Tag: online safety

Online giants failing to remove online scam adverts, says Which?

Google and Facebook are failing to take action to remove online scam adverts even after fraud victims report them, raising concerns that the reactive approach to fraudulent content taken by online platforms is not fit for purpose, Which? research has revealed. 

The consumer champion’s survey found that a third (34%) of victims who reported an advert that led to a scam on Google said the advert was not taken down by the search engine, while a quarter (26%) of victims who reported an advert on Facebook that resulted in them being scammed said the advert was not removed by the social media site.

Which? believes that the significant flaws with the current reactive approaches taken to tackling online scams makes a clear case for online platforms to be given legal responsibility for preventing fake and fraudulent adverts from appearing on their sites.

Which? is calling for the government to take the opportunity to include content that leads to online scams in the scope of its proposed Online Safety Bill.

Of those who said they had fallen victim to a scam as a result of an advert on a search engine or social media, a quarter (27%) said they’d fallen for a fraudulent advert they saw on Facebook and one in five (19%) said a scam targeted them through Google adverts. Three per cent said they’d been tricked by an advert on Twitter.

The survey also highlighted low levels of engagement with the scam reporting processes on online platforms. Two in five (43%) scam victims conned by an advert they saw online, via a search engine or social media ad, said they did not report the scam to the platform hosting it.

The biggest reason for not reporting adverts that caused a scam to Facebook was that victims didn’t think the platform would do anything about it or take it down – this was the response from nearly a third (31%) of victims.

For Google, the main reason for not reporting the scam ad was that the victim didn’t know how to do so – this applied to a third (32%) of victims. This backs up the experience of Which?’s researchers who similarly found it was not immediately clear how to report fraudulent content to Google, and when they did it involved navigating five complex pages of information.

Worryingly, over half (51%) of 1,800 search engine users Which? surveyed said they did not know how to report suspicious ads that appear in their search listings, while over a third (35%) of 1,600 social media users said they didn’t know how to report a suspicious advert seen on social media channels

Another issue identified by victims that Which? has spoken to is that even if fake and fraudulent adverts are successfully taken down they often pop up again under different names.

One scam victim, Stefan Johansson, who lost £30.50, told Which? he had repeatedly reported a scam retailer operating under the names ‘Swanbrooch’ and ‘Omerga’ to Facebook.

He believes the social media site has a ‘scattergun’ approach to removing the ads and says that a week rarely goes by when he doesn’t spot dodgy ads in his newsfeed, posted by what he suspects are unscrupulous companies.

Another victim, Mandy, told Which? she was tricked by a fake Clarks ‘clearance sale’ advert she saw on Facebook. She paid £85 for two pairs of boots, but instead she received a large box containing a pair of cheap sunglasses.

‘I’ve had a lot of back and forth with my bank over the past six months, trying to prove that I didn’t receive what I ordered,’ Mandy said. Facebook has since removed this advert and the advertiser’s account.

The tech giants make significant profits from adverts, including ones that lead to scams. These companies have some of the most sophisticated technology in the world but the evidence suggests they are failing to use it to prevent scammers from abusing the platforms by using fake and fraudulent content on an industrial scale to target victims.

The combination of inaction from online platforms when scam ads are reported, low reporting levels by scam victims, and the ease with which advertisers can post new fraudulent adverts even after the original ad has been removed, suggests that online platforms need to take a far more proactive approach to prevent fraudulent content from reaching potential victims in the first place.

Consumers should also sign up to Which?’s scam alert service in order to familiarise themselves with some of the latest tactics used by fraudsters, particularly given the explosion of scams since the coronavirus crisis.

The consumer champion has also launched a Scam Sharing tool to help it gather evidence in its work to protect consumers from fraud. The tool has received more than 2,500 reports since it went live three weeks ago.

Adam French, Consumer Rights Expert at Which?, said: “Our latest research has exposed significant flaws with the reactive approach taken by tech giants including Google and Facebook in response to the reporting of fraudulent content – leaving victims worryingly exposed to scams.

“Which? has launched a free scam alert service to help consumers familiarise themselves with the latest tactics used by fraudsters, but there is no doubt that tech giants, regulators and the government need to go to greater lengths to prevent scams from flourishing.

“Online platforms must be given a legal responsibility to identify, remove and prevent fake and fraudulent content on their sites. The case for including scams in the Online Safety Bill is overwhelming and the government needs to act now.”

