Spams, scams, phishing and other annoyances

Scammer with Credit Card
Image from Which? April 2015

I know from my family and friends that there is nothing that worries the older IT user more than harming their computer by opening an email that starts a virus attack on their computer, or they are they are subjected to an email scam that will leave them short of money at best, and with compromised bank accounts at worst. I wanted to bring this excellent short article from April 2015 in Which? to your attention. It summarises the Top five UK email scams. Definitely ones to be on the look out for!

My golden rule as I mentioned in the previous post is “if it seems too good to be true, it probably is”.

Luckily these days the scammers and phishers have to rely on you actively letting them have access far more than used to be the case. Most (if not all) email programs and anti-virus software (as long as you keep it up to datevery important) are adept at picking out the genuinely evil messages which can do harm to your computer. So “you can look but you better not touch” to paraphrase the words from a Bruce Springsteen song. Just don’t click on a link – however inviting – in an email if you have any doubts, however small, of the sender’s authenticity!

I also wanted to tell you about this rather useful resource from Pat Howe which kept a running list of all known threats up until the end of 2014. He left his mail servers open to the possibility of threat to harvest all the attacks. All of them, or variants of them, are still around, so if you have any doubt about a message you receive, you can always check-it-out on Pat’s website.

An American resource that is also useful in defining the threats can be found at Stay Safe Online and their page on Spam and Phishing is worth a look, but for a UK slant (as mentioned in my last post) the best starting point is Get Safe Online and they have a page on Spam and Scam eMail which I also recommend looking at.

It’s a huge shame that we’re bedevilled with spam, scams and phishers, just as we’re hassled by cold telephone callers. Technology has brought us a load of benefits but with those it has also enabled those with a criminal, or just malicious, bent to make our lives a misery.

What you will learn hopefully from these blog posts is that good habits are our best hope for getting the most beneficial use from using IT. There’s nothing really to fear as long as you start from a naturally cautious stance, and you have reasonable organisational skills and a willingness to embrace a bit of logic :-).

Let’s start at the beginning …

So … you’ve dipped your toe in the water, got that computer that your son/daughter has persuaded you to get, allowed the telecommunications company to install broadband in your house with that WiFi thing and you don’t exactly know what to do with it – apart from send them emails to say you’re still alright and still alive – and oh yes,  there’s online shopping – that must be a good idea.

I don’t intend to replicate by way of providing a guide all the things you should or should not do as a silver surfer, just point you in certain directions and provide as impartial follow-up advice as I can, should you require it. Therefore what follows is not a comprehensive guide to getting started, just some of the things that appear to me to be most important. At the bottom of this post I provide links to some resources that are a) reputable, and b) authoritative which I would encourage you to also look at.

So we start with Internet Security and Safety Online. Yes, I know it’s not exciting, and yes … it’s a bit scarey as well. I’m not trying to put you off before you even start but it is important to get the basics of security and safety right, at the beginning, because habits picked-up when you start something have a habit of providing a good basis for ongoing practice. Now … didn’t my mother say something similar to that many, many years ago!

The basics are very simple actually and can be summarised in one sentence. Don’t do anything online that you wouldn’t be prepared to do with a stranger you’ve met for the first time in the street, or in a shop. In practice of course it’s a little bit more complex and so a few guidelines follow.

1) Everything falls apart if you don’t have a strong password to anything you do online. Your password is like the key to your front door. You wouldn’t give that to a stranger, or make it easy to find under the doormat, so why put so little value on your password? Furthermore, why use one key to unlock all the doors in your house (online information). Make it a bit more difficult for the burgler (hacker) by using different keys (passwords). But creating and more importantly remembering lots of passwords is a bit of a pain and so my suggestion for a password is to think of a phrase that means something to you and then create the password from it using a combination of letters, numbers and “odd” characters and then add a couple of letters to that to distinguish the site you’re accessing with that password from any others you might use. So, an example.

The phrase … “Cardiff won the Cup once in 1927”, and the site … say “Amazon”. For this I might construct a password like this – “Amzn_Cwtc01n27”. Replacing the vowels o and i with 0 and 1, and changing “nineteen” (as you would say the year) to “n”. Using a technique like this would make your password both unique and very difficult to guess … as long as you didn’t give it to anyone else.

By the way, I wouldn’t recommend basing a phrase on a hobby, or anything connected to you – so the example above would not be a great idea for a Cardiff City fan!

I’ll return to this theme a little later on when I post about Password Managers, a really useful tool to assist the “little grey cells” that have difficulty remembering passwords.

2) Don’t give away information you don’t really think the person asking for it really needs to know! I remember being really shocked when a colleague once told me that he had for years been providing incorrect information when shops required a post code, telephone number or address. However when you think about it, they usually only want it for marketing purposes and once they have it … do you have ownership of it anymore? Can you be sure they haven’t sold it on? Of course, it’s much better to just refuse to provide the information in the first place and I’m really not advocating dumping unwanted communications on some poor imaginary soul in Thornhill – but … ??? Similarly your date of birth is perhaps the single most important piece of personal information that you hold. Don’t give that away easily.

3) Have more than one email account. Keep one private for friends and family. Use the other(s) when asked for online. At the very least this will reduce the amount of spam (unwanted messages) you receive; at best this may stop your online identity being stolen (someone posing as you) and your email being hacked (broken into). Some email providers (certainly Yahoo! and Google) allow you easily to setup disposable email addresses on your account. [Psst – researching this has been useful for me too! I didn’t know how to do this with gmail until I wrote this post.]

4) Be very careful in the links you follow. Phishing is a very disturbing and distressing presence on the internet. You’re drawn into clicking on a link on a webpage and from there … the consequences are many. Be realistic … do you have an unknown relative in Georgia? Should you be sending online gifts to Africa  – how do they know your email address anyway (see 3 above)? Is it likely that the Revenue, Insurance Company, Bank would approach you online offering to give you money. Be very aware. Be very careful!

As I said before, this is really only a gloss over the subject. Boring it may be, but essential it most certainly is. The following links are generally authoritative, mainly UK-focussed and worth more than a glance.

Advice from elsewhere:
The Guardian – Eight ways to protect your privacy online
McAfee (Internet Security specialists) – 10 tips to stay safe online
Get the facts” from the Metropolitan Police
Get Safe Online – a very authoritative and useful UK organisation
Age UK has some useful advice too for Internet Security and
Microsoft have a couple of useful pages on What you need to know about your information the Internet, and how to Protect your Privacy on the Internet.