Scam tricks: email, phone and text message traps to watch out for

Telephone scams, or ‘vishing’, involve you receiving a call out of the blue and someone trying to trick you into handing over your personal details.

Here are some of the common tricks used by criminals to make that call seem genuine.

Hold music

The National Fraud Intelligence Bureau is warning that fraudsters are using background hold music to make scam calls sound more convincing to victims.

Organised crime groups are impersonating banks and using the new trick to defraud people.

It's a worrying sign that scammers are getting more sophisticated in mimicking banks and building societies, says Stephen Proffitt, deputy head of Action Fraud.

“Fraudsters are constantly developing new ways to make their calls more convincing so members of the public need to remain vigilant," he says.

"If you receive a cold call purporting to be from your bank, always end the call as soon as possible and call your bank back using the number on the back of your bank card or statement and ask to be put through to the fraud team.

"Tell them exactly what has just occurred. If you believe your bank details may have been compromised, you should report this to your bank immediately.” 

Helplines

Some scammers try and trick you into calling them instead.

Last month, the National Trading Standards eCrime Team warned about a new ‘printer helpline scam’, which involved fraudsters putting out fake helpline numbers through social media and on search engines to trick people into calling up for assistance.

Since victims had made the call they weren’t suspicious when the people on the ‘helpline’ said they needed remote access to solve the technical issue.

This access allows the fraudster to steal personal details or even infect your computer with malware and holding the victim to ransom.

To stay safe, you should make sure you always use official numbers provided by the company from the official website or packaging and literature.

For more read: Printer helpline scam – how to stay safe

There’s been a security breach

Scammers may also prey on your fears to convince you to hand over details you never normally would.

Commonly fraudsters will impersonate your bank and claim there has been a security breach and you need to act fast. In the panic, you may hand over personal information like your account number or even your PIN.

Remember that your bank will never ask you to share personal details over the phone. If you get a call like this hang up and report it to Action Fraud.

Email scams, also known as ‘phishing’, involve scammers targeting your inbox with bogus emails claiming all manner of things and asking you to click on links.

Generally, clicking on the links will take you to a fake website which either harvests your details or infects your computer with malware. Here are some of the sophisticated ways scammers are getting people to fall for their cons.

Using your name

Rather than sending out generic bulk phishing emails, scammers are using a more refined technique to convince people they are genuine dubbed ‘spear phishing’.

This involves personal touches like an email that addresses you by name, mentioning a real friend or family member or a recent purchase you have made.

These details can be easy to come by on social media and sometimes your actual email address is a big giveaway. It’s not a stretch to assume my name is Reena with an email address like reena@loveinc.com.

Read more about the sneaky tactic and how to stay safe in: Spear phishing: when scammers know your personal information.

Perfect grammar

In the past an easy way to spot a scam email was to see if there were obvious spelling or grammar mistakes. But scammers are wising up and starting to proof read their emails before clicking send.

So, it’s important to keep vigilant for the other signs and not just relying on grammatical errors to flag up a bogus email.

Other ways to check if an email is genuine is to look closely at a sender’s address by hovering your cursor to see if they take you to the place they claim to take you to.

The need to act quickly

Lots of email scams claiming you have won a prize often urge you to act quickly or risk losing out.

Ignore the call to action and always sense check emails. If you haven’t entered a competition, then there’s no reason there will be a prize waiting for you.

Order confirmations

Email scams aren’t always trying to trick you into thinking there is a free prize waiting for you. Some aim to trick you into thinking you’ve already been scammed.

Increasingly fraudsters are using ‘order confirmation’ emails that look like they’ve come from genuine firms like Amazon to fool people.

They might detail a purchase for a high-value item like an iPhone and where it will be delivered. The email will also explain what to do if you haven’t authorised the transaction – which almost always includes a ‘help centre’ link.

Of course, clicking on the link will lead you to a website that may look authentic but will ask for things like your name, address and bank card details.

One man lost £750 after entering his details on a convincing Amazon order confirmation scam earlier this year. Take a look at Amazon order confirmation scam email - how to stay safe.

Good photoshop skills

Scammers are also getting better at mimicking genuine emails from firms and banks by taking logos and other images to make them seem more legitimate.

A loveMONEY reader flagged up a HSBC Safeguard email last year that had the HSBC logo, a link to the genuine HSBC Safeguard site and a pretty good spiel.

For more on this scam take a look at: HSBC Safeguard email scam: how to stay safe.

