While not as popular as email scams, phone and text scams are still pretty common. We’ll have a look at some of the ways scammers try to target their victims – and how to protect yourself.
SMS or Text messages are used by many businesses and organisations for keeping in contact with their clients or users, especially for those who may not have regular access to the internet, or not be very comfortable with a desktop computer. They’re also used as two-factor security in some cases (i.e., to send a single-use code to verify someone’s identity.)
Receiving a text message from an unknown number is not uncommon in 2020; scammers exploit this knowledge and people’s anxieties over official-sounding messages. Many text scammers follow a similar pattern to email scams, except they’re usually in a shorter format.
A text from a random number, allegedly from the victim’s Bank, Doctor or a government department such as the HMRC, tells the victim to either call a number of visit a URL which redirects the user to a fake website to “verify” their details – URLs in this format are often shortened using a URL-shortening service such as goo.gl or bit.ly – the content of links is not usually checked or verified by these kinds of services, so again, it relies on the trust people have, for example, in Google.
As with other types of scam – be very wary of any random text messages you receive, especially if they ask you specifically to call a number or click a link. If in doubt, delete or ignore the message and use a standard method to contact them directly – such as a phone number from their official website or from a verified document.
These kinds of scams normally target older people or those less confident with technology. The victim receives a phone call, again supposedly from a bank, doctor, government department, utilities provider, or, in some cases, Microsoft or another technology company – or even tech support from the organisation you work for.
Bank, government, utility or medical scams often ask the victim to “confirm” personal details because of a “security issue”, make a payment or provide their password. Most companies will never ask you to verify personal information over the phone if you’re not expecting a call, especially banks.
In the case of technology company scams, which are particularly common at the moment, the victim is told that their computer or account has an issue and that they need to download a program (usually a trojan that gives the scammers access to the victim’s computer, or ransomware that locks the user’s files and will not release them unless they pay a fee) or that they need to make a payment in order to resolve issues.
Microsoft, Google and many other technology companies hardly ever actually make phone calls to users – they’re much more likely to send emails or a notification to your desktop computer or inside the software in question.
If you’re unsure or the call is from a number you don’t recognise, hang up. Wait for a while and call them on a number from a genuine letter or their website. In the case that the call was genuine – don’t worry. No reasonable customer service or tech support department should be upset by their clients or users taking extra security precautions!
Next week we’ll be looking into what you should do if you think you’ve been a victim of a scam – look out for it!