No excuses: how to tighten up your online security in 10 minutes | Cyber Aware | The Guardian

It’s one of those “it’ll never happen to me” things. Sure, we’ve all got a friend whose cousin had their identity stolen online, but cybercrime is so uncommon, isn’t it?

Not according to an Office for National Statistics survey. There were 3.7 million victims of fraud and computer misuse in the year ending September 2017, meaning you are 35 times more likely to encounter it than robbery. The good news is there are very simple things you can do to tighten up your online security right now, according to the government’s Cyber Aware campaign, which has been set up to help the public and small businesses better protect themselves from cybercrime.

Don’t say ‘remind me later’ to updates
It’s tempting to flick away a software or app update reminder, telling yourself you’ll do it tomorrow, but updates are crucial to help protect devices from viruses and hackers. They’re designed to fix weaknesses in software and apps that hackers could potentially take advantage of. Set up your devices so updates are done automatically or, even better, at night when you’re sleeping.

Pa55word! is not gonna cut it any more
Cyber Aware says passwords are prime territory for hackers – so it’s high time you gave up using your dog’s name. Make sure you use strong, separate passwords for your most important accounts like your email, so that if hackers do manage to steal your password for, say, your fitness app, they can’t use it to access your banking app. Try using three random words which you can supplement with numbers and symbols, for example, 4wartschickenbath32£.

You should also use two-factor authentication, when available, to protect your email account, a handy tool to give it an extra layer of security. New research from Experian and Cyber Aware reveals that over half of all those surveyed aged 18-25 reuse their email password for other accounts – putting their cybersecurity and identity at risk. As a result, they’re urging Brits to help protect their email accounts from hackers with a strong and separate email password through the just-launched #OneReset campaign.

Set up screen locks
Did we say dead simple? Yes, this is about as easy as it gets in making your online security watertight. All devices should go to lock mode when you’re not using them. Pins, patterns or passwords to unlock them shouldn’t be easy to guess, like 1, 2, 3, 4 or an L shape (we’ve been through this, you’re better than that).

Back up, back up, back up
The one golden rule of smart online behaviour is to back up your data regularly. If your device is infected by a virus, malware or is hacked, you may not be able to access your data as it could be damaged, deleted or held to ransom. Use an external hard drive or the cloud to save copies of your photos and documents, but make sure the external hard drive is not permanently connected to the device – either physically or over a wifi connection – as it could become infected too.

Not all wifi is created equal
We all love a bit of free wifi, but be careful about using public hotspots to transfer sensitive information like credit card details. Hackers can set up networks, enabling them to intercept information you’re sending online. So it’s best to do your online banking and shopping on a trusted network.

‘Jailbreaking’ is a no-no
Here’s one for the more tech-savvy. “Jailbreaking” or “rooting” your smartphone means disabling software restrictions set up by the manufacturer so you can download apps and tools which aren’t available through official app stores. Doing so leaves your phone vulnerable to malware and invalidates the warranty of the device. You will also stop receiving software updates, which, if you’ve been paying attention, is bad news.

Spot the imposters
Cybercriminals can set up fake websites that look very similar to the real thing, in an effort to get you to share sensitive information such as your bank details. There might even be a padlock or “https” in the address bar but check thoroughly for misspelled names, and logos and design features that don’t quite look right. Wherever possible, type the address of the website directly into the browser yourself, or find the website using a search engine. If you notice something is up, get out quickly.

Resist the urge to open suspicious links or attachments
Haven’t heard from your cousin John in eons and he’s now sent an email with a link to win a free iPhone? Back away. Even if something arrives in your inbox supposedly from someone you know or a company you trust, it could be fake. Never respond to suspicious or unexpected emails, as this will let the sender know your email address is active. Flag it as spam and send it to trash where it belongs.

For advice on simple ways to be more secure online, visit the Cyber Aware website

Source: No excuses: how to tighten up your online security in 10 minutes | Cyber Aware | The Guardian

Warwickshire PCC Phillip Seccombe recognises work of Specials.

 

The significant contribution that the Special Constabulary makes across Warwickshire has been underlined by new statistics released by Warwickshire Police, which show that the 200 voluntary constables have worked some 36,000 hours between April 2017 and last month.  To put that into some perspective, that is nearly four years’ collective service in the space of just nine months.