Google responded: “We’re constantly reviewing ads, sites and accounts to ensure they comply with our policies. As a result of our enforcement actions (proactive and reactive), our team blocked or removed over 3.1 billion ads for violating our policies.

“As part of the various ways we are tackling bad ads, we also encourage people to flag bad actors they’re seeing via our support tool where you can report bad ads directly. It can easily be found on Search when looking for “How to report bad ads on Google” and filling out the necessary information. It is simple for consumers to provide the required information for the Google ads team to act accordingly.

“We take action on potentially bad ads reported to us and these complaints are always manually reviewed.”

“We have strict policies that govern the kinds of ads that we allow to run on our platform. We enforce those policies vigorously, and if we find ads that are in violation we remove them. We utilize a mix of automated systems and human review to enforce our policies.”

A spokesperson for Facebook responded: “Fraudulent activity is not allowed on Facebook and we have taken action on a number of pages reported to us by Which?.

“Our 35,000 strong team of safety and security experts work alongside sophisticated AI to proactively identify and remove this content, and we urge people to report any suspicious activity to us. Our teams disable billions of fake accounts every year and we have donated £3 million to Citizens Advice to deliver a UK Scam Action Programme.”

A Twitter spokesperson said: “Where we identify violations of our rules, we take robust enforcement action.

“We’re constantly adapting to bad actors’ evolving methods, and we will continue to iterate and improve upon our policies as the industry evolves.”

To sign up to Which?’s scam alert service visit: www.which.co.uk/scamalerts

Shopping: stay safe online

Some security advice to help protect British shoppers against cyber-crime has been released as we head online for the basics:

Internet shopping specialists from NetVoucherCodes.co.uk have revealed their 13 top tips to help UK consumers stay safe when shopping on the web in the wake of the coronavirus pandemic.

From using a credit card and keeping software up to date, to writing down complicated passwords and making up answers to security questions, online shoppers could avoid becoming a cyber criminal’s next victim by following the guidance.

A spokesperson for NetVoucherCodes.co.uk said: “With more and more Britons heading online to shop for the essentials, it’s important to take online security even more seriously.

“Browsing the web can be a security minefield for consumers – a computer virus, hacker or fraud could be just one click away.

“So to help Brits shop online with greater peace of mind, we’ve revealed the different measures you can take to stay safe when buying something on the internet.”

Here is the NetVoucherCodes.co.uk advice:

1. Use a credit card

If you purchase online using a debit card and it turns out to be a scam there’s usually no way to retrieve your money, but fraudulent charges must be reimbursed by credit card companies.

Check your statements regularly, just in case a purchase you didn’t make gets through the card provider’s safety net and you need to dispute it. This could also help if a purchase is shows up different to what you ordered, damaged or doesn’t arrive at all.

2. Make up security answers

When creating an account with online shopping sites, you might be asked to set up password reset security questions to confirm your identity.

Rather than entering the real town you were born in or mother’s maiden name, enter false answers and write them down if you can’t remember. This makes it much harder for cyber criminals who might be trying to gather information on you.

3. Only fill out required fields

 Don’t offer up any more personal information that is necessary to complete an online purchase.

The required fields are usually starred or highlighted when checking out – it’s usually wise to leave the rest blank.

4. Never save information 

Allowing even the most reputable of websites to store your payment or address information is unnecessary.

Don’t say yes when your browser suggests saving any passwords either and always log out when you’ve finished shopping.

5. Change passwords often

 Regularly change between complicated, hard to guess, alphanumeric passwords that also contain symbols, even if you have to write them all down somewhere secure at home. Keep them different for each site you use too.

Using the same, simple but memorable password for every website for years, such as a pet’s name, is asking for trouble when online shopping.

6. Look for security indicators

A web address (or URL) that begins with ‘HTTPS’ are secure – those without the ‘S’, ‘HTTP’, may not be.

Other signs of shopping site security to look out for could include a closed padlock or complete key, possibly green, alongside the URL, next to the search bar or elsewhere around the screen. 

7. Avoid public Wi-Fi

 Entering personal information such as credit card details, passwords or home address while using free public Wi-Fi hotspots is dangerous as your data won’t be protected by encryption and could vulnerable to hackers.

8. Update your computer

Using an older version of a popular internet browser, operating system or anti-virus software on your computer means that you’ll be missing out on important security updates, which could leave you exposed when browsing the web.

