However, fast forward a few years and we can now all laugh at such a simple, and unbelievable scam. Criminals have moved on, and the frightening thing is that they have moved, and continue to move on at a faster rate than the authorities can ever hope to keep up with. As a consequence, fraud has become by far the biggest criminal activity in the UK, and accounts for a staggering £38 billion lost as a result. Of course this is not all scams against individuals, and in fact by far the biggest loss to fraud is Public Sector money lost through things such as benefit scams, and the billions of pounds lost during the pandemic in procurement of items such as PPE many of which were not usable, or indeed safe to use. However, figures from 2023 indicate that the level of personal fraud in the UK is running at a rate of loss of £2,300/minute or £1.2 billion per year. These are frauds where ordinary people are losing money to criminals who deliberately target them and, using a variety of different tricks and subterfuge, look to part them from their money. As I said before, criminals are becoming increasingly sophisticated in their methods, what hasn’t changed is their ruthlessness and determination to part you from your money, and they don’t care how they do it, or for the financial impact on their victims. They want the luxuries of life, and they want your money in order to get them.
As a demonstration of how sophisticated these criminals can be, they are very adept at using technology, and misusing it, to help them to fool people. For example, it is possible with the right equipment to clone telephone numbers. This allows criminals to call you and to generate a number on your phone that matches that of your bank, credit card company, or whoever they wish to appear to be. This means that if you receive a call claiming to be from your bank, and to verify it you check the phone number, there is no longer a certainty that because the numbers match, the call is genuinely from your bank. Faced with this risk the golden rule is “NEVER give anyone your personal bank details on the phone unless you are absolutely clear that it is your bank you are speaking to”. This includes being aware that if the person calling you invites you to hang up and call the bank on the number you have for them, and know to be legitimate, if you do not ensure that you have a dialling tone before entering the number, you may very well end up talking to the criminal again, because if they do not hang up at their end, the line actually remains open. So, if you get a call from your bank, you need to be 100% certain that the call does originate from them.
All banks make it clear that they will never call you and ask you for personal information, so you should be suspicious straight away if the caller starts asking for information that the bank will already hold. Do not be fooled simply because the caller has the correct long (16 digit) number from your debit or credit card. These numbers are easy to obtain and on their own are worthless, what a criminal need is either your PIN, or the 3-digit security code on the back of the card. If you are called by someone stating they are from your bank, and even if the number on your phone matches your bank’s number, do not give out your PIN or the 3-digit security number. If a criminal has these then they have all they need to be able to use your card to spend your money.
Many banks, and card providers, now have what is known as 2-factor Authentication. If your bank or card company, and indeed any website that you use, offers 2-Factor Authentication then please sign up to it, it is a very useful additional layer of security. However, should you be unlucky enough to be called by a criminal trying to get to your money, and they either have, or you have given them your card number, and security code, the 2-Factor Authentication should prevent them from going any further. However, during the call, once they have the information they need they will try to spend your money, usually while you are still on the phone. If they hit the problem of 2-Factor Authentication, that code will come to you, either as an email, or text. In order to proceed the criminal needs that code and will usually then try to tell you that the message that you have just received is from them, and for security purposes they need you to tell them the code. This is then absolute proof that you are being scammed, and you should hang up, and report the call. Remember you need that dialling tone before you dial a number.
I read a story recently where a lady unfortunately fell for just such a trick as this one, and once the criminal had got her money, he was still on the phone, and then proceeded to berate and humiliate her by revealing himself as a criminal and tormenting her with what he had just done, and telling her how stupid she was and how easy it had been to take her money. There really are some very evil people in the world, please don’t let yourself be one of their victims.