I’m delighted to see the hard word and dedication that our Special Constabulary is able to deliver to communities across Warwickshire.  I know from my own involvement with the Army Reserve how valuable the voluntary ethos can be, so the growth of the Special Constabulary in this way is something I very much welcome and want to encourage further.  It helps bring in a different mix of skills and experience, while at the same time allowing the volunteers to give something back to their community.

The additional opportunities now being offered to work in more specialised areas of policing is also helping to bring in the kind of expertise from industry that can help to address the changing nature of crime.

It’s clear we have a very good core of dedicated volunteers in our Special Constabulary and I hope to continue to see it grow to supplement the excellent work being carried out by our regular police officers, PCSOs and police staff.

Philip Seccombe TD

Warwickshire Police and Crime Commissioner

WhatsApp fraudsters turning ‘naive’ young people into money mules

New data, compiled from the National Fraud Database by not-for-profit fraud prevention body, Cifas, suggests in the past year there has there has been a “sharp rise” the number of 18 to 24 year-olds being tricked into using their bank accounts to transfer the proceeds of crime. According to the figures, there were 8,652 cases of ‘misuse of facility’ between January and the end of September this year, a 75 per cent rise.

Speaking to The Telegraph, Sandra Peaston, Assistant Director at Cifas, said social media was being increasingly tool used by fraudsters to convert young people into accidental money launderers – by offering them fake money making schemes or even fake job offers, and then convincing people “who don’t ask many questions” to transfer money as a favour. ” The use of social media is one of the things we know is happening… be that by instant messages, or via adverts on YouTube. Ms Peaston said they were known to be using messaging apps such as WhatsApp to communicate with would-be victims.

Cifas is launching a ‘Don’t Be Fooled’ campaign alongside UK Finance that aims to deter young people – in particular, students – from becoming money mules. UK Finance added: “If an offer of easy money sounds too good to be true, it probably is.”

Source: WhatsApp fraudsters turning ‘naive’ young people into money mules

Common fraud threats

Being aware of common threats, knowing how they work and what to look out for can help to protect you against falling victim to fraud.

Here are some of the common techniques fraudsters attempt to use to trick you into giving away your personal information, banking details or even access to your computer.

Scam emails, texts or social media messages (Also known as Phishing and Malware)

Fraudsters send fake messages which appear to be authentic and from legitimate organisations.

Scam telephone calls (Vishing)

Fraudsters may phone you out of the blue and claim to be from the bank, police, or other reputable organisations, in an attempt to obtain your personal information and banking details.

 Investment scams

Investment scams or get rich quick scams happen when fraudsters pose as pushy salespeople and trick you into putting your money into a fake investment.

 

 

Pension scams

Pension scams happen when fraudsters pose as pension advisors and trick you into releasing your pension early or transferring your money into bogus investments that are guaranteed to grow in value and make you lavish returns.

Romance Fraud Scams

Online dating can be a wonderful way to get to know someone and find love, but it’s also a common way for fraudsters to scam you.

 

Invoice re-direction scams

Invoice re-direction scams can result in losses that run into hundreds of thousands of pounds. It happens when a fraudster tricks a business into changing bank account payee details for a known supplier.

Seniors & Cyber Crime – 5 Tips to Protect Yourself Now

Definition: hacker [ˈhakər] a person who uses computers to gain unauthorized access to data.

Decades ago, hacking used to be something of a joke. A tech nerd living in their parents’ basement would see if they could gain access to the CIA or send a digital virus around the world. But today, it’s much more pervasive and sinister.

“This is now organized crime and their intentions are financially motivated,” says cyber security expert Daniel Tobok, CEO of CytelligenceTM. “They want to make money and they want to steal money.”

Tobok says although we’re all vulnerable to cybercrime, seniors are much most at risk. “They understand how to protect themselves from a bad guy at the door, they don’t always understand that the person pretending to be your friend on Facebook® could be a hacker trying to steal your information, access your computer to obtain your financial information and so much more.”

“I think everybody can be dumb at times,” says Dr. Tom Keenan, author of Technocreep. “People are generally pleasant, but if a weird, creepy person came up to you in the park and started asking you about your medical history and stuff like that and offered you a free magazine, you’d probably run the other way.” Yet when it comes to giving free information away on social media, we’re sharing too much.

Awareness is the Key

Tobok stresses that education, awareness and being cautious, even a little paranoid, is healthy and could prevent half of cyber security issues.

