Simple Steps to Online Security
Updated: Jul 9
By Howard Elsey
The Hub presents the latest blog by regular contributor Howard Elsey, a warning to anyone tempted to click on a link in one of those random texts and emails we get bombarded with. Clue: Don't! And if you're still not sure, read on to a real life example experienced by The Hub. Don't say you weren't warned!
Beware Unsolicited Messages
Many of us are technically savvy and some of us are cynical but the world of technology is changing fast and with it, the way things work. New situations arise which unsettles the status quo, on a personal level or for society as a whole. So changes are frequent and come alongside a busy life.
On iPads and tablets, computers and phones, we are receiving more and more information each day. We can all take changes in our stride but on a really busy day, when we are strapped for time, they can also catch us off our guard.
You may receive a communication out of the blue i.e. text, phone call or email, it doesn't matter the media, care and caution is always needed!
For example, a message or communication may appear to come from the right phone number for a text or call, e.g. for your bank's call centre. But it is easy for fraudsters to "spoof" or fake the phone number. The result is the number the text or call is coming from, is very different to the one your phone presents or displays to you.
Banks Don’t Text You
The rule here is to remember it is highly UN-likely your bank or building society will call or text you. Probably the only time a bank will text you is during an automated process, such as to verify it is you, as may happen when you buy something online and you are going through the payment process.
Equally as easy for fraudsters, is to spoof the address of an email sender so it appears to come from the right internet address or name of the company. If, for example, you receive an email and the sender appears to be, for say, a Medical Appointment, don't assume it to be genuine.
Check the email address behind that "name." How that is done is different depending on the email system you are using. Some will show you the address alongside the given name. For others you may have to click on the given name to see the email address. The important part to check is that last part, usually the name of the organisation, which comes after the sender.
A quick aside: an email address consists of four parts:
a mail box which is often to a specific person or group of people, such as johnsmith or info.
@ which simply signifies the end of the mail box address and the beginning of the company or organisation name.
The internet name is technically the domain name.
The bit at the end (or file extension) may be several things like .com, .us, .co.uk, .gov.
This last part should signify the type of organisation such as commercial, government etc. This domain name has to be registered with specific directory holders who then ensure the name is recognised on the internet.
All Domain Names Are Not Equal
Care has to be taken to look carefully at the domain name. A fraudster can register a domain name which looks like the authentic one but has small or subtle differences.
Examples might be https://www.gov.uk/ and https://www.gov.com/ - where there's a simple difference in the file extension. These are both authentic sites but imagine if one was made as copy of the other? Would it become difficult to know which is the real one?
Another way of trying to fool you might be https://secure.uk/govuk. The actual domain is secure.uk and not the whole thing. It is easy to make the spelling look like a real one on a quick glance so www.amazon.com becomes www.amazan.com or www.amazn.com.
In our busy lives it's easy to glance and not see that small difference which may have a big cost. Care and caution are needed. Caution is particularly needed should you receive a text or email and it has links (such as "click here" ) or attachments.
The simple rule here is Don't:
Don't click on any link
Don't download any attachment (usually an invoice, statement or proof of delivery)
Don't do anything else except delete the text or email
If You’re Not Sure: Delete or Check
There is one "exception". If you think a communication is from someone you know or trust, contact the sender by another means. If you received a text, send them an email. Check and ask if they really did send it.
If they received the message from someone else and simply forwarded it, you still need to be cautious. They may have not yet seen the effects of say, a virus or trojan (and if you don't know what they are, all you need to know is you don't want them on your computer).
Some people may receive a monthly email to confirm their pay has been deposited in their bank. The bad lads know these repetitive emails come from trusted sources so they are an obvious vector for fraud. Instead of using links in the email perhaps it might be better to check the transactions going through your account by using your bank's app?
So what else can you do if you can't click on links in messages? In the case of, for example, your insurance company, go to the official website. Don't use the web address from the email or message and if you are unsure search for it.
All-in-all this doesn't paint a good picture. But that's the reality. Fraud emails are sent in their millions. False websites can be very realistic. The wording in fraud emails is clever and can read like the real thing. That is because the authors are professional con artists who make a living out of conning people out of money. So take care, be vigilant and double check to stay out of the net of the swindlers.
If you are ever in doubt, hesitate and if you know someone that knows more than you – ask them.
Howard Elsey is an innovation practitioner, start-up advisor and mentor and a consultant and interim in payments and data privacy.
A Recent Example: Not DPD! But RoyalMail?
The Hub has personal experience of these fraudsters at work. A couple of “Sorry we missed you, to book your re-delivery visit:” texts arrived recently. Being busy and expecting a new pair of ear buds for Father’s Day, he meant to click on the link when he had a moment. But something made him check with Mrs. Hub first. Luckily!
She apologised, saying the buds were already in the house but hadn’t got round to giving them. She added: “It’s obviously one of those fraud texts, delete it immediately.”
Here is the text in full, apparently from the well-known delivery company DPD. But apparently not! If you see anything like this check or delete immediately:
From: +44 7983 384657
DPD: Sorry we missed you, to book your re-delivery visit: https://dpd.item-tracking.com
The challenge here is Royal Mail does send texts. The Hub receives regular medication to his home from an online pharmacy. This makes life simpler and is an obvious health benefit in the Covid era.
Looking past the "DPD" fraud text, The Hub found this text from The Royal Mail:
Your parcel from online pharmacy is due today between 08:39am and 12;39pm. Not going to be in? Track it at https://ryml.me/?WL6836630184GB&h4fli1-ZOwU
So who to trust?! It’s not easy!
Regardless, The Hub is still waiting for his new buds…