Chris House, IT Consultant at MJR Computer Solutions explores some of the less obvious digital scam techniques which are worth knowing about.
You open up your in-box and there it is. Another lottery win. Or maybe a wealthy – but previously unknown – benefactor has decided to leave all their millions to you. All you have to do is send your bank account details to claim the prize.
These scams are thankfully pretty obvious and many people are now wise to the adage that if it sounds too good to be true, it probably is.
But there are other scams that are quite a lot more sinister and difficult to spot.
What if you receive a message, for example, from your own email address saying your account has been hacked? And what if your own password is provide to you as 'proof' of the genuine nature of the communication? Very disconcerting. It's easy to see why many people panic and start to reveal personal information to the scammer.
Email 'spoofing' is actually surprisingly easy. The 'from' field may not give an accurate representation of who has actually sent the communication. If a website has been compromised, hackers can get hold of all kinds of information including passwords. And there's a tendency for people to use the same password in multiple places. So the scammers have a reasonable chance of guessing the one for your email account.
A couple of things to watch out for:
If there is a 'via' in the 'from' field. An email arrives that seems to be from Phil – someone you know – but it has come via another name or domain. Call Phil to check that he really did send the email. The chances are that he didn't.
Poor English. It's not necessarily that the person sending the email isn't English and doesn't know how to speak the language. It might be that the content has been deliberately 'randomised' so that it won't be recognised by spam filters, which are on the look-out for specific scams. If something doesn't read well, have your wits about you.
On a company account – via, say Office 365 – it is fairly easy to screen out these emails. Easier than it might be on a personal email. General advice would also be to ensure you've updated your computer and are using reliable anti-virus and anti-malware software, which is also up to date. Only visit websites that recognised and verified. And, please, try to vary your passwords!
If you would like any specific advice in an office environment then please get in touch with Chris House via email firstname.lastname@example.org.