/ Technology

Have you ever been hit by an online scam?

Question marks on web browser

There are many reasons to be thankful for the existence of the internet. Without Tim Berners-Lee’s creation there would be no BBC iPlayer, no Google and… no place to share cat photos. But what about all the scams?

As the web has matured to accommodate 1.2bn Facebook accounts and £68.2bn in online UK spending, there are more and more dangers to be aware of.

You need to be careful who you’re giving your bank account details to, where you share your personal data and what websites to hide from prying eyes.

Your cybercrime comments

There were an estimated 12.5 million victims of cybercrime in the UK last year, costing the economy £1.8bn. And many of those who’ve been scammed have shared their experiences here on Which? Convo. Mose told us how he’s been unlucky:

‘In less than ten years I’ve had my credit card used three times. The last time was only a couple of months ago. I’m always careful online, I have good antivirus, good firewall, all passwords are very secure, I don’t keep cookies and all my software and games are legit. I have come to the conclusion that one can only be so safe. Maybe I’ve just been unlucky.’

Dyfnwal discovered his personal data online:

‘Recently, by Googling my mobile number, I discovered my full card details published in a text file that had been “dumped” from a Russian web site.’

Ask your online security questions

We’ve got lots of guides on our Consumer Rights website to help protect yourself online, from phishing emails to all sorts of sophisticated online scams. But sometimes you need a personal touch, which is why we’ve invited Tony Neate, CEO of Get Safe Online, to answer your burning security questions on next week’s Which? Technology podcast.

A government-funded security service to help protect internet-connected devices from malicious attack, Get Safe Online is perfectly placed to offer some sound internet-related advice to set your mind at ease.

Got a question for Get Safe Online, such as ‘how to safely send money online’ or ‘how to protect your passwords’? Just ask it in the comments section below and we’ll do our best to answer as many as possible when the podcast airs on 8 October.

Comments
Profile photo of wavechange
Member

My bank asks me to use Rapport software for transactions, but does not insist on this. I find that Rapport really slows down my Mac, which used to be a problem with anti-virus software. Rapport can be switched on and off, but this requires a restart – which takes time.

If it was really important for customers to use Rapport, it seems likely that the bank would make it mandatory or say that it would not cover fraudulent transactions.

The Get Safe Online website mentions Rapport but does not comment on whether it is essential to use it.

Profile photo of william
Member

My bank asks me to use Rapport, but I’ve not noticed any performance issues on my PC.

What I have noticed it that my ISP seems to be doing a good job on shielding me from dodgy emails, think I’ve only had 1 in the last year and I don’t think it was a scam one either, but I don’t know that for sure as I deleted without opening it.

I’ve also have noticed is the number of ads that appear on facebook that are clearly scams has shot up. Just type Tesco in the search bar and I can almost 100% guarantee that 3 out of the top 8 listed are scams sites(pages). The real Tesco has finally got a verified symbol ( not sure if it was one of my messages suggesting they did that that resulted in them getting it ).

Profile photo of wavechange
Member

Some people seem to get on better than others with Rapport, but the effect on performance is well documented. I think I will use an older laptop (with up-to-date software) and Rapport to do my banking and online shopping, and avoid having Rapport on the laptop I use regularly.

Profile photo of Guy Chapman
Member

I have OpenDNS configured, which filters known bad sites, then I have antivirus and antimalware software, I also have Malwarebytes installed (which blocks a steady trickle of wrong ‘uns), HitmanPro to give a second opinion, and I have Web Of Trust and AdBlock Plus installed in Google Chrome, my preferred browser.

I never re-use passwords between sites, I change passwords regularly and keep them in a password safe (KeePass). For some sites I use separate email addresses, which is easy as I have my own domain.

I always view email in text mode first, check all links and SSL certificates and never click on links purporting to be from PayPal or my bank – I go to the website and look at the message box there. When I was an email administrator, over 99% of all inbound mail was spam, it’s still the most common vector for scams.

Despite this, I have had two or three malware exploits make their way onto my PCs at home. I have no idea how the less paranoid manage to avoid sending their cash to Nigera or Russia, the sheer volume of scams is breathtaking.

At least as consumers we rarely face the issue of zero day exploits. I got his by Sasser on day zero, over 100 infected systems within 20 minutes. It took 36 hours of continuous effort to eliminate it.

Profile photo of julieshrive
Member

What bothers me is the Computer, Soft ware companies are rendering 10 year old computers obsolete & one is not informed before one buys. Recently there was an email from Apple saying specifications not able to download then when investigated Apple Care [ no HQ ] wanted credit card details .Having RepaIrers Insurers running Customer Services as in Currys PC World is bound to cause trouble.Rip off.

