I received a call recently from a man claiming he was from TalkTalk to inform me that they had found errors on my phone line and they would help me fix the problem. It does sound quite convincing since the caller used my name. I let the caller proceed in which he asked me if I was sitting near my computer. I stopped him and explained that he was a scammer and then hung up. I am one of many people who have received these calls recently.
Unfortunately, many people fall victim to the scam because the caller will use the account holders name, address and account number, therefore trying to sound genuine. The scammer will then ask to put a code into your computer which will enable him or her to access your computer remotely. Here is a snippet from a Which? member where the scam cost him £5,000:
After accessing my PC remotely, he said I was entitled to a refund of £200 for the problems I’d had. Using remote access software, he directed me to my Santander online bank account, where it appeared that he had credited £5,000 into my account in error.
TalkTalk are reassuring people that no financial information was taken when customer details were stolen last year. Here is another snippet from the thisismoney.co.uk website:
Luckily, no sensitive financial information, such as bank account numbers, was taken in the latest TalkTalk scandal, but to a conman that does not matter. With convincing patter like this, they will be able to trick their way into the trust of many households.
That’s what happened to 62-year-old Graeme Smith in February. He was duped out of £2,815 by fraudsters who cold-called him and claimed to be from TalkTalk.
Graeme, a semi-retired HR consultant from Chester-le-Street, Co. Durham, was convinced there was a problem with his computer as he had been receiving a lot of spam email.
So when the fraudster called he thought it made sense. The conmen told Graeme they needed to solve a problem with his computer, but that TalkTalk would pay him £250 in compensation for the inconvenience he had suffered. A list of banks appeared on his screen and Graeme was told to select his own.
Somehow the fraudsters managed to get his bank, Santander, to send a password to Graeme’s mobile phone. He was then tricked into handing this over to the fraudsters, who used it to empty his account.
TalkTalk refuses to pay him compensation – though it did waive a £169 charge to leave his contract. Now Graeme plans to take them to court.
‘TalkTalk may not have handed my bank details to the fraudsters, but it’s their fault I was placed in that position at all,’ he says.
Graeme had no idea how the scammers got hold of his details, but he assumes that they were obtained from a previous data breach.
Similar scams where callers claim they are from BT-Internet or from Microsoft Windows are also common and people do fall for them. They claim that there is a problem with your computer and that they will fix it.
They ask you to enter a code into the computer, if you proceed, the scammer can see what is on your computer and even control it; that is a scary thought.
Here is another snippet from the thisismoney.co.uk website that explains how a scammer named David can gain remote access to a computer:
He [David] tells me the information he has about my computer comes from Microsoft Windows: ‘We have been informed by Microsoft that someone is trying to hack your computer.’
He directs me to turn it on and then gives me a series of instructions to get the ‘Start’ menu to pop up.
Things get confusing when I point out I don’t have the operating program Microsoft on my computer because I have an Apple Mac. (Apple uses a different operating system). David is quickly back on track, though, and gets me to open a website, http://www.support.me.
The screen is virtually blank apart from a square grey box in the middle. It says: Support Connection. And in the middle there is space to type in a six-digit code.
It all looks legitimate. But if you type in the code the person on the other end of the line can get access to your computer.
That means from anywhere in the world someone can see exactly what is happening on your screen. They can search through your files, download programs on to your computer to spy on what you’re doing and which keys you press if you do online banking, and put viruses on your computer that will render it useless.
Luckily, they can’t do this unless you give them access, and that can be done only by entering the code into the box. That’s what David wants me to do next.
‘When you bought the computer, there was a six-digit code provided to you. Can you input that code?’ David instructs me.
I rack my brain for the code. Of course, no code exists – it’s just another attempt to win my trust. Who would remember a code from a computer bought years ago?
He’s trying to lower my guard for the next bit when I tell him I can’t remember ever getting a code.
‘It doesn’t matter. I can provide you with one,’ says David – and he reads one out.
Here is a screenshot of the support me website mentioned above:
Once you enter a six digit code, the scammer can take control of your computer to read your files or install viruses or other malware; it is truly scary.
This scam comes under the term ‘Social Engineering’.
Social engineering can be elaborate and is generally highly convincing, with approaches usually made by somebody you trust or in authority. It is sometimes made more believable by snippets of information which the fraudsters already have about you.
Private individuals and businesses can both be victims of social engineering.
So what can you do to avoid being scammed:
Here are some tips from the Get Safe Online website:
- Never reveal personal or financial data including usernames, passwords, PINs, or ID numbers
- Be very careful that people or organisations to whom you are supplying payment card information are genuine, and then never reveal passwords. Remember that a bank or other reputable organisation will never ask you for your password via email or phone call.
- If you receive a phone call requesting confidential information, verify it is authentic by asking for a full and correct spelling of the person’s name and a call back number.
- If you are asked by a caller to cut off the call and phone your bank or card provider, call the number on your bank statement or other document from your bank – or on the back of your card – but be sure to use another phone from the one you received the call on. If you cannot access another phone, be sure to hang up for at least five minutes before you dial out, or call a friend (whose voice you recognise) before making another call.
- Do not open email attachments from unknown sources.
- Do not readily click on links in emails from unknown sources. Instead, roll your mouse pointer over the link to reveal its true destination, displayed in the bottom left corner of your screen. Beware if this is different from what is displayed in the text of the link from the email.
- Do not attach external storage devices or insert CD-ROMs/DVD-ROMs into your computer if you are not certain of the source, or just because you are curious about their contents.