Take this email for example shown here. Many people would worry and click the link to ensure their information is correct but stop and analyse the message for a while.
Here's some things to look for in this message:
- 'Update Your Account .' - The subject would be more meaningful and would contain a grammatical error such as the space before the full stop, in fact, most subjects contain no punctuation
- 'Dear Client' - If this was from PayPal, it would have your name, they know who you are
- 'Please click on the following link to Confirm It:' - Again, look at the grammar, you would not see a capital 'C' on the Confirm or an 'I' on the It, this who sentence is badly formed
- 'Account Informations' - Plural, bad English, another sign
- Upper Case On Every Word - This just would not happen
- If that was not enough, check the link before you click it. Hover over it to display where it will take you, in this instance it is clearly not PayPal:
I have had a new customer come to me today with the same hoax as a member of my own family fell for recently albeit it the companies were different.
A phone call will come in (and in the case of my family member) they will perport to be calling from TalkTalk and claim they have been made aware of issues with the internet. They will then talk you through some steps to 'scan' your PC and make sure everything is OK.
What is actually happening at this point is your machine is being scanned for banking information and other identifiable information. Fortunately, I received a call from my family member at this point and we averted disaster, however the customer who approached me today did not. She was called by 'Virgin', being a customer of theirs she believed there was a problem so let them do their scan.
The call was polite, they even had a conversation about my customer's parents, going to church and other intimate information which lulled her into a false sense of security. The call was concluded but shortly afterward, someone called from 'Nationwide' and verified their authenticity by providing information about my customer's online banking username and other information which had been previously 'mined' from their computer on the earlier phone call.
After this point, the customer ended up losing a substantial amount of money having been fooled by the hoax after they obtained the private information just to use against her later.
If you ever receive a phone call from anyone who wishes to look at your machine, put the phone down instantly. If you cannot be certain that the bank has called you, call them back. Wait 30 minutes and ensure you hear the dial tone before dialling. Scammers will keep the line active and fool you into thinking you have made an outgoing call whereas in fact, they never dropped the line.
If you are pulled into a scam and you are not sure it is genuine like with my family member, switch off the PC instantly at the wall, do not worry about shutting it down correctly. It is also important to switch off your router and wait at least 30 minutes before switching back on again. By switching off the PC, it will abort any scan in progress. By shutting down your router, you will ensure you get a new IP address (the number which hackers use to get into your machine) the next time you switch it on. If this happens, phone a PC technician immediately and avoid using the machine.
The best course of action if you have allowed them access is to have your machine wiped to ensure all traces of the remote access software has been removed. You must also never store passwords or banking details on your machine.
Never tick the box which says 'remember my internet banking username on this pc' and if you do store information on your machine, store it in a file in a format only you will understand and with a filename that is not obvious such as 'password list'.
If you have any queries, please visit email us to get in touch and I hope this email has been helpful, you cannot be too careful and I care a lot about my customers and wanted you to be aware of this new and sinister twist to this phone scam!