Keeping yourself safe online is something that every one of us should continually educate ourselves on. By learning more about the ways that con artists, spammers, hackers and viruses can wreak havoc on our computers and bank accounts, we reduce the chance of their success.
As a website designer I create new email accounts regularly for clients but I am also the first point of contact when anything appears to be suspicious or goes wrong. In this article I list many of the situations that I have experienced first hand or heard about and if it helps anyone else to avoid these issues, I’ll be satisfied that I managed to save one less person from online con artists.
The main types of scams occur by email.
How to sniff out an email that is junk, look for:
- An unknown sender.
- A company you have never had contact with.
- Poor spelling and grammar, indicative of English being a second language.
- A generic email that looks like it is sent to multiple people.
- An address that is fake trying to replicate a well known domain eg. Paypal.com
- An address that has multiple characters followed by an obscure domain name such as firstname.lastname@example.org
- The email message does not appear to be written by the sender, if you know the sender.
- The email will contain a short line of text and an unfamiliar link in it.
- The email may contain a shortened URL such as bit-link.
If you are suspicious of any email, leave it and contact the sender by visiting their website via a search engine and using their website contact details or if it’s from an email contact, give them a call or text to confirm. It could cost you heavily if you don’t.
Typical subjects of spam emails are:
- Medical drugs
- Credit applications
- PPI claims
- Sexual content
- Bank notifications
- Accounts urgently needing unblocked
- Tax rebates
- Gambling sites
- Fake offers
- Search Engine Optimisation services
- Money owed to you
- Outsourcing work to other countries
If you haven’t heard or dealt with the company before, that’s a good sign to keep away as they should have no reason to contact you. Also, banks will not contact you to request details via email, they make this explicitly clear. Call your bank or visit your local branch to confirm any emails requesting details that seem legitimate. Often they’ll be scams.
Dangerous Attachments and Links
It can never be stressed enough that when you receive an email attachment, you should never open it without scrutiny even if it comes from a friend or trusted sender. This is probably the number one way to invite havoc into your system.
People who aren’t careful with their log in credentials, have weak passwords, mistakenly logged into fake email websites or are the victims of some clever hacking can have their email address compromised by hackers or spam bots, often without knowing it.
It may come from your friends email address but that doesn’t make it safe. Some viruses multiply by emailing themselves to all your friends with messages like ‘Hey, I thought you would enjoy this picture of you that I found!’
As soon as you click the link, especially without antivirus/firewall software installed, the damage is done and you could have a virus. You may not even know it’s there, capturing your passwords and bank account details with no visible signs.
How to Avoid
Regard any attachment with suspicion, any files at all such as executable files, installers and programs, PDF files, pictures, movies, sound clips. Your mail provider or security suite may have features that will identify suspicious attachments and warn you but you can’t rely on this 100% of the time.
If it’s from an unknown sender with no reason to send it, it’s best to avoid it completely. Simply visiting a website can infect your computer with viruses and spam.
Using search engines is slightly safer as they do their best to try to weed out harmful websites but like everything, many still slip through. Even Google images can distribute viruses by luring you in with a high ranking image in the hope many people will click it and the effect will spread quickly.
You should never trust any link sent to you in an email that you are unsure of, especially shortened URLs which disguise their real identities.
How to Avoid
To check a link out prior to clicking it you can carefully select it and copy it, but be very careful not to click it. Once copied, paste it into a search engine such as Google and see what comes up. If it looks suspicious, avoid it.There are websites such as this one by Norton that will let you paste the link in and it will give you a security report based on it’s findings.
If you have received a shortened URL such as: bit.ly/Y4K2q6 initially you will not be able to tell where the link goes. This is handy for Twitter to reduce the size of a URL to fit in 140 characters but even handier for spammers who can hide dangerous website addresses behind a nice short address, like link camouflage. Simply paste it into a shortened URL checker such as this one and it will reveal where that link really goes.
Chain Letters, Joke Emails, ‘Forward This’ Campaigns
Chain letters were a popular letterbox scam before the internet arrived. They follow similar patterns, often for a good cause (they claim) and the recipient must copy the letter and send it on to a number of friends and if they break the chain they will face superstitious or vicious repercussions. Now that email is popular, the ease of sending these type of emails requires almost no effort to forward it to everyone you know in a few clicks.