The other big scam at the moment involves someone calling and claiming to be either from your bank, or the police. The basic story is that they tell you that fraudulent activity has been detected on your account, and you therefore need to move all of your money from that account into a safe account that they have created specifically for that purpose. The bottom line here is that this situation would never happen. Both the police and banks make it very clear that they would never ask anyone to do this. Therefore, if you are ever asked to transfer money from your account into another, no matter who you think is asking, it is not legitimate, and if you comply you will lose your money, and probably have a long and difficult fight to get any of it back. So Please remember: Unless you called the company yourself for help-NEVER:
• Log on to your computer or Internet Banking for a random caller.
• Visit any website address they provide on a call.
• Download anything they suggest to your computer.
• Tell them what’s on your computer screen at any given time.
The other popular attempt (at least with criminals) to get your personal details, and hence a chance at getting at your money, is based around parcel deliveries. Many of us now buy online regularly, and this in turn means that many of us are at any given time expecting a parcel to be delivered. Criminals have quickly jumped onto this and there are several variations of scams around the theme of sending out emails to people claiming that there has been a problem delivering your parcel, and either, asking you to click on the link and confirm your details, or that there is a payment to be made before delivery can be completed, and to click on the link to go to a site on which you can make the payment. The criminal is planning on the fact that many people will be expecting something, and that their curiosity will lead them click on the link to find out what has happened.
In many case that simple click is all that is needed. You will then either be asked to make a payment, or to give your card details, or by clicking on the link you may download a piece of rogue software that will infect your computer. In many ways the latter may be the worst option as you could end up having your whole system infected and your data either held to ransom, or worse still, destroyed.
I realise that all of this sounds like scaremongering, but it is certainly not my aim to scare people, or indeed to put you off using your computer. You are safe if you take appropriate precautions. The following is the current advice from Action Fraud and the national Cyber Security Centre.
What should you do if you’ve received a scam email?
• Do not click on any links in an email it you are not 100% certain where it has come from.
• Do not reply to the email or contact the senders in any way.
• If you have clicked on a link in the email, do not supply any information on the website that may open.
• Do not open any attachments that arrive with the email.
• If you think you may have compromised the safety of your bank details and/or have lost money due to fraudulent misuse of your cards, you should immediately contact your bank.
Fake emails often (but not always) display some of the following characteristics:
• The sender’s email address doesn’t tally with the trusted organisation’s website address.
• The email is sent from a completely different address or a free web mail address.
• The email does not use your proper name, but uses a non-specific greeting like “dear customer”.
• A sense of urgency; for example the threat that unless you act immediately your account may be closed.
• A prominent website link. These can be forged or seem very similar to the proper address, but even a single character’s difference in a web address means a different website.
• A request for personal information such as user name, password or bank details.
• The email contains spelling and grammatical errors.
• You weren’t expecting to get an email from the company that appears to have sent it.
• The entire text of the email is contained within an image rather than the usual text format.
• The image contains an embedded hyperlink to a bogus site.
If you think you may have been the victim of fraud or cybercrime and incurred a financial loss or have been hacked as a result of responding to a phishing message, you should report this to Action Fraud
Have you spotted a suspicious email?
If you have received an email which you’re not quite sure about, forward it to the Suspicious Email Reporting Service (SERS): report@phishing.gov.uk The message might be from a company you don’t normally receive communications from, or someone you do not know. You may just have a hunch. If you are suspicious, you should report it. Your report of a phishing email will help them to act quickly, protecting many more people from being affected.
The National Cyber Security Centre (NCSC) will analyse the suspect email and any websites it links to. They'll use any additional information you’ve provided to look for and monitor suspicious activity.
If they discover activity that they believe is malicious, they may:
• seek to block the address the email came from, so it can no longer send emails
• work with hosting companies to remove links to malicious websites
• raise awareness of commonly reported suspicious emails and methods used (via partners)
Whilst the NCSC is unable to inform you of the outcome of its review, they can confirm that they do act upon every message received.
