, you’d probably run the other way.” Yet when it comes to giving free information away on social media, we’re sharing too much.

Awareness is the Key

Tobok stresses that education, awareness and being cautious, even a little paranoid, is healthy and could prevent half of cyber security issues.

Phishing

Phishing is a major point of entry for criminals. This is where you’re sent an email, text message, Facebook message or more asking you to click on a link, open up an attachment, change your password etc. The emails can look very real, like they’re coming from your bank, a friend, the government or a retailer – but they’re not real. They’re coming from criminals. And with our busy lifestyles, it’s easy to not pay attention and accidentally click on something you didn’t mean to. However, that one misstep can allow hackers to see everything you’re doing on your computer. If you went to their fake website and entered in your personal information, they now have that info, too.

5 Tips to Protect Yourself Now

  1. Never give any personal information over the phone, email, text or social media to anyone.
  2. Don’t click on jokes, attachments or links that you aren’t 100% sure are authentic.
  3. Use antivirus software and make sure your computer, smartphone and tablet are up-to-date.
  4. Don’t use free WiFi – especially if you’re checking your online banking or using your credit or debit card to purchase something online.
  5. Be careful using free apps, games and software – they’re free for a reason and could be using your computer, phone or tablet to track you, install malware (malicious software) or gain access to your sensitive and financial information – or worse.

If you have a smartphone, it may not feel like it, but you have a very powerful computer in your hands. You need to know how to protect yourself while using it.

Martin Lewis slams new Facebook Messenger scam using his name and picture – what to watch out for

MoneySavingExpert.com founder Martin Lewis has said he’s “sickened” by a new scam which tries to trick victims using his name and profile picture on Facebook Messenger.

The worrying new con, which involves the trickster pretending to be Martin and privately messaging people, is the latest disturbing twist in the trend of fakers using Martin’s reputation to try and fool victims into signing up for things such as binary trading scams, or dodgy investments.

Update 7pm Tue 13 Feb. We’re pleased to hear that Facebook has now disabled the account in question for violating its policies. It says: “Fraudulent or misleading activity is not allowed on Facebook and we’re constantly working to detect and shut it down using a combination of automated and manual systems.” However we’re continuing to warn users in case it happens again – let us know if you spot a scam at news@moneysavingexpert.com.

See our Fake Martin Lewis Ads guide for a list of scams we’ve seen and what to watch out for.

Martin: ‘This isn’t me – please help me spread the message’

Martin said: “I’m sickened that yet again people are trying to take my good name and reputation and con vulnerable people.

“I don’t use private messages with anybody. Please help me spread the word that this is not me, these people should not be trusted, they are liars and possibly thieves and nobody should have anything to do with them or engage with them in anyway.

“While we have reported this to Facebook I don’t have much faith in its mechanisms to deal with this, and so we have to rely on spreading the message among each other.”

‘No, you’re not Martin’: how the scam unfolded

We were quickly alerted to this latest scam by some savvy MoneySavers, who saw through the con. Here are some of the messages they received:

To be clear, this WASN’T a message from the real Martin, he doesn’t use private messages on Facebook and the messages are completely bogus.

Here’s how to report a message to Facebook

You can report and block dodgy messages you receive in Facebook, but how you do it depends on whether you’re using Facebook itself or its Messenger app:

  • To report a message on Facebook… open the conversation you want to report and click the settings icon, then click ‘report’ and a message will pop up saying you can fill out a full report in the Help Centre. Afterwards you can open the message, click settings and click ‘block’.
  • To report a message on Messenger… you can report a conversation by filling out this form. To block messages, open the conversation, click on the person’s name at the top and then ‘block’.

What are we doing about it?

Unfortunately we get many reports about firms and individuals either impersonating or claiming fake endorsements from Martin and MoneySavingExpert.com and leeching off the hard-earned trust people have in us.

We have reported this latest scam to Facebook, the Financial Conduct Authority and Action Fraud, and are continuing to warn people as quickly as possible about any new tricks such as this one.

We regularly update the Fake Martin Lewis Ads guide with examples of scams we’ve seen. If you spot a scam using Martin’s name or image, please email our news team.

Source: Martin Lewis slams new Facebook Messenger scam using his name and picture – what to watch out for

Ghost broker scam: Police warn thousands of motorists may have fake car insurance

Men in their 20s are most likely to be targeted by ‘ghost brokers’ who often contact victims on Facebook or Instagram.

Thousands of motorists may be victims of 'ghost brokers'

Thousands of motorists could be unwittingly driving without insurance because of fraudsters known as “ghost brokers” selling fake policies, police have warned.

Detectives received more than 850 reports of the scam in the last three years, with victims losing an estimated total of £631,000, according to City of London officers. But the force said the actual number of victims could be much higher as drivers are often unaware their policy is invalid.

Tactics used by “ghost brokers” include taking out a genuine insurance policy before quickly cancelling it and claiming the refund plus the victim’s money. They also forge insurance documents or falsify a driver’s details to bring the price down, police said.

