Fraudsters don’t always ask for your money. Emails that are designed to look as though they’re from a ‘household name’ are becoming common. For example, fraudsters using a ‘household name’ are sending emails with a false promise of a refund if they are provided with a person’s bank account details. These ‘household names’ include H M Revenue & Customs, energy suppliers, high street banks and other well-known organizations. Recipients of these emails are being told that they are due refunds – and to claim these refunds they should click on a link and have their bank details ready, so that the refund can be deposited electronically. Recipients of these messages should always look for any grammatical errors, (common) and anything else that looks suspicious. Don’t click on any links. If in doubt, make separate independent enquiries.
Any suspicious emails should be reported to Action Fraud (actionfraud.police.uk) or contact Citizens Advice on 03454040506. To learn more about scams visit web site friendsagainstscams.org.uk
Fraud is a multi-billion-pound "industry" which affects people from all walks of life.
From our perspective, millions of older people are believed to have been targeted by scammers and this is likely to be an under-estimate of the real numbers. Unfortunately, the ones most likely to fall victim to fraud are those who live alone with no one to look out for them, or who have dementia.
So, what is a scam?
A scam is a deliberate attempt to obtain information from you, to obtain your personal details - and your money. Stealing personal details such as your date of birth, address, passwords, account numbers, and national insurance number is known I/D fraud, and these details are the route to your bank and credit card accounts.
Scammers use all kinds of methods to gain your confidence, including posing as bank or tax officials or even police officers. Scams are perpetrated by individuals and by organized gangs and contact can be by post, text, email or by home visits.
In the same way that buildings and houses have addresses, so do web pages. They have a unique address to help people locate them, known as URL's (URL stands for Uniform Resource Location)
Always check the URL of the site you’re on when online shopping – scam sites can often look genuine. Always look out for extra full stops and dashes. Scammers will target you with a professional looking advert, and then send you through to a copycat website. Don’t feel rushed into a purchase – be sure to stop and think before you buy and ensure the website you’re ordering from is legitimate. Not using a "link" but instead finding the website yourself would be a good place to start.
And the golden rule is - if something sounds too good to be true it usually is !!
********************
Scam of the month April 2024
Password security
Three random words
This months scam of the month covers password security and comes from the National Cyber Security Service.
Combine three random words to create a password that’s ‘long enough and strong enough’.
Weak passwords can be cracked in seconds. The longer and more unusual your password is, the harder it is for a cyber criminal to crack.
A good way to make your password difficult to crack is by combining three random words to create a password (for example applenemobiro). Or you could use a password manager, which can create strong passwords for you (and remember them).
Avoid the most common passwords that criminals can easily guess (like ‘password or 123456’). You should also avoid creating passwords from significant dates (like your birthday, or a loved one’s), or from your favourite sports team, or by using family and pet names. Most of these details can be found within your social media profile.
If you’re thinking of changing certain characters in your password (so swapping the letter ‘o' with a zero, for example), you should know that cyber criminals know these tricks as well. So your password won’t be significantly stronger, but it will be harder for you to remember.
Why does the National Cyber Security Centre recommend using ‘three random words’ as a way to create passwords?
By using a password that’s made up of three random words, you’re creating a password that will be ‘strong enough’ to keep the criminals out, but easy enough for you to remember.
Longstanding advice around making your passwords very complex (which suggests we should create passwords full of random characters, symbols and numbers) is not helpful. This is because most of us have lots of passwords, and memorising lots of complex passwords is almost impossible.
Passwords generated from three random words is a good way to create unique passwords that are ‘long enough' and ‘strong enough’ for most purposes, but which can also be remembered much more easily. If you want to write your password down, that’s also OK, provided you keep it somewhere safe..
Use a strong and separate password for your email
Why it’s important to take special care of your email password.
We are often told that the passwords to access our online accounts should be really strong, and not to use them anywhere else. This is especially true for the password for your email account. If you've used the same password across different accounts, cyber criminals only need one password to access all your accounts.
Always use a strong and separate password for your email; that is, a password that you don’t use for any of your other accounts, either at home or at work.
If a criminal can access your email account, they could:
Having a strong and separate password for your email means that if cyber criminals steal the password for one of your less-important accounts, they can’t use it to access your email account.
The NCSC encourages people to use password managers, which can create strong passwords for you (and remember them).
If you have re-used your email password across other accounts, change your email password as soon as possible. It should be strong and different to all your other accounts.
Ideally, you should use unique passwords for all your important online accounts (such as banking accounts, shopping/payment accounts and social media accounts), not just your email account. You should also provide additional protection by setting up 2 step verification (2SV) on your email account, which will prevent a criminal from accessing your email account even if they know your password.
You might like to visit the National Cyber Security website:-
https://www.ncsc.gov.uk/ to look at their advice on this matter. You will also see a link there showing you how to set up 2 Step Security should you so wish.