Phishing

Phishing is a major point of entry for criminals. This is where you’re sent an email, text message, Facebook message or more asking you to click on a link, open up an attachment, change your password etc. The emails can look very real, like they’re coming from your bank, a friend, the government or a retailer – but they’re not real. They’re coming from criminals. And with our busy lifestyles, it’s easy to not pay attention and accidentally click on something you didn’t mean to. However, that one misstep can allow hackers to see everything you’re doing on your computer. If you went to their fake website and entered in your personal information, they now have that info, too.

5 Tips to Protect Yourself Now

  1. Never give any personal information over the phone, email, text or social media to anyone.
  2. Don’t click on jokes, attachments or links that you aren’t 100% sure are authentic.
  3. Use antivirus software and make sure your computer, smartphone and tablet are up-to-date.
  4. Don’t use free WiFi – especially if you’re checking your online banking or using your credit or debit card to purchase something online.
  5. Be careful using free apps, games and software – they’re free for a reason and could be using your computer, phone or tablet to track you, install malware (malicious software) or gain access to your sensitive and financial information – or worse.

If you have a smartphone, it may not feel like it, but you have a very powerful computer in your hands. You need to know how to protect yourself while using it.

Fraudsters stole £875k from vulnerable pensioners in Spain timeshare scam – Coventry Telegraph

Police say they are intent on rooting out fraud after a group of scammers conned hundreds of sick and elderly victims out of £875,000. The ‘cynical’ timeshare scam saw around 470 vulnerable people – often elderly and those in poor health – targeted in a three-part scam.

First, the victims were cold called by the scammers who falsely informed them prospective buyers had been found for their timeshare properties – most of which are in Spain. However, the group demanded advance ‘sale fees’ from the victims to support the fake transactions. Further attempts to gain yet more money were then made under the pretence that ‘sales had fallen through’ and needed more funding. Adding further insult to injury, the fraudsters then hit the same victims again, adopting different names and company names to contact them about the lost money. They then made false offers of further schemes and transactions to help the victims mitigate their losses. The third part of the scam saw members of the group contact victims pretending to be from the Spanish authorities. They stated that the funds would be returned to the victims’ bank accounts for an up-front fee.

To facilitate the frauds, the group set up more than ten limited companies (both in the UK and abroad), with offices in the West Midlands, staff, bank accounts, and the means to process card payments. Between 2012 and 2015, the fraudsters stole more than £875,000 in payments from their victims.

Detective Inspector Emma Wright of Warwickshire Police and West Mercia Police Economic Crime Unit said: “This has been a long and complex investigation and I am pleased that the offenders have been brought before the courts this week to receive custodial sentences. These scammers targeted some of the most vulnerable people in our society in a deliberate and cynical campaign of fraud. Their scheme had devastating consequences on the victims – not just financially but emotionally too. Warwickshire Police and West Mercia Police remain committed to bringing to justice those who commit fraud and financial crime.”

Nine people have now been sentenced for their roles in the ‘deliberate and cynical’ timeshare fraud. Six men, three of which are from Redditch, have been jailed or a total of 20 years in prison following the sentencing at Stafford Crown Court between February 21 and 23:

  • Brian Carr, 31, from Redditch was charged with conspiracy to defraud and perverting the course of justice. He was handed six years and eight months in prison and disqualified from holding the position of company director for ten years.
  • Daniel Carr, 24, also from Redditch was charged with conspiracy to defraud and sentenced to four years.
  • Dawn Gingell, 55, from Hampshire: Charged with conspiracy to defraud. Sentenced to three years and six months in prison.
  • James Barrass, 37, from Norwich, was charged with money laundering and handed a two-year prison sentence.
  • Craig Walker, 27, from Redditch: Charged with conspiracy to defraud. Sentenced to three years in prison.
  • Steven Cross, 37, from Worcester: Charged with conspiracy to defraud and jailed for six months.
  • Matthew Barker, 25, from Bromsgrove was charged with fraudulent trading and sentenced to one year and one month in prison, suspended for one year and six months and ordered to carry out 250 hours of unpaid work.
  • Brendan Hicks, 28, from Redditch was charged with fraudulent trading. He was sentenced to one year and one month in prison, suspended for one year and six months, and ordered to 250 hours of unpaid work.
  • Alan Sharp, 66, from Norwich was charged with money laundering and sentenced to a suspended sentence of eight months in prison and ordered to do 200 hours of unpaid work.

All defendants will now face proceedings to recover the funds stolen, under the Proceeds of Crime Act 2002.

