During the first few months of 2022, mobile malware attacks increased by 500%, with one of the main reasons being because many people aren’t protecting their smartphones.
Experts at IT support specialists CloudTech24 have revealed the best ways you can go about protecting your mobile device from malware effectively.
Use mobile anti-malware
Your mobile phone needs anti-virus and anti-malware software too! Malware can infect smartphones and tablets easily so it’s important to have a reliable anti-malware app installed to your device.
Don’t download apps from unknown sources
Only download mobile apps from trusted sources. Do not download outside a main app store. Trusted app stores include places like:
Apple App Store
Google Play
The Microsoft Store
Amazon Appstore
You also should research the app developer online. Make sure they have a good reputation. Once you download a dangerous app to your phone, it can infect it with malware. That malware can remain behind even if you delete the app later.
Be wary of SMS phishing, AKA “smishing”
Spam texts are extremely common nowadays, with the text equivalent of phishing being known as “smishing”.
Through malicious links in text messages, hackers may ask you to message back to capture personal information, and/or try to gain access to your device.
Beware of text messages from unknown sources and be on the lookout for texts that don’t make sense. A common text spam is getting a shipping notification when you haven’t ordered anything.
Remove old apps you don’t use
Apps these days are often abandoned by the developer, and there are around 2.6 million apps that haven’t received an update in a year or more. Having these old apps on your phone can leave security vulnerabilities which can be exploited by hackers, so it’s important to address them.
Look through your device for any older apps you aren’t using, and if there’s no reason to keep them around, they can leave your device at risk.
Also, look at the time of the last update, and if it’s over a year, consider replacing it with an app that’s more current and updated more frequently.
Keep your device updated
In addition to keeping your apps updated, it’s important to keep your device updated too. Not updating to the latest version of your device’s operating system can also leave your phone with security vulnerabilities, allowing hackers to breach your data. Turn on automatic updates if possible!
As university students around Scotland enrol on their undergraduate courses this September, scammers continue to employ new and creative methods to defraud unsuspecting students out of thousands of pounds online.
With this in mind, David Janssen, a cybersecurity expert and founder of VPNOverview, has put together a list of the most common online student scams, including what to look out for and how to avoid them.
1. Student Loans Company (SLC) phishing scam
If your course is starting in September this year, then your government student loan will be paid to you in three instalments, which you should receive during September, January and April.
Scammers will choose to send ‘phishing’ emails or texts to students during these months, in which they falsely pose as the Student Loans Company asking you to verify personal banking information. These texts or emails often ask the user to log into their account and confirm their banking details via a ‘secure link’ in order to receive their first loan payment. This link will then direct the user to a copycat webpage that replicates the SLC website, which then steals your personal and banking details.
While these emails can be quite convincing, giveaways you have received an SLC scam email include; spelling or grammatical errors in the body of text, pixelated or stretched images of SLC logos and generic greetings such as ‘Dear Sir/Madam/Student.’
Remember, SLC will never ask you to confirm your bank details via email or text message. Only ever log into your student finance account through the government login portal to check or update your loan payment details. If you suspect you have received a phishing text or email, forward it to phishing@slc.co.uk or your university IT department before deleting it.
2. HMRC tax rebate scam
University students often choose to take on a part-time job in order to provide an additional source of income to help cover their cost of living. For some this may be their first time in employment, meaning they haven’t paid tax before and are unfamiliar with genuine contact from HMRC, making them more vulnerable to online scammers.
Cybercriminals will send text messages and emails to students, claiming to be from HMRC, stating that the individual is owed a tax refund. The message will then prompt the person to first confirm their details through the link provided in order to receive this money.
Much like Student Loan Company scams, these texts and emails can be quite convincing and will use images and formal language to make the user believe it is legitimate. The link will either lead to a fake website, where the user unknowingly hands over their personal details, or it will download malware onto the user’s device which then harvests their personal information.
