The recent malware attacks that hit a variety of big organisations across the world have highlighted the need for care with online systems.
It seems unlikely that the original ransomware that hit so many big organisations was spread by email, but the National Cyber Security Centre (NCSC) has warned that criminals are trying to cash in on the attack. Some are offering fixes and support services that allegedly will protect computers.
Recent examples of this type of activity include:
- Social media alerts that include links to fake security patches. Clicking the link is likely to install real malware on your computer.
- Emails claiming to be from a telecoms provider and telling you that you’re about to be locked out of your account. You just need to click on the link in the email to verify a few details. If you click the link, you will be asked for enough information to allow the criminals to take over your account.
- App stores offering ransomware ‘patches’ for mobiles although mobiles weren’t affected by the recent events. If you buy the app, you’ll be paying money for nothing.
- Messages that pop up on your computer, claiming to be from Microsoft and warning that your computer has a virus. Typically the message includes a phone number. If you call it, you’ll eventually be sold some software that you can either get for nothing or that you don’t need.
In addition, criminals may try to steal your money by sending you an email and persuading you to open an attachment or click on a link. The message may:
- Say your order is on its way, details are in an attached confirmation. You know you haven’t ordered anything so you’re tempted to open the attachment to find out what is being delivered. If you do that, you’ll likely end up providing information to thieves.
- Say there’s been some unusual activity on your bank account or credit card and ask you to click on a link to confirm the details. If you click on the link you’ll be asked to provide enough details to enable thieves to take money from your bank account.
- Claim that your eBay or PayPal account is about to be suspended. The email will include a link and ask you to confirm some details. Again, if you do, they will be able to take over your account.
- Claim that you have a tax refund waiting. Again, there will be a link which will ask you to confirm bank details and, again, if you provide them, the thieves will be able to take money from your account.
- Claim that an organisation such as a solicitor or builder that you’re due to pay money to has changed their bank account details. This usually means that their email account has been hacked and, if you use the new account details, you’ll be sending the money to thieves.
These are just a few of the scams that have been seen recently.
The NCSC and Action Fraud offer advice to help avoid these scams:
- Never open an email attachment that you’re not expecting. Just delete the email.
- Never click on a link in an email. If you think the message may really be from your bank or whatever, go to the relevant web page in the normal way or call the organisation that is supposed to have sent you the email. But don’t use any phone number in the email. Use the number you normally use.
- Never allow anybody to have remote access to your computer. If you think you have a problem with your computer, take it to a reliable local repair company – don’t rely on somebody who phones you claiming that they can see you have a problem. Only thieves do this.
- Never give anybody your password or PIN. Nobody from a trustworthy organisation will ever ask you for that information.
- Don’t think it’s wrong to be rude to somebody calling and telling you there’s a problem with your computer. They’re thieves. Say nothing: just put the phone down.
- If you’re buying a house or having work done that will involve paying substantial sums of money, agree with the solicitor or the builder on how they must tell you their bank details have changed. Don’t believe an email that comes out of the blue.
For more information, the Action Fraud website is here.