There are design faults sometimes caused by security & passwords blocking . My Shopping Carts do not show what ordered .Things have never been the same since technicians, to assist , accessed it remotely.

Profile photo of Guy Chapman
Member

Are you sure that was a legit customer service rep? It sounds suspiciously like some of the “tech support” scams.

Member
Duncan says:
4 October 2013

A good way to cut down on spam is to filter all mail through a spamfilter site – I’ve used Spamcop.net for years, and it works just fine (in association with a personalised email address). The Mac automatically filters out the stuff that spamcop lets though, so a spam in my inbox is, if not a rarity, certainly unusual!

Profile photo of Guy Chapman
Member

Yes, I used spamcop for ages as well, but actually most of the big providers now have decent filters. No filter is 100% effective, though, which is why it’s really important to learn the telltale signs and check twice before putting any personal information into any site.

Member
ukbobboy says:
11 October 2013

A month or so ago I was looking into Rapport, with the idea of installing it on my PC, and found that there actually were no independent test done on this software, in fact Trusteer ( the makers of Rapport) has gone out of it’s way to ensure that any one that wants to test their software must do so under Trusteer’s own rules and testing procedures.

This I find very strange.

Also, I have heard that Rapport is nothing more than “Snake Oil” because none of it’s claims have ever been substantiated and that everything it pushes is nothing more than propaganda.

Finally, I came across this seminar posted on YouTube and although two years old it seems to be the only non-tainted view on Rapport available.

http://www.youtube.com/watch?v=EimZQgt7WPg

UK Bob

PS I would like to see Which? test this software and let us know whether or not this is just vapourware.

Member
Jeff Richardson says:
16 May 2014

I have ordered half-a-dozen items from the USA over the past eighteen months, from various vendors, both businesses and from private sellers. Each time, after about two weeks, just at the time when I was hoping the goods would arrive, I have received an E-mail purporting to come from USPS and containing an attachment.
The first time this happened, in December 2012, I read the message and opened the file; and promptly lost my Windows XP machine to a virus.
I have ignored all subsequent such messages and now, having ceased to order from the USA (because of the VAT and the surcharge levied by ParcelForce) I have received no more of these messages since. There seemed, to me, to be a definite link between my Orders and the malicious messages.

Member
Eileen says:
19 April 2017

Over the last few weeks I have received a number of email receipts for items I have not purchased, some of these from online companies such as Apple (iTunes) and Paypal and others from companies such as New Look that I have never purchased items from. Despite getting notifications of receipts for payments no corresponding transactions have appeared in my bank statement. Checking my details on Paypal shows that I don’t have a valid payment card registered with them.

If someone has hacked my email account or found out my email address and is using this without any corresponding bank info I am not sure what they would gain. Some (but not all) of the email receipts include embedded links for me to cancel the purchase so these may be fishing emails. I have up to date security software on all my devices.

I’m reluctant to abandon my email address if my financial details are secure but concerned about what is happening. Does anyone have any similar experience or advice about what I should do?

Profile photo of duncan lucas
Member

Eileen , you have partly answered your own question , if at present they have no access to your bank account then they do not know your banking details. Your right you email account has been hacked . First things first , straight onto your email service and change your password , but you have a problem , your email service has no virus control , you can keep it for social business and get a more secure one . Any decent service would recognize a virus laden email attachment , if it doesn’t its a rubbish service . Second NEVER click on any email link/attachment unless you are 100 % sure its a genuine one -investigate the URL . Once a hacker knows your email service is compromised they all get to know , if you click on the attachment you are allowing malware to enter your computer –and take it over -watching your keystrokes and blocking your access to files or even your virus system. Thirdly get a paid for virus control that blocks malware of this type, that scans all incoming packets etc. Dont delay , if you need any help get back-please.

Profile photo of malcolm r
Member

I. like many I’m sure, have had occasional emails like this with an attachment, usually pdf, purporting to be an invoice, or a link. I presume they are just the usual random emails like the other junk I get. The answer is, if you don’t know for sure who the email is from, delete it. Never click on a link or attachment unless you are 100% certain of the sender and that their email address (in the “from:” header) is genuine. Best to play safe.

If you are not sure whether it is relevant to you, find the actual email address of the company (not the one on their email, find it independently on the web) and ask them if they have contacted you, or phone them.

Profile photo of Ian
Member

Eileen, if you’re using FF you should type

about:config

in the address bar. Search for

network.IDN_show_punycode

and set it to

True

That will safeguard you from a nasty scam that could cause you problems. Otherwise, with the cases you’ve quoted, simply follow Malcolm and Duncan’s advice.