Following Caroline Gray's talk at March's AM on scam awareness, here's a summary of her top tips, plus some resources and links for future reference. There are many ways fraudsters try to part people from their money and anyone can be a target. Caroline gave examples of doorstep, postal, telephone and online scams as well as other methods used (see the Resources section below for a link to more and updated information). We need to be vigilant and suspicious at all times including when strangers call at home, and especially online as cyber crime is on the increase. Caroline's Top Tips
Your bank won't email or phone you if there's a security problem, nor will they ask you to re-enter your details. They don't ask for money to be transferred to a 'safe' account - they lock the account if it looks like there's suspicious activity. Contact the bank directly on the number given in your account details if there is a problem.
Check emails are genuine by checking the FROM (i.e. the full) email address, rather than the displayed name. If you click on the display name or a link called e.g. details next to it, you will see the true email address. Make sure that it is the right address (e.g. it doesn't have a string of gobbledegook in it) or ones that look OK initially are spelt correctly - especially watch out for L replaced with 1 and other subtle differences
Never click on links in suspicious emails. This may lead to downloading malware which then harvests information subsequently keyed in such as passwords OR to a screen which asks you to verify your account and/or personal details.
Check website addresses, especially those links given in emails - it's better to access the site directly from a trusted other source e.g. from the link in your favourites folder
Always look for the locked padlock at the top left of the screen and https in the URL for any site where payment can be taken
Beware googling for sites such as HMRC, passport office, DVLC etc. The search results may have fraudster websites at the top instead of the genuine ones.
Beware 'Nottingham knockers' (doorstep pedlars) and doorstep tradesmen. The former often are looking for vulnerable properties suitable for burglary or doorstep scams; the latter may be rogue tradesman who do poor or unnecessary work at inflated prices
Look out for 'too good to be true deals', or misrepresented goods on online shopping or auction sites. If it seems too much of a bargain, it often is, or it might be stolen goods.
Beware phone calls or texts from internet, phone or application providers saying there's a problem. These are often aimed at getting you to install a program which takes control of your computer or phone. The result is personal details can be stolen, OR your computer or phone is locked until a ransom is paid.
Ignore any postal winning notifications from draws you didn't enter, or online job adverts where a fee is required up front.
Don't share a lot of personal information online e.g. when you're away on holiday, date of birth etc. [Editor's Note: Avoid those 'fun' quizzes e.g. where you are asked to supply the day and month of your birth to create your fairy name or whatever. They may have been created to harvest personal data]. Check your settings on Facebook and set the accessibility to Friends only instead of Public.
Further Resources
See Caroline's handout above on How to spot a doorstep scammer. You can download a printable version here
If you are scammed, Caroline recommends contacting your bank; then Action Fraud on 0300 123 2040, or the police’s non emergency line on 101 (NB Action Fraud also has an online reporting facility - particularly useful for reporting any online fraud or phishing attempts you find; not just when you've actually been scammed. Don't be put off by the login screen, you don't need an account and can make your report as a guest)
There is lots of information on the Friends Against Scams website, particularly their Scam Alert (latest scams) and Scams Dictionary pages
You can test the strength of your online passwords here. This site told Caroline her initial chosen password could be cracked in 2 weeks; she now has one which should take over a thousand years. Resources and tips from other sources:
Check if your email address is on a publicised data breach here. If it is, then change your passwords if you haven't recently. Don't worry if you find your email on the list as it’s very likely. Make sure you change passwords on any application(s) which use the same email address.
If you are concerned about forgetting passwords, don't write them down on paper (burglars look for this kind of information as they can sell it on); a possible solution is to write them in a password (make it a strong one!) protected spreadsheet, or to use one of the secure password managers available. Your computer or the security application you use (e.g. AppleMac, iPad or IPhone, Norton security) may have this feature already, or there are separate ones such as LastPass, Dashlane or 1Password. As fingerprint/voice/iris security technology advances the need for these measures will diminish.