Men aged in their 20s are most likely to be targeted, with “ghost brokers” often contacting victims on social media including Facebook, Instagram, Snapchat and WhatsApp.

WhatsApp and Facebook messenger icons are seen on an iPhone

They also advertise on student websites or money-saving forums, university notice boards and marketplace websites and may sell insurance policies in pubs, clubs or bars, newsagents and car repair shops.

A national campaign has now been launched to warn drivers to be wary of heavily discounted policies on the internet or cheap insurance prices they are offered directly. Some victims only realise they do not have genuine cover when they are stopped by police or try to make an insurance claim after an accident, detectives said.

Police have taken action in 417 cases linked to “ghost broking” in the last three years, including one man who set up 133 fake policies and another man who earned £59,000 from the scam.

Drivers without valid car insurance are breaking the law and face punishments including fines, points on their driving licence and having their vehicles seized.

Source: Ghost broker scam: Police warn thousands of motorists may have fake car insurance

Cyber-threats in university Clearing and how to overcome them -it Security Guru

A Level results are out.  For many, this is a time of celebration as they take up offers for the university or college of their choice.  However, for those who have not received the results they need it can be a stressful time as they enter Clearing, and turn to online search to secure a university or college place to continue their studies.

Cybercriminals are wise to this forthcoming uptick in web traffic, and have been creating higher education phishing sites to trick stressed students into clicking on malware-laden links.  This is not a new scam, and is evidence that cybercriminals are diversifying to rework banking, online shopping and other phishing scams.  Today security researchers at Forcepoint are now warning prospective students across the UK and internationally to beware of these scams.

Carl Leonard, principal security analyst at Forcepoint said: “This activity could come from one-off individual criminal elements speculating for financial gain or as part of an organised gang spreading malware kits or adding to botnets.  Using search analytics criminals can map likely human reactions and rework tried and tested social engineering scams to target vulnerable individuals.  Broadly, if a university or college offer appears too good to be true, it probably is.”

“University students will continue to be targeted by cyber criminals at relevant times of the year.  The scammers will continue to setup fraudulent websites and send convincing emails demanding interaction in order to manipulate a student’s behaviour when they are under the most time pressure.”

As a way of preventing these cyber scams, Forcepoint advises students searching for university and college courses for the autumn to do the following:

  • Type in the URL rather than clicking on links in email or in online adverts
  • Use reputable search engines
  • Be aware of lure lines such as “discounted course fees,” “multiple course places available now,” or the usage of highly respected educational establishment names in promotions
  • Keep internet security up to date on PCs and mobiles
  • Begin your Clearing search via the UCAS website, which contains official links and the latest up-to-date places
  • Reach out to the university or colleges admin secretary office if you have doubts as to the legitimacy of a fee or offer

Wayne Gaish, IT Strategic Development Manager, Petroc said: “Petroc takes cyber security very seriously and in particular for our learners at this crucial time of year. The guidance provided by Forcepoint will help promote a better understanding for our learners in today’s digital world.”

Frank Jeffs, post-graduate researcher and former Head of Advertising at Middlesex University said:

“Scams of this nature have the potential to trick stressed UK-based students, but could also catch out international students who are seeking courses in the UK.  In my experience, scammers use well-known university names such as Oxford or Cambridge and create fake institutions which sound very similar.  Designed to look realistic and offering qualifications at a low price or attempting to capture personal information, this social engineering trick could easily catch out international studients or people who might not have the local knowledge of the official educational establishment names.  Always go via the UCAS website or type in the URL of the university or college you are interested in.”

 

Watch out! Scammers are making a fortune in the iOS App Store – HOTforSecurity

Just how much money can a scammy iPhone app make in the iOS App Store? You may be surprised. After all, how does $80,000 per month sound to you? The “Mobile protection :Clean & Security VPN” app is estimated to be have earnt its developer $80,000 per month, after tricking users into signing up for an eye-watering $99.99 per week subscription through a careless thumb press.

Source: Watch out! Scammers are making a fortune in the iOS App Store – HOTforSecurity

Rise in reports of holiday scams

 

Holiday scams are on the rise, with the number of reported cases up almost 20% year on year – from 4,910 to 5,826 in 2016 – according to Action Fraud figures.

Read more: http://www.which.co.uk/news/2017/05/rise-in-reports-of-holiday-scams/ – Which?

Read more: http://www.which.co.uk/news/2017/05/rise-in-reports-of-holiday-scams/ – Which?

Serious Fraud Office warns of £120m pension scam | Money | The Guardian

Fears are growing that large numbers of people may have lost huge sums of money after investing their retirement pots in – of all things – self-storage units. The Serious Fraud Office this week launched an investigation into storage unit investment schemes, and revealed that more than £120m has been poured into them. But could that just be the tip of the iceberg?

Source: Serious Fraud Office warns of £120m pension scam | Money | The Guardian