‘Forward This’ and ‘False Awareness’ Campaigns take the shape of stories about persons who are terminally ill, emotional stories about the armed forces, animal cruelty, missing persons etc. These are the most likely to be shared by honest people who would refuse to forward other scams.
Refusing to forward these emails will not result in any deaths, illness, bad luck or ill harm to the person or the cause that the chain mail is reportedly trying to help.
Joke emails are popular with office workers, clubs, committees, mature computer users and sadly good Samaritans. You most likely have had contacts that fill your inbox with emails containing funny pictures, heart breaking and emotional tales, links and attachments. At the end is the bold statement such as ‘Forward this on to show you care’.
Not only can this be a chore having to continually delete such mail, it is one of the most common ways to infect your computer with a virus when they contain attachments that you open. People who send such mail often forward them to everyone out of superstitious fear or to entertain their friends unaware of the dangers and the nuisance this can be to others.
The reason they are popular is that by clicking ‘forward’ in your mail box, every recipient will be able to see in the ‘send to’ address of every person you sent this to so all your friends would be able to see who you have as contacts.
Further to this it is likely that previous senders have done the same thing and by looking through the email content you may see a trail of previous recipients. This can make its way through a vast number of people and if it ever reaches anyone looking to harvest email addresses for spam purposes, it’s a jackpot for them.
If you must forward a chain email, delete all extra content in the email outwith the readable content, this includes all previous sender addresses, forward lines and dates. Ensure that you only forward the actual email content to trusted recipients.
More advanced than other scams and sometimes very difficult to detect. The term phishing refers to the fraudulent practice of sending e-mails purporting to be from legitimate companies in order to induce individuals to reveal personal details.
This has been really successful due to the almost invisibility of the attack and often people are completely unaware it even took place.
These emails appear to be from legitimate companies such as banks, Paypal, Facebook, Twitter and many others. The email will be formatted to look authentic, often copied from the real thing and it will require you to reply with your details, log into your account or pay for something after clicking a link.
When you click the link, you appear to be on the site you are familiar with and you have to log in or pay as you always do. The catch is that this page is a fake page designed not to log you in or pay but to collect the details you enter and to send them to the people behind the site. After you enter the details your log in will fail everytime or in more advanced cases it will redirect you to the real log in page so that you get in second time and you believe your first error to be a mistype. Someone now has your log in details or even worse, your bank details.
How to Avoid
The running theme of this guide is once again, be suspicious of these types of emails and if any action is required, do not click the email link. Go to your browser, visit the website directly through the correct website address. If the email requires you to send information back, visit the company website (if the company are known to you) and use the contact form or call their phone line to confirm that such details are required.
These attacks are becoming very common on social media such as Twitter, a generic message arrives from one of your followers saying something like ‘This person is saying terrible things about you’ followed by a link. You click it and it takes you to a phishing log in page, if you mistakenly log in, you get hacked and the same message will be sent to all your followers and the cycle multiplies rapidly.
You should report all forms of these emails to the company being imitated. They will often take action against future occurences and if everyone reports them, it makes it harder for future phishing scams to succeed.
Note: Most companies, especially banks are fully aware of these scams and will inform you that they will never ask for any of your details by phone or email.
A seriously tricky to detect form of attack, click jacking. This is the term for when a website places an invisible piece of code on a website that sits over a button the user will click, effectively hi-jacking your click to do something other than what you intended.
Common intents are to make you like or share something on Facebook (known as like-jacking) or to follow someone on Twitter that you did not intend to. Also they can make your social media profile public and other strange things. Although none of these are too harmful, if their success continues it’ll be a way that can be adapted to deliver some nastiness when you click.
How to avoid
Embarrassingly I discovered this by attempting to watch a video on a friend’s Facebook post on my wall, as soon as I clicked, Norton Antivirus stepped in to inform me that it had prevented a click jacking attempt. The lesson being that a well updated anti virus and firewall is essential for those moments when you slip up. This one is really tricky to avoid because it is invisible. Mozilla Firefox has a plug in that can be installed to detect click jacking but I would always recommend a good quality Security Suite to protect your computer.