Not all scams are created equal. Not all of them are after your money. As scams become craftier and more complex, how can we protect ourselves?
First, a story…
So, you’re at work when you get a Facebook message from your mum: “OMG have you seen this pic of you LOL bit.ly/pic/.”
What? You click the link to see the picture and get redirected to a Facebook login page. You enter your email and password and hit Log In. Then the browser window disappears. Hmm. So you open another browser window and head back to Facebook. Only to find that you’re still logged on.
In fact, you were always logged on. The link you clicked in your mum’s message had simply redirected you to a fake login page. Your mum’s account had been hacked and now the hackers have your login details too.
It’s scary stuff when you consider that most of us use the same password across multiple accounts. Once they have your email and password, what other accounts could the scammers access?
Scams in the UK
Fraud is now the most prevalent crime in the UK. Between April and September last year, almost £35m was stolen from victims of cybercrime. That’s £190,000 lost each day and a 24 percent increase on the previous six months.
I work with cybersecurity companies on a daily basis, helping formulate public relations and marketing strategy, and it’s hard not to be impressed by the advertising finesse that goes into creating a scam. Cyber criminals can get so clever with their application of marketing principles. They can pull our stings psychologically and emotionally. They create a sense of urgency.
But I do understand that most people aren’t weirdos like me and instead of looking for scams, you actually just want to avoid them.
So let’s get into it.
Not all scams are after your money.
If you’ve ever lost money to a scam, chances are you realised your loss and were able to associate it with, for instance, a particular email you clicked or a specific website purchase.
But scammers aren’t always after money. Not directly, anyway. So even if you’ve never lost money to a scam, it’s still very possible that you have been scammed at one stage or another.
When it comes to avoiding scams, the first and most vital trick is to know what to look for – and in order to know what to look for, it helps to understand why someone would want to scam us in the first place. What do the scammers want us to do? What information are they after?
Ok, so why would someone want to scam me?
1. To get your money
Yawn. Boring. Yeah, we know. This is possibly the most obvious reason that someone would want to scam you – to directly access your bank account or, more often, to trick you into making a payment.
But it’s still important to cover this, because there are multiple ways someone might try to directly target your hard-earned cash.
Look out for: online sales that seem too good to be true (90% off Nike), unexpected invoices (“Your TV licence will expire in 2 days, pay £300 immediately”), emails asking you to update your account information (“Your Netflix account needs updating, enter your credit card details”), and direct requests for money (“I love you, send me money”).
2. To get your log-in details
When someone tries to obtain sensitive information (like your username, password or credit card details) by disguising as a trustworthy entity in an electronic communication, it’s called “phishing”.
Phishing is arguably the most common type of scam targeting individuals because it’s incredibly easy and cheap to execute. Most phishing scams take the form of email, and email is generally free whether you’re sending one message or a few million.
Look out for emails or phone messages from well-known brands (Netflix, Paypal, Barclays) asking you to update your account details. Also, as we’ve seen earlier with the ‘message from your mum’ example, beware of links that redirect you to a login page.
3. To sell your data
When something is “free” and you just have to enter your email, enter your name, make a free account, then the value is in your data.
It surprises a lot of people to know that social media quizzes are often trying to collect your information. Which Stars Wars character are you? What city are you meant to live in? Which celebrity is your soulmate? Ever played one of these?
Be mindful that even if the company behind a quiz or survey has created it without malicious intentions, they still need to store your data somewhere and it’s very possible that a third party might get access.
4. To make you believe something
Although last on our list, this point is incredibly important because it’s too often forgotten about or not even associated with the word “scam”. Yet fake reviews or paid ‘likes’ can significantly affect our purchase decisions. And fake news can have enormous impact on things like financial markets, the economy and political elections.
Often, it’s not a hooded hacker or a Russian analytics agency that’s behind fake news, but someone we’re familiar with, who’s using their position or rapport.
Remember Elon Musk’s tweet last year, telling the world he was taking Tesla private? Tesla shares were sitting at around $340 when Musk tweeted he was “considering taking Tesla private at S420 [per share]”. Naturally, people rushed to buy, and the share price hit $380 by the end of the day. But any gains investors had made were soon wiped out when Musk revealed he actually didn’t have any funding secured for a buy-back. In the space of a week, Tesla’s share price dropped to a year low of $250.
Likewise, our favourite Facebook and Instagram influencers are also often the sources of incorrect information and misleading marketing. Brands will spend more than US$2 billion with Influencers this year alone, yet estimates show that up to 25 percent of influencers have paid for fake followers from illegal bot farms.
According to a recent Home Office survey just nine percent of Brits can correctly identify scam texts and emails. This isn’t because we’re stupid. Not all the time, anyway 😛
Scams work because they’re convincing. They can look so real. When we’re logging into so many forms each day, of course we won’t be phased by another website asking us to “enter your username and password”. When someone we trust or look up to shares an article, we’ll likely read it and believe it.
But there are many measures we can take to make us less susceptible to scams.
Know what to look for – get familiar with why someone would want to scam you and what techniques or platforms (email, social media etc.) they might use.
Take your time – never automatically click on a link or document in an unexpected message or email.
If you’re approached with a request for money or personal information, don’t provide it straight away. Instead, contact the person or company directly to check they weren’t being impersonated.
Be aware that a genuine bank or organisation will never contact you out of the blue (and especially not via email) to ask for your pin, password, or to ask you to pay invoices into a new account.
Change your password regularly – and don’t use the same password across all accounts. You can check if your password has been compromised in a data breach at: www.haveibeenpwned.com.
Make sure you use the privacy settings available of social media platforms.
Only access reliable sources of information – and even then, always be sceptical.