Source: Fraudsters stole £875k from vulnerable pensioners in Spain timeshare scam – Coventry Telegraph

How to protect your browser from Unicode domain phishing attacks

 𝖨𝗍’𝗌 𝖾𝖺𝗌𝗒 𝗍𝗈 𝖻𝖾 𝗍𝗋𝗂𝖼𝗄𝖾𝖽 𝖻𝗒 𝖺 𝖴𝗇𝗂𝖼𝗈𝖽𝖾 𝖴𝖱𝖫.
Author: Graham Cluley

Published February 22, 2018 6:11 pm in Phishing, Vulnerability, Web Browsers 8

Do you trust аpple.com?

Of course you do! So, do you feel okay about visiting the website at https://www.аpple.com?

 

The URL I’ve linked to isn’t the real Apple technology company that makes shiny iPhones, Homepods, and iMacs. Instead, it’s a Unicode domain which
rather than using the conventional ASCII characters that make up the vast majority of websites you’re likely to visit – contains foreign characters.

So the “а” of аpple.com is actually a Cyrillic “а” (U+0430) rather than the ASCII character “a” (U+0061).

What’s that? You couldn’t tell the difference? No, neither can I. And, as we’ve described before, that’s a problem that phishers and online crooks are only too happy to take advantage of in their pursuit of your passwords and other sensitive information. You see, it’s not just “а” and “a” that can be mixed up. There are countless ways in which bad guys can take advantage of the many Unicode characters that look remarkably similar to common ASCII characters. Which means that you and I are at risk of visiting a site believing it to be legitimate, when in fact it’s designed to scam us in what is known as an IDN Homograph attack.

Browsers are beginning to get better at warning users when they visit a site with an internationalized domain name (IDN), with some now displaying the URL in the browser bar in its Punycode form. That means you might spot you’re visiting xn–pple-43d.com rather than the real apple.com But human nature means that we will more-often-than-not fail to check the browser bar, and not notice that we’re not on the website we intended. For that reason, I strongly recommend that you get some help.

There are a range of browser extensions and plugins that can warn you when you visit a website with an internationalized domain name. Having tried a few solutions, my preference is for a browser add-on called IDN Safe.IDN Safe not only warns you that you are visiting a URL with an internationalized domain name, but it also *blocks* the webpage (which is far more likely to grab your attention!).

Of course, if you *did* want to visit that URL it would be a nuisance if you were now being blocked from reaching it. So, IDN Safe includes a whitelist feature to allow you to visit specific sites that you decide are legitimate.

IDN Safe isn’t for everyone. In particular, if you are – say – Chinese and in the habit of visiting websites that take advantage of internationalized domain names you may find it a ruddy nuisance. But, for most of us, I think it’s a sensible addition to our security toolbox – and may stop you from being phished or scammed one day.

Furthermore, Firefox users may benefit from making a change to their browser settings which will force the Punycode version of the URL to be displayed in their browser bar.

Warwickshire Special Constables are commended for their commitment to the public

Warwickshire Police Special Constables have been commended by senior officers and the Warwickshire Police and Crime Commissioner for their significant commitment to protecting people from harm.

Since April 2017, the Special Constabulary have worked around 36,000 hours.  To put that into some perspective, that is nearly 4 years’ collective service in the space of just nine months.

Chief Supt Alex Franklin-Smith who oversees the Special Constabulary in Warwickshire said: “Currently 200 officers give their own time as part of the Special Constabulary in Warwickshire.  The dedication and selflessness of these officers cannot be underestimated. I would like to take this opportunity to thank each and every Special Constable for their precious free time utilised for the betterment of their communities and for their sense of duty protecting people from harm. The non-police experiences they bring to the role and to the service are a valuable resource that cannot be undervalued and people living in Warwickshire are safer as a result of their individual contributions.

Warwickshire Police and Crime Commissioner Philip Seccombe said: “I’m delighted to see the hard word and dedication that our Special Constabulary is able to deliver to communities across Warwickshire.  I know from my involvement with the Army Reserve how valuable the voluntary ethos can be, so the growth of the Special Constabulary in this way is something I very much welcome.  It helps bring in a different mix of skills and experience, while at the same time allowing the volunteers to give something back to their community. The additional opportunities now being offered to work in more specialised areas of policing is also helping to bring in the kind of expertise from industry that can help to address the changing nature of crime. “It’s clear we have a very good core of dedicated volunteers in our Special Constabulary and I hope to continue to see it grow to supplement the excellent work being carried out by our regular police officers, PCSOs and police staff.”

