News that Facebook has been hacked could lead to a surge in phishing attacks. Here are some of the most common scams and how to avoid them.
Sections
50 million Facebook accounts hacked
Up to 50 million Facebook accounts were hacked last week, in the latest of a series of cyber-attacks to hit major companies.
Facebook says they have fixed the flaw and that no credit card information was taken.
However, the Government's National Cyber Security Centre warns that users could still be tricked by follow-up phishing attacks:
“There is no evidence that people have to take action such as changing their passwords or deleting their profiles. However, users should be particularly vigilant to possible phishing attacks, as if data has been accessed it could be used to make scam messages more credible.”
According to the Centre, scammers could make emails look particularly convincing by using details taken during the Facebook hack, such as the user's name or date of birth. These emails could ask for personal details that give scammers access to victims' bank accounts.
Facebook has taken the precautionary step of requiring 90 million losers to log back into to their account and smartphone Facebook app, but you should be wary of any emails or phone calls purporting to be from the company.
In the rest of this article, we look at how to stay safe online in general, including how to spot a phishing scam and the other ways criminals try to get your information.
Phishing
Identity theft
When a scammer steals vital details from you like your full name, your address or your date of birth, they can use it to commit identity fraud.
They might try and open bank accounts and credit cards, order goods or get a mortgage in your name.
Often the first sign of your identity being stolen is when you receive a bill for an item you didn’t order or letter from debt collectors for debts you didn't know you had.
Stay safe: Don’t throw out anything with your name, address or other vital details without shredding it first. Check your bank statements and credit report regularly for signs of unusual goings on.
Read Identity theft: what to do if you fall victim to ID fraud for more.
Email hacking
Email hacking involves emails between a buyer and a seller, commonly a homebuyer and their estate agent.
In short, a hacker will follow a thread of emails, waiting for word of a payment being made. The hacker will then email the buyer posing as the seller and say that the bank details of the company have changed, sending the buyer the details of their own account.
The victim puts their money into the account and the fraudster is never heard from again.
We’ve written about these a few times in the past. Check out Homebuyers beware: this hack and scam email fraud could cost you your next home for more info.
Stay safe: First of all, watch out for a change in language or tone in emails. If it suddenly becomes more aggressive or pressurising, be suspicious.
Before you make any payments, give the recipient a call just to confirm that the message was from them and that the details you have are still correct. Only transfer a small amount of money to begin with, just to make sure the payment clears and it has gone to the right person.
Keylogging
A keylogger is a piece of software or hardware that captures everything you type so it can pick up your messages, logins, passwords and other valuable details.
It can be combined with other monitoring software which is even more dangerous. For example, keylogging can be combined with a history tracker so the scammer will know who you bank with and can use your details to swipe your cash.
Most keyloggers are installed by malware that could come from dodgy emails or even from someone who has access to your machine and wants to spy on you.
The software typically runs in the background so that it goes unnoticed. It can also be set to monitor specific patterns like sequences of numbers (these could be credit card numbers) and then put them on a database.
Stay safe: The best piece of advice is not to click on any suspicious links from people unless you’re 100% sure what they are.
For extra security, use a password manager. Keyloggers often go on raw information in the form of keystrokes. However, they can’t log information which isn’t typed, so forms that fill in automatically are well guarded against keyloggers.Password managers will also change your passwords frequently without you having to type anything.
Read our guide on Password managers: the best free and premium services on Android, iOS and PC to get started.
Ransomware
Holiday fraud
Holiday fraud is everyone’s worst nightmare: you’ve booked your essentials, your bags are packed and you’re on your way to your destination. However, once you get there, you find that your accommodation doesn’t exist.
Read: Holiday villa scam - how to stay safe
Stay safe: To avoid this horrible scam, book through a tour operator as it will be responsible for your booking.
Check whether or not the holiday company you go with is registered with ABTA. Not only does this prove that they’re legitimate, but you’ll get more protection if the company goes bust.
Never pay for your holiday by cash or bank transfer. Pay by credit card if you can – you’ll get extra protection from your credit card provider should something go wrong. You’ll be covered under Section 75 of the Consumer Credit Act.
And as ever, don’t respond to unsolicited communications promising unrealistically low prices.
Advance fee fraud
General tips
As well as the above, considering a few things will help you to avoid the scammers altogether.
Banks, building societies and other companies will never ask for your details through email or over the phone. If you’re unsure about the validity of a caller, say you’ll ring them back and then call your bank on a number you trust. Check with them if the call was legitimate.
Keep your personal information close. Never give out your card details, PINs, address or other important info unless you absolutely know and trust the recipient.
If you receive anything suspicious, report it to Action Fraud.
Check your credit report with loveMONEY