SMS, or ‘smishing’, scams are rife too. All fraudsters need is your mobile number to send you convincing messages. Here are some of the most devious tricks we’ve seen.

Verify a high-value purchase

Many banks offer a service that sends customers a text message when purchases over a certain amount are made from their account to help them spot unusual transactions quickly.

Unfortunately, scammers have cottoned onto this and are starting to use the alert feature for their own means.

Earlier this year Nationwide customers were targeted with messages asking victims to verify a high-value purchase supposedly made on their card at a well-known retailer. The text message asked people to call a number where fraudsters asked ‘security questions’ aimed at harvesting their bank details.

Below is an example of the message Nationwide customers received.

Here’s a scam text received by one of our customers – would it fool you? Always check the phone number at https://t.co/MC0mcz04kp #TakeFive pic.twitter.com/Y2tiAzTcEK

— Nationwide UK (@AskNationwide) January 19, 2017

Two-factor authentication

Two-factor authentication is a security feature banks and some firms use to ensure the safety of accounts.

It works by using something you need to remember and something physical like a mobile to access an account with a unique code.

It’s meant to stop people that steal logins and passwords as it requires physical access to another vital part of your login information.

But some scammers are trying to get around this security set up. Last year there was a scam text message posing as Google that claims their account has been hacked and to reply with the six-digit verification code they are about to receive.

Be warned, there's a nasty Google 2 factor auth attack going around. pic.twitter.com/c9b9Fxc0ZC

— Alex MacCaw (@maccaw) June 4, 2016

Scammers that have the logins are then also able to get this vital missing information access an account allowing them to get around Google’s two-step security setup.

To keep safe, never enter important codes into a text message or on suspicious sites. Site like Google will only send you an authentication code if you ask for it.

Posing as a friend with a gift card offer

Scammers also use SMS or WhatsApp messages with promises of high-value gift cards or vouchers – sometimes which seem to be passed on by someone you know – to trick people to let their guard down.

Last year there was a Sainsbury’s £100 gift card scam doing the rounds on WhatsApp. Below is a screengrab of one of the messages, which was shared by Twitter user @loisadean.

If a gift card or voucher looks too good to be true, then it probably is. Be wary of clicking on any links and if it has come through from a friend be sure to message them separately to make sure the offer is genuine.

Keep up to date on the latest voucher scams doing the rounds in: Don't fall for these supermarket voucher scams.

Preying on a parent’s worst fear

Back in July 2016 Action Fraud highlighted a text message scam that preys on a parent’s worst fear and tricking them into sending mobile phone top-up vouchers codes.

The con involved a message supposedly from their child, who claims to be in hospital and are having to use some else’s phone. They then ask for a mobile top-up code so they can call them.

The fraudster sending the spam text plays on the emotions of the victim, who is likely to act quickly without thinking and do as instructed out of panic. Once they have the codes they can either use them or sell them on for money.

If you receive a worrying text message from an unknown number stop and think before taking action. Your child would never be forced to use another person’s mobile to contact you as staff would allow them to call you. Give your child a ring on their normal number if you are unsure.

Take a look at: Fake text message scam targeting parents’ worst fears for more.

Scammers are increasingly using social media to target victims. Here are some of the sneaky methods they are using to successfully fool people.

Fake Twitter accounts

Criminals are using Twitter to pose as banks to trick victims into visiting bogus sites or clicking on links that infect their computers with malware.

Last year three fake NatWest profiles appeared that tried to get customers of the bank to click links.

To keep safe, you should always look for the verified blue tick when being contacted or contacting your bank or other financial provider using Twitter.

However, some small banks and building societies haven’t got these marker yet so also look at the number of accounts following and followed.

If there are few followers be cautious as an established company will have several thousand. For more read: Twitter banking scam - how to stay safe.

Facebook competitions

Watch out for fake Facebook competitions promising vouchers and freebies.

Typically, scammers use too good to miss offers to get people to not only enter their details or ‘like’ a post but share the deal with friends and family to do the same.

Last year a fake Facebook page posing as Smyths Toys was promoting a competition to win a €300 voucher. Thousands of people liked the post to be in with a chance of winning.

Read more about it in: Smyths Toys Facebook scam: how to stay safe.

When you ‘like’ a fake Faceboiok page con artists can bombard you with other scam websites and gain access to view your Facebook profile which may reveal personal details like your date of birth and where you live.

Be sure to check the official page for a retailer to find out if a promotion is genuine and be wary of anything that sounds too good to be true.