Volunteers make a huge contribution to the safety and well-being of our communities and the importance of the Special Constabulary as a valuable addition to the regular police cannot be underestimated.

Warwickshire Special Constabulary Chief Officer Graham Bell said: “I am extremely honoured to lead such a dedicated team of volunteer police officers and particularly proud of the contribution that Special Constables make every day to protecting people from harm across Warwickshire. Specials are fully warranted volunteer Police Officers who are recruited from across the county, creating the crucial link between police and the communities by taking an active part in the way their communities are policed and helping to cut crime and the fear of crime.”

Special Constables volunteer anything from 16 hours to well over 100 hours per month at a time that suits them, conducting high visibility patrols and operations independently from and alongside regular officers. We also have officers attached to specialist teams such as our Roads Policing team, patrolling the strategic roads and motorway network and our rural crime team who are tasked and active in our rural areas deterring criminality, providing reassurance and delivering crime prevention advice. Increasingly we are looking for people to join us and bring their specialist skills to policing in areas such as financial investigation and cyber-crime.

Special constables begin their career by attending initial basic training at our training centres where they learn about the law, their powers, preparation of evidence for court, dealing with crime and managing confrontation. Officers also complete their Officer Safety Training which covers emergency first aid, a national fitness test, techniques for using their equipment and much more. This training takes place during weekends and in the evenings. Following training, officers are attested by a magistrate and are then deployed to work on a response team to put their new knowledge into practice. Special Constables then undertake a period of supervised patrol typically for 12 – 18 months with a Special or Regular tutor whilst gathering evidence in a portfolio to gain independent patrol status which is a milestone in every officers career.

As the Special Constable’s policing experience increases, officers will work on specific Specials’ led operations and events, as well as providing support to regular police officers. There are opportunities for promotion within the Police Specials, which has its own rank structure.

Whilst the role is not salaried, Specials do get reimbursed for out of pocket expenses and are provided with a uniform, training and equipment.  Specials can be any height, don’t need specific qualifications, just honesty, integrity and a positive approach.

Anyone who is interested in becoming a special, should visit https://www.warwickshire.police.uk/specialconstables

Phishing, vishing and smishing

What are they?

Phishing:    the fraudulent practice of sending emails purporting to be from reputable companies to induce individuals to reveal personal information, such as passwords and credit card numbers.

Vishing: the fraudulent practice of making phone calls or leaving voice messages purporting to be from reputable companies to induce individuals to reveal personal information, such as bank details and credit card numbers.

Smishing: is a type of phishing attack where mobile phone users receive text messages purporting to be from reputable companies containing a Web site hyperlink, which, if clicked would download a Trojan horse to the mobile phone.

Origin

Any contact like this is designed to convince you to hand over valuable personal details or your money or download something that infects your computer. The three terms are all plays on the word ‘fishing’, in that the fraudsters fish for potential victims by sending emails, social media messages or text messages or making phone calls with urgent messages in the hope of persuading someone to visit the bogus website.

Protect yourself

  • Don’t assume anyone who’s sent you an email or text message – or has called your phone or left you a voicemail message – is who they say they are.
  • If a phone call or voicemail, email or text message asks you to make a payment, log in to an online account or offers you a deal, be cautious. Real banks never email you for passwords or any other sensitive information by clicking on a link and visiting a website. If you get a call from someone who claims to be from your bank, don’t give away any personal details.
  • Make sure your spam filter is on your emails. If you find a suspicious email, mark it as spam and delete it to keep out similar emails in future.
  • If in doubt, check it’s genuine by asking the company itself. Never call numbers or follow links provided in suspicious emails; find the official website or customer support number using a separate browser and search engine.

Spot the signs

  • Their spelling, grammar, graphic design or image quality is poor quality. They may use odd ‘spe11lings’ or ‘cApiTals’ in the email subject to fool your spam filter.
  • If they know your email address but not your name, it’ll begin with something like ‘To our valued customer’, or ‘Dear…’ followed by your email address.
  • The website or email address doesn’t look right; authentic website addresses are usually short and don’t use irrelevant words or phrases. Businesses and organisations don’t use web-based addresses such as Gmail or Yahoo.
  • Money’s been taken from your account, or there are withdrawals or purchases on your bank statement that you don’t remember making.

How it happens

Phishing, vishing and smishing are done in many ways. In the end, the aim is always to trick you into thinking you’re giving up personal information or making payments with someone you can trust, such as your bank, a government agency or a business or brand name.