It’s important to note that HMRC will never ask you to click through on any links in their communication with you. If you are genuinely entitled to a tax refund, HMRC will send you a letter stating so. If you are unsure whether you have received a scam HMRC email, forward it to phishing@hmrc.gov.uk where they will confirm whether or not it is a legitimate correspondence. Scam texts can be forwarded for free to 60599.
3. Freshers Week ticket scam
As a new student, you are likely going to worry about missing out on key social events such as Freshers Week, where you can mix with other students during your first week of university.
Scammers will try to exploit students by posting fake student or freshers’ events on Instagram or Facebook, with the aim of pocketing your money. These events will often imply they are the only ‘official’ event and may include phrases such as ‘Limited availability’ or ‘Final Release’ in the event title, creating a sense of urgency to buy tickets so that you don’t miss out.
In reality, Freshers’ Week tickets rarely sell out, and some universities will even allow you to buy them throughout your first week of university. Even when buying a genuine Fresher’s Week ticket or wristband online, you may be required to purchase it through a separate designated website.
The best way to ensure that you are buying from the correct site is to visit your university’s official website and click through to the ticket page from there, rather than searching online or clicking through from Facebook or Instagram pages.
4. Facebook Marketplace scam
The majority of university courses require students to complete some form of additional reading outside of their lecture hours. However, as brand-new course textbooks can be expensive, many students opt for second-hand books from Facebook Marketplace or Facebook resale groups.
Scammers will often set up fake accounts, posing as a Facebook Marketplace seller promising to post the textbooks once you have bank transferred the money. Warning signs that you are dealing with a fraudulent seller include; their profile has only recently joined Facebook, they have limited or no profile pictures or there is little engagement from other users on their profile.
Even if the Facebook user appears authentic and trustworthy, avoid bank transferring money to people you do not know. Suggest meeting up on campus or in a public place, and offer to pay in cash rather than via bank transfer. Alternatively, Amazon sells used copies of textbooks through verified sellers, where you will have a level of buyer protection.
5. Student accommodation rental scam
A few months into your university experience you may begin looking for accommodation for your second year of study, which is often based off campus. Unfortunately, fraudulent landlords will be looking to make a quick buck from unsuspecting students looking to rent shared student accommodation.
One common rental scam involves the would-be ‘landlord’ listing a non-existent property online and then requesting for a holding deposit to be made in order to take the property off the market. The listing is then taken offline, and the landlord is no longer contactable.
Remember, if the price looks too good to be true then it probably is. Make sure you view the property in person before placing any kind of deposit and aim to use a trusted student letting agent to avoid falling victim to this type of scam.
Your university website or student union may also offer a list of verified and trusted letting agents located within your area.
Fake emails, calls and messages suggesting they are from Her Majesty’s Revenue & Customs (HMRC) have grown exponentially in the last five years with many people falling foul to fraudsters.
Here, Perrys Chartered Accountants discusses the latest HMRC cyber scams doing the rounds and how to spot bogus communications:
In 2021, HMRC received more than 670,000 calls from individuals reporting tax scams. Despite a significant drop in reports to HMRC in recent months, statistics show that tax-related scams doubled during the pandemic and HMRC is still advising caution of any correspondence – particularly via text or email – implying it is from the tax authority.
Scams can come in many forms. However, the most common tactic used by fraudsters is contacting potential victims via automated messages. So, what should you look out for?
HMRC email scams
Phishing attacks aren’t new, but the tactics employed by fraudsters have become increasingly sophisticated over the years with many able to replicate email addresses from authorities, such as HMRC, that on first glance look bona fide.
These attacks aim to extract personal information and data from an individual that enables fraudsters to steal identities, bank details and more.
One such campaign doing the rounds is an email telling customers that they are eligible to receive an employment income support scheme credit during the COVID-19 pandemic. If you receive such an email, you should not reply to it, click on any links in the email or open any attachments. You should also avoid disclosing any personal or payment information. Instead, report it immediately to HMRC by emailing it to phishing@hmrc.gov.uk.