9. Be extra careful on mobiles 

Most mobile phones won’t have the same level of anti-virus protection as laptop or desktop computers so extra vigilance is required, particularly around shortened mobile-friendly URLs.

Mobile devices are also more likely to be stolen, so make sure any payment details are passcode or fingerprint protected.

10. Avoid email links

 Rather than clicking on potentially suspect links to shopping sites that you see on social media, other websites or in emails, search for the website yourself.

This helps to make sure you browse the authentic site. If you’re getting a lot of spam emails, consider setting up a dedicated online shopping only email address.

11. Leave badly designed websites

If a shopping site appears to be out of date, has a strange URL, comes with lots of pop ups, or is dominated by cheap, irrelevant or overseas adverts, the page could be dodgy and worth exiting before it’s too late.

12. Research and read reviews

When considering spending on a new site that you haven’t used before, it can be useful to browse forums and social media to see what experience others have had of shopping there.

If you can find a real physical address and verifiable contact details for the company you intend to make a purchase from, they’re probably legitimate. 

13. Trust your instincts

 Just as you would when shopping on the high street, if you feel like a website is requesting too much personal information or could harm your computer with viruses, close it.

If in any doubt, stick to shopping with sites you know and trust.

Remember, if a deal looks too good to be true, it probably is.

Which? – Coronavirus email and text phishing scams

Phishing and smishing emails and SMS messages are already being sent out to trap the unwary into giving up login details.

One we’ve seen is an email that claims to come from the World Health Organization. It’s short and sweet, asking that you click on a link to what it says is a PDF offering advice on how to stay safe during the outbreak.

Security firm Sophos has a detailed breakdown of what happens if you click on that link, but broadly it shows you a pop-up in front of what looks like the WHO’s actual website asking you to input your email address and password so that you can receive the non-existent PDF.

Other phishing emails and SMS messages (known as ‘smishing’ texts) are also doing the rounds: Action Fraud has warned that emails purporting to be from organisations including the US Centers for Disease Control and the WHO are being sent with the aim of tricking you into opening malicious attachments or giving away your passwords.

The latest email and text phishing scams:

Fake lockdown fines

People have been warned not to fall for a bogus text message saying they have been fined for stepping outside during the coronavirus lockdown. The scam message claims to be from the Government, telling the recipient their movements have been monitored through their phone and they must pay a fine or face a more severe penalty.

HMRC goodwill payment 

The MET police are warning of a fake message designed to steal your account details that says ‘As part of the NHS promise to battle the COV-19 virus, HMRC has issued a payment of £258 as a goodwill payment’.

Free school meals 

The Department for Education has issued warnings about a scam email designed to steal your bank details saying: ‘As schools will be closing, if you’re entitled to free school meals, please send your bank details and we’ll make sure you’re supported.’

Conspiracy theories and misinformation

Another email we’ve seen is full of doom-laden warnings that ‘There is no vaccine for coronavirus’ and that ‘the US government, like the Chinese government, isn’t telling us the truth about how many are infected’. That email is full of links. While we’ve only seen screenshots of this, it seems likely that these links will lead you to either phishing sites or, worse, sites that can infect your computer with malware.

Sophos has also reported on emails that – for now – are targeting Italian email addresses and which include a Word document that purports to offer guidelines for preventing infection, but which in fact harbours a malicious script that infects Windows computers with a banking Trojan, i.e. malware that aims to steal online banking credentials.

So watch out for emails that include attachments.

Read the Which? guide on how to spot a phishing scam for more information:

Read more: https://www.which.co.uk/news/2020/03/coronavirus-scams-how-to-spot-them-and-stop-them/

 

Facebook not safe for kids, says charity poll

  • Poll shows majority of adults believe Facebook is failing in its duty of care to protect children
  •  Three out of four don’t think Facebook is safe for children
  • NSPCC urges Facebook to rethink encryption plans or face tough sanctions from new regulator

The NSPCC has slammed Facebook’s encryption plans after three out of four adults polled in Scotland said they didn’t think the site was safe for children.

Out of 180 adults in Scotland, just one in five (22%) said the tech giant took the safety of children using the site seriously and two thirds (66%) believed the platform was failing in its duty of care to protect children.

The results for Scotland were similar to those of the whole Great Britain sample, which consisted of 2,070 adults.

The claims came in an NSPCC/ Savanta ComRes poll following the tech giant’s announcement that they will encrypt messages on Facebook and Instagram.