The fraudsters will use your details to steal your identity, or simply take the money you’ve paid and break all contact.

Websites

You may find a website pretending to be a well-known company, organisation or service. The aim of these websites is to convince you that you’re using a real online service so that you hand over your personal or banking details or send money.

Emails

Phishing emails encourage you to visit the bogus websites. They usually come with an important-sounding excuse for you to act on the email, such as telling you your bank details have been compromised, or claim they’re from a business or agency and you’re entitled to a refund, rebate, reward or discount.

The email tells you to follow a link to enter crucial information such as login details, personal information, bank account details or anything else that can be used to defraud you.

Alternatively, the phishing email may try to encourage you to download an attachment. The email claims it’s something useful, such as a coupon to be used for a discount, a form to fill in to claim a tax rebate, or a piece of software to add security to your phone or computer. In reality, it’s a virus that infects your phone or computer with malware, which is designed to steal any personal or banking details you’ve saved or hold your device to ransom to get you to pay a fee.

Social media

Facebook, Twitter and other social media channels are also used to direct you to a spoof website. Fraudsters create accounts that have similar usernames and profile pictures to official accounts to trick you into thinking you’re dealing with someone you can trust.

Official accounts are ‘verified’ – they come with a checkmark icon next to their name, meaning they’ve proved themselves as the official company to the social media channel.

Phone

Some fraudsters will call your landline or mobile, pretending to be from your bank, building society, a government agency or someone you do business with. This is known as vishing (voice + fishing).

Alternatively, they’ll send you a text message that asks you to reply with your personal or banking details, or to call or text a premium-rate number they have created to run up a large bill. This is called smishing (SMS + fishing).

How to report it

Report it to actionfraud online or call 0300 123 2040.

Phone Scammers Asking For iTunes Gift Cards as Payment

Phone scammers are a devious bunch and they use a variety of tactics to trick vulnerable people into giving them money and personal information.

Often, phone scammers will attempt to panic a victim into paying by claiming that the victim owes money for taxes, fines, utility bills, or other unexpected fees. The scammers may be very threatening and may even claim that the victim will be arrested and jailed if payment is not made.

In other cases, the scammers may claim that the victim has won a lottery or is eligible for a tax refund or a large cash grant from a government agency or other organisation. But, the scammers will claim that the victim must pay various fees upfront before the funds can be sent to them.

In many cases, the scammers demand that the victim provide credit card details to make the supposed payments. Alternatively, they may instruct the victim to go out and purchase a pre-paid debit card and then call back with the card details.

And, increasingly, scammers are insisting that victims provide iTunes Gift Card codes as a means of payment.

Here’s how the iTunes Gift Card scams generally play out:

1: The victim gets a call from a scammer who invents a cover story like those mentioned above and warns that the victim must make an immediate payment or face dire consequences.

2: The scammer insists that the victim pays with iTunes Gift Cards and instructs him or her to hang up, go out and buy some of the cards at the nearest retail outlet, and then call back.

3: When the victim calls back, the scammer will ask for the 16-digit code on the back of the iTunes cards.

4: The scammer can then use the card code to purchase goods and services on the iTunes Store, App Store, iBooks Store, or for an Apple Music membership.

Scammers are using this method because iTunes Gift Card purchases cannot be easily traced back to offenders. If victims pay using the cards, it will usually be impossible for them to get their money back.

Keep in mind that iTunes Gift Cards can ONLY be used to purchase goods and services on the iTunes Store, App Store, iBooks Store, or for an Apple Music membership.

Any call that wants you to pay a supposed debt or fine using an iTunes card is certain to be a scam.  No legitimate entity will ever ask that you make a payment using iTunes Gift Cards.  If you receive such a call, just hang up.

Apple has published information about these scams on its website.

Note that scammers may sometimes demand that people pay with other types of store gift cards as well as iTunes cards.

Aside:

People familiar with computers and the Internet may find it difficult to understand how anyone could fall for a scam that demanded payment via iTunes Gift Cards.

But, keep in mind that there are still many people who do not have a computer at home and have only a rudimentary knowledge of the Internet and online payment systems.

They will no doubt have seen displays of iTunes Gift Cards in various stores without having any real understanding of what the cards are actually for. So, a clever phone scammer may be able to easily convince them that the iTunes cards are a new and safe way to make payments over the phone.

If you have less tech-savvy relatives, friends, or neighbours who you think may be vulnerable to such scams you may want to take a few minutes to bring them up to speed.