Cyber security is a concern for everyone and we’re all learning to be wary of the tactics employed by keyboard criminals.
But it’s one thing to have heard about illegal activities and quite another to understand baffling terms and confusing security advice. How do you know when you’re the victim of phishing and what should you do if you’ve taken the bait? Think you’d recognise a rogue website? Unfortunately the scams are becoming more sophisticated and harder to detect.
For Safer Internet Day (February 6), a team from the University of Portsmouth has issued some practical advice on the more common and current threats facing consumers online. The message from the University’s Cybercrime Awareness Clinic is “take basic precautions but don’t panic”.
It is important to avoid feeling overwhelmed, as we can take basic steps to protect ourselves online, and to not blame yourself if you are caught out.
Clinic Deputy Director Dr Lisa Sugiura said: “It is important to avoid feeling overwhelmed, as we can take basic steps to protect ourselves online, and to not blame yourself if you are caught out.”
From Monday February 5, the Cybercrime Awareness Clinic is offering a free Monday afternoon advice service on how to protect yourself and your organisation from cybercrime.
Meanwhile, if you want to avoid being caught out by scams, Dr Sugiura suggests taking the following action.
Scam emails
Scam emails are fraudulent unsolicited emails that criminals – usually posing as a legitimate company – send in order to try and gain access to your computer, your information and your money. These are also referred to as phishing because fraudsters are attempting to lure unsuspecting people into opening attachments or clicking links with malicious software.
There are some things we can do to protect ourselves:
- Recognise the key characteristics of email scams: impersonal greetings, poor spelling and grammar, a sense of urgency, request for personal information – legitimate companies and banks do not ask for this via email.
- Check the legitimacy of the address by hovering over the from email address to see if anything is hidden – the real address might be masked behind something that seems authentic.
- Don’t open strange emails – delete them straight away.
- Set up a block or filter for any junk/spam mail in your email accounts.
- Have the 2-step verification for your email, which requires you to not only type in your password but also a code that has been sent your phone, when logging into your email using new devices.
If you do receive a scam email, there are some points to remember:
- Do not click on any links or open any attachments.
- Do not reply to the email or try to contact the senders.
- If you have clicked on a link in the email do not supply any information on the website that may open.
- Scan your computer with an antivirus programme – some can not only detect problems but can also remove them. If your computer has lots of pop-up ads – especially when your browser isn’t open, then this indicates your computer has been compromised. You can also check your sent folder in your emails to see if there are any emails you don’t remember sending – this could indicate that your account has been hacked with a virus.
If you think you have compromised the safety of your emails, bank, personal details and computer:
- change the password immediately
- contact your bank
- system restore (hopefully you have a backup of the computer)
- report to Action Fraud
- call the non-emergency number 101 for advice, if you need to
Rogue websites
Rogue websites are malicious domains, IP addresses and links that are presented as legitimate. They are often shopping sites which pose security threats for internet users. Rogue websites can collect sensitive information from users such as login IDs, password and bank details.
There are some things we can do to protect ourselves:
- Recognise the key characteristics of rogue websites – offers that are too good to be true, requests to pay by bank transfer, spelling and grammatical errors on the site, no returns policy or valid contact information.
- Check the padlock that comes before the website address and the address itself – strange domain names should be treated with caution, as should domains that end in .net or .org as these are rarely used for online shopping
- Parents should keep up to date with websites that offer unapproved access to copyrighted content such as music, films and video games that can appeal to children. Such use can lead to copyright infringement and prosecution. Furthermore these sites are usually laden with viruses and malware, and are often used to steal email addresses and passwords.
However, some things are out of our control; for example our personal information is also stored by companies online, and this can be leaked via data breaches, without our knowledge. Nevertheless you can check to see if our email has been compromised by putting your details into www.haveibeenpwned.com, which is approved by law enforcement. If your email is on there you should change your password immediately.
If you think you have visited a rogue website:
- check for any compromises and scan your computer with an antivirus programme;
- contact your bank if you have provided any of your financial details;
- report to Trading Standards or Action Fraud – also Google now has a form to report trademark complaints.
- clear your browsing history so you don’t visit the site again;
- call the non-emergency number 101 for advice, if needed.
University of Portsmouth Cybercrime Awareness Clinic
For a free advice session, booking is required in advance. Email cyber-awareness@port.ac.uk or call +44 (0)23 9284 3062. Visit the clinic page.