The charity previously revealed that one in 25 young people (11 to 17 year olds) who used Facebook or Facebook Messenger had sent, received or been asked to send sexual content to an adult.

It is now warning the tech giant not to create hiding places for abusers by pressing ahead with encryption plans that don’t have strong safeguards in place.

Facebook CEO Mark Zuckerberg, who admitted that his plans would protect the “privacy of people doing bad things”, has failed to give any clear answers in how he intends to stop groomers preying on children on his site.

The NSPCC is calling for supporters to sign an open letter to Facebook demanding they put children first as part of its Wild West Web campaign.

Andy Burrows, NSPCC head of child safety online policy, said: “Facebook has been called out for its abject failure to make their platforms safe, yet their encryption plans will give offenders a free pass to abuse children while they look the other way.

“This cavalier approach risks creating a one stop grooming shop if Facebook don’t include strong safeguards that protect children in their encryption plan.

“Boris Johnson must make it clear that upcoming regulation will force Facebook to guarantee children’s safety on its messaging services or be hit hard in the pocket for failing in its duty of care.”

The NSPCC is calling for:

  • No end-to-end encryption for messages going to or coming from children’s accounts on Facebook apps
  • Adults accounts not to be encrypted until and unless Facebook has solutions to ensure child abuse can be detected and that children safety won’t be compromised
  • The Government to push ahead with introducing an independent Duty of Care regulator to keep children safe online
  • The Government to warn Facebook that encryption breaches the incoming Duty of Care and pressing ahead will mean tough consequences

Parents more concerned about their children online

More parents than ever feel children’s online use now carries more risks than benefits, according to Ofcom’s latest research into children’s media and online lives.

Ofcom’s Children’s Media Use and Attitudes report 2019 is based on around 3,500 interviews with children and parents. Children’s Media Lives is a qualitative report looking at how children aged eight to 18 think about and use digital media.

Parents and carers are becoming more likely to trust their children with greater digital independence at a younger age. But far fewer believe the benefits of their child being online outweigh the risks than five years ago. And around two million parents now feel the internet does their children more harm than good.

This comes as children are now more likely to see hateful content online. Half of 12-15s who go online had seen hateful content in the last year, up from a third in 2016.

Parents are increasingly concerned about their child seeing something online which might encourage them to harm themselves. Similarly, two gaming-related problems are increasingly concerning parents: the pressure on their child to make in-game purchases of things like ‘loot boxes’, a virtual item containing rewards; and the possibility of their child being bullied via online games.

However, parents are now more likely than in 2018 to speak to their children about staying safe online, and are nearly twice as likely to go online themselves for support and information about keeping their children safe.

Influencers, online activism and girl gamers

Looking at what today’s children are doing online, Ofcom uncovered three big trends over the past year.

18% of 12-15 year olds use social media to support causes and organisations by sharing or commenting on posts, up from 12% in 2018.

  • The ‘Greta effect’. There is increased online social activism among children. Almost a fifth of 12-15s use social media to express support for causes and organisations by sharing or commenting on posts. One in 10 signed petitions on social media.
  • Rise of the ‘vlogger next door’. While high-profile YouTube stars remain popular, children are now increasingly drawn to so-called ‘micro’ or ‘nano’ influencers. These often have fewer followers, but might be local to a child’s area or share a niche interest.
  • Girl gamers on the increase. Almost half of girls aged five to 15 now play games online – up from 39% in 2018. The proportion of boy gamers is unchanged at 71%, but boys spend twice as long playing online each week as girls.

The proportion of 12-15 year olds who have a social media profile on Facebook (69%), Snapchat (68%), Instagram (66%), WhatsApp (62%), YouTube (47%), Pinterest (13%), TikTok (13%) and Twitch (5%).

Social Media use more fragmented

Older children are using a wider range of social media platforms than ever before. WhatsApp in particular has grown in popularity among 12-15 year-olds since last year, despite having a minimum age limit of 16.

WhatsApp is now used by almost two thirds of older children – up from 43% in 2018. For the first time, it rivals Facebook, Snapchat and Instagram as one of the top social media platforms for older children.

Newer platforms are also becoming more popular. Around one in seven older children use TikTok, which enables users to create and upload lip-sync, comedy and talent videos, while one in 20 older children uses Twitch, a live streaming platform for gamers.

Children’s viewing habits are changing radically too. Almost twice as many children watch streaming content than they did five years ago.

In 2019, fewer children watched traditional broadcast TV than streaming content, with a quarter not watching it at all.