On the subject of fraud, it has recently been revealed that 71m logins have been stolen with many of them being offered for sale in the murky region that is often referred to as “The Dark Net”. Unfortunately, your details may be amongst those stolen, and now being made available for sale. If you wish to check if your details have been hacked and put up for sale there is a site called Have I Been Pawned where you can search to see if your details are at risk. To search if your email address has been compromised visit https://haveibeenpawned.com and click enter. If you wish to search to determine if any of your passwords have been compromised enter: https://haveibeenpawned.com/Passwords
Follow the instructions on the site to see if your data is at risk. If it is, then the suggestion is that you change your passwords immediately. It is not so easy to change your email address, and in fact as email addresses are readily available, the fact that someone has yours is not in itself a security risk, after all we give out our email address to many different people and organisations. However, as an added security measure it is wise to use end-to end encryption for emails, for that added piece of mind. Also, if you do not us specialist password protection then you really should consider doing so as all the good ones provide password protection with a password generator that will produce complex passwords.
Windows.
The vast majority of users of personal computers (PC’S) run a version of windows as their operating system. Depending on how long you have been using computers you will have probably used a number of different versions of Windows with many peoples first encounter with the operating system beginning with Windows 95, often referred to as the first really user-friendly version. The current version of Windows is Windows 11, and there is talk that Windows 12 will be launched later this year, (2024).
There is a great deal of confusion about Windows, and just which versions Microsoft provide support to, and are therefore safe to use. The reality is the Microsoft are a business, and they exist to make money, so they are not only constantly updating all their software programmes, but reducing the period of time that they provide support to specific versions. The most important element of their support package is the issuing of security updates which help to keep the systems safe from hackers, and unauthorised use.
Once Microsoft stop supporting a specific version of their software, it does not immediately become unsafe, but over time the risks to those people who continue to use the software increases, but only if you use your computer to connect to the internet. If you use a computer that is not connected in any way to the internet then unless you plug in memory sticks that may be contaminated, then you are safe. If however, you do use the internet and if you are running an unsupported operating system then you really are at risk, and that risk increases over time.
Research, and Microsoft’s own figures, indicate that there are many millions of computers running Windows around the world and the main versions being run now are Windows 7, Windows 10 and Windows 11. Microsoft had stated that they would cease to support Windows 7 in 2021, but they later relented, due to the fact that there were still millions of computers running the system, but the support for Windows 7 is not free, and is really only available to large companies who have not upgraded to a later system. If you are using anything before Windows 10, (Windows Vista/XP/ 7/8/8.1 then these are not considered to be safe as they have not received any security updates for several years and are vulnerable to viruses and malware. Remember, this only applies if your computer is connected to the internet.
Microsoft now operate what they call their “Modern Lifecycle Policy” which effectively means that they will only support versions for a fixed period of time, after which they will not provide security, or system updates.
Windows 11 has not been as popular as Microsoft hoped, mainly it is believed because many older computers cannot run the system, and as a result Windows 10 is the most widely used operating system. However there are various versions of Windows 10, as it has been updated several times, and the only way to ensure that your system is fully protected is to make sure that you are running the latest version. The most up to date version of Windows 10 is Version 22H2 To find out which version you are running go to START-SETTINGS-SYSTEM-ABOUT the resulting page should show your version number. If it is not 22H2 then you should update it-it is free to do so. Go to START-SETTINGS-WINDOWS UPDATE-CHECK FOR UPDATES and follow the instructions. The system will tell you what version your are updating to.
Version 22H2 of Windows 10 will be supported by Microsoft until October 2025. If your are running Windows 10 and your computer will not upgrade to Windows 11, then it is likely that after October 2025, if you wish to remain safe online, then you may need to replace your computer with one that does run Windows 11, and in all likelihood by then, Windows 12.
There is an alternative to Windows. It is called LINUX and it is free. It will run on many older computers, and it is almost constantly being updated to keep it safe.
In my Autumn “Computer Corner” I will give more information on how to use download and use the LINUX Operating System.
GRAHAM MUMBY-CROFT
graham.mumbycroft@gmail.com