Fake tax rebates
Another common scam is the offer of a tax rebate either via text or email. HMRC will never contact anyone by text or email about tax rebates, so any messages received offering a refund will certainly be fake. If you receive any such message, do not reply but report it to HMRC and then delete it.
Be wary of website links and malicious web pages
HMRC will never ask you to click on a link to complete your details online to receive a rebate.
Web pages can also be dangerous with many fake sites cloning or copying official pages from HMRC’s website or claiming to be officially affiliated with the tax authority. To avoid being fooled by a fake website, always visit HMRC directly by typing the government’s official URL https://www.gov.uk/ into your browser.
HMRC text scams
HMRC will never ask for any personal or financial information when sending out texts. If you receive such a text, do not reply to it or open any links contained in the message. Instead, you can send any phishing text messages to HMRC using the text number 60599 or by emailing it to phishing@hmrc.gov.uk.
HMRC phone scams
Phone scams are performed using a variety of methods and are often used to target elderly and vulnerable people.
A popular way for fraudsters to target potential victims is by using an automated message. HMRC is aware of a scam which tells the receiver that they are the subject of a lawsuit and to press 1 to speak to a caseworker to make a payment. This is false. If you receive such a call, you should end it immediately.
Other similar scams might refer to National Insurance number fraud or tax refunds and will ask you to supply bank or credit card information. If you are at all unsure, or you cannot verify the caller, hang up and report it to Action Fraud.
When reporting phone scams, you should include the date of the call, the phone number used to contact you and what the call was about. You can also contact HMRC directly on its phone number 0300 200 3310 to verify the legitimacy of any calls you receive alleging to be from the authority.
HMRC WhatsApp scams
HMRC will never use WhatsApp to contact customers about a tax refund. If you receive any such communication via WhatsApp saying it is from HMRC, you should report it immediately by emailing HMRC and then delete it.
HMRC social media scams
One of the most recent social media scams being used to con people is the distribution of direct messages via Twitter offering a tax refund. These messages are not genuine and HMRC will never use social media platforms, such as Twitter, Instagram, Facebook and LinkedIn, to offer tax rebates or request personal information. Ignore all such messages and report them to HMRC straight away.
HMRC refund companies
Refund companies that send emails or texts advertising their services and offering to apply for a tax rebate on your behalf in return for a fee are not connected with HMRC in any way. Before using any such service, you should read the company’s terms and conditions or disclaimers and think carefully before instructing them to assist you. If in doubt, contact a professional accountant for advice.
HMRC customs duty scams
Changes officially introduced by HMRC on 1 January 2021 mean that some UK consumers buying goods from EU businesses might need to pay customs charges when their goods are delivered. This change in regulations has resulted in a surge of associated email and text scams asking for customs duty payments.
Customers are contacted via false emails or texts and told they must pay customs duty to receive a valuable parcel which doesn’t exist. If you are not expecting any parcel or if you are in any doubt as to the authenticity of such messages, then do not reply. Instead, you should report any suspicious activity to HMRC immediately by emailing phishing@hmrc.gov.uk.
University students taking part-time jobs
According to HMRC, undergraduates taking part-time jobs are at increased risk of falling victim to scams – particularly if they are new to interacting with the tax authority and unfamiliar with its processes.
Between April and May 2021, more than 5,000 phone scams were reported to HMRC by 18 to 24 year olds. The advice is to be wary if you are contacted out of the blue by someone asking for money or personal information.
Mike Fell, Head of Cyber Security Operations of HMRC, said: “We see high numbers of fraudsters contacting people claiming to be from HMRC. If in doubt, our advice is – do not reply directly to anything suspicious, but contact HMRC through GOV.UK straight away and search GOV.UK for ‘HMRC scams’.
As we enter into a new year, cyber crime continues to threaten businesses. Cyber attacks cost the global economy an estimated $6 trillion USD in 2021, and the costs are predicted to increase for 2022.
Since the beginning of the pandemic, hackers have been quick to exploit the growth in home working practices. Small businesses also reported an increase in attacks, and with 60% closing within six months of falling victim to a data breach, establishing a comprehensive cybersecurity strategy has never been more important.