But YouTube is as popular as ever, remaining children’s firm favourite for video ahead of Netflix, Amazon Prime, the BBC and ITV.

The age of digital independence

50% of 10 year-olds own a smartphone in 2019, up from 30% in 2015.

When it comes to going online, children are most likely to use a tablet but mobiles are becoming increasingly popular and children are now as likely to use a mobile as they are a laptop.

This move to mobile is being driven by older children, for whom 10 is becoming the age of digital independence. Between age nine and 10, the proportion of children who own a smartphone doubles to 50%  giving them greater digital freedom as they prepare to move to secondary school. By the time they are 15, almost all children have one.

“Today’s children have never known life without the internet, but two million parents now feel the internet causes them more harm than good, said Yih-Choung Teh, Ofcom’s Strategy and Research Group Director.

“So it’s encouraging that parents, carers and teachers are now having more conversations than ever before with children about online safety. Education and stronger regulation will also help children to embrace their digital independence, while protecting them from the risks”.

children-media-use-attitudes-2019-report

ATM scams: Christmas crime

FESTIVE SHOPPERS in Edinburgh are being warned against the latest ATM scams hitting high streets across Scotland this Christmas and New Year’s.

The Scottish Business Resilience Centre (SBRC) has issued a call for extra vigilance when withdrawing cash over one of the busiest periods of the year for shopping. Continue reading ATM scams: Christmas crime

Top security tips to protect yourself against fraud this Christmas

Black Friday marked the start of the festive season, not just for us, but for criminals too. We will all be frantically seeking out some Christmas bargains both on the high street and online.  It’s easy to get carried away with the festive cheer but remember the old adage ‘If something looks too good to be true then generally it is.’  

If you’re concerned about fraud, Head of Information Security at Atom bank, Jon Holden, has provided some useful tips to keep you protected and to ensure you don’t put yourself in danger:

  1. Be wise and choose where you shop carefully

“When buying online, look for the padlock or lock icon located in the web browser. Check out the feedback section for buyer reviews and ask if the seller has a returns policy. Do they have a physical address or are they only contactable via phone or email – this may be a red flag!

“Use a credit card when making a big money purchase, as the majority of card companies have online insurance from their customers. Be mindful that some products may be counterfeit – top end designer goods are rarely discounted so you may be buying counterfeit goods.”

  1. Don’t click on links in unsolicited emails or share too much information

“Fraudsters send out phishing emails which may appear to be from a legitimate online company from which you have previously made a purchase, requesting that you are required to update your payment card details.

Check the URL in your web browser. Fraudsters change an address ever so slightly in the hope that you won’t notice that it isn’t the genuine website e.g. www.pay.pa1.com.

“If you are in any doubt contact the company direct i.e. not via the link. Don’t share too much information and only complete what is required. If you feel uncomfortable with the information you’re being asked for then don’t share it.”

  1. Update your apps, browsers,  PCs, phones, iPads, tablets…

“Regularly check and install the latest software and app updates on your devices. They contain important security updates that can protect you against malware and fraud.”

  1. Use strong passwords and switch on multi-factor authentication

“It might seem obvious, but many people still use simple and straightforward passwords that are easily guessed by fraudsters. Hackers usually work through lists of common passwords searching for the right combination, and once they’ve guessed your log in details for one account, they could use your credentials to access multiple websites.

“Use unique passwords for each service you use. Make sure they don’t include names or key dates like your birthday as this could put you at risk. Make it hard to guess by using upper and lower-case letters, special characters and numbers, but not so hard that you won’t remember and have to write it down. Also switch on multi-factor authentication, this will keep you extra protected as it will ask for two or more pieces of evidence to gain access to your account.”

  1. If you’re shopping online on a public/shared computer – don’t click on ‘remember me’ 

“When using a public/shared computer, make sure you log out before leaving the machine and don’t click on ‘remember me’ as that could allow the next user to log in to your account.”

“Selecting the ‘remember my card details’ option is very convenient for future purchases, but means you’re putting a lot of trust in the company behind the website. If they don’t store your details, they can’t lose your details to hackers!”

Online safety campaigner receives NSPCC honorary member of council award

Ruth Moss, a research nurse from Edinburgh, has been recognised as an ‘Honorary Member of Council’ at the NSPCC annual council meeting after years of hard work campaigning for tighter regulations on online safety for children. Continue reading Online safety campaigner receives NSPCC honorary member of council award