Anthony Green, CTO and cyber crime expert at FoxTech, discusses what businesses should watch out for in the coming year: “In 2022, with many organisations implementing flexible working policies, and bringing personal devices into the office, it’s important to understand how cyber attackers might continue to exploit our changing working practices.
“It is often easier for attackers to breach home network devices, so when personal devices are being used to access company data at home, or brought into the office and connected to company networks, it can expose their system to hackers searching for vulnerabilities to exploit. With hybrid working policies expanding companies’ cyber risk, it’s vital to be aware of what the threats are, and how to prevent attackers gaining access.”
To help businesses plan their cybersecurity strategies, FoxTech has put together a guide to the top predicted cybersecurity threats for 2022, and what organisations can do to protect themselves:
Ransomware
Ransomware was the defining force of cyber attacks in 2021. Hackers infiltrate a system, steal sensitive data and demand a ransom for its return. Ransomware attacks surged by 144% in 2021 from the previous year, and the problem is only expected to develop in 2022.
Anthony comments: “A spate of high-profile ransomware attacks in 2021 has led many organisations to review their cyber risk controls and implement more effective strategies against data loss.
“While this might make it more difficult for cyber criminals to mount traditional ransomware attacks in the short term, attackers are incredibly agile, so we are expecting their strategies to shift in the coming year”
“To prevent your business from falling foul to a ransomware attack, there are two things to consider:
Preventing an attacker from gaining network access – investing in an external security assessment is the most reliable way to discover your vulnerabilities. Cybersecurity experts can then configure your security tools to protect you from the latest methods of attack.
Catching an attacker before it’s too late – it can take months for an attacker to gather the data they need to demand a ransom. Working with an external, specialised cybersecurity company that can monitor your system and quickly alert you to any suspicious activity can be the difference between a minor incident and devastating financial loss.
“Constant systems monitoring – by someone who is aware of developments in attackers’ tactics – will be more important than ever, as cyber criminals are looking for new ways to circumvent security operations. Currently, businesses are subject to 10,000 attempted attacks a day, but it often takes months for hackers to infiltrate an organisation’s most well-protected data. Catching a threat straight away, and acting quickly to mitigate the effects of a breach, will prevent attackers from stealing enough sensitive data to deliver a ransom.”
Phishing
Over 75% of cyber attacks start with someone opening a malicious email. These emails are designed to extract data from the recipient, usually a password, which is used to gain further access to an organisation’s network. Once an account takeover has been successful, hackers are able to mount more sophisticated attacks.
So how can businesses protect themselves from phishing scams?
Anthony comments: “Security awareness training is essential. Only 14% of UK companies perform cybersecurity awareness training, but educating employees on how to spot phishing scams is crucial.
“Things such as shortened links, an impersonal address, or anyone asking for private information, can all indicate that an email is not legitimate, even if it appears to come from a trusted source.”
The NCSC provides free security awareness training available here:
It is also imperative to set up Two Factor Authentication on email accounts and ensure the secure configuration of your email service.
Business Email Compromise Attack
In 2022, when so much business will be conducted through online conversations between remote workers, organisations need to be aware of business email compromise attack – also known as ‘conversation hijacking.’ These attacks are well-researched, and highly personalised, making them difficult to detect and very effective.
This kind of attack usually comes once access has been gained through a phishing attempt. A hacker reads through breached emails to learn as much as they can about business practice and payment details.
Next, they will use this information to craft seemingly authentic messages which can be sent to both employees and customers, with the aim of tricking them to transfer money or update their payment information.
“A scam that we are seeing more and more frequently is when a hacker impersonates an organisation’s CEO to redirect large payments to their own accounts,” says Anthony.
“Once this money has been lost, it is almost impossible to retrieve, so it really is crucial to prevent hackers gaining access in the first place – and to have your accounts frequently and carefully monitored by cybersecurity experts who can spot an intruder before the final attack has been mounted.”