Scams: how spoofing, twitter clones, fake green padlocks and gift card 'fines' could catch you out

From Twitter clones to scam websites with green padlocks, fraud is continually evolving. Scott McGready explores some of the most popular scams around.

Fraudsters are continually embracing new technology and changing their methods in order to get at your hard-earned cash and data.

Here are some of the current most popular scams, how they work, and how to spot them.

Attack of the Twitter clones

Early last year, a spate of cloned Twitter accounts popped up posing as various banks and immediately responding to customers who had tweeted their own bank asking for help.

As the fake accounts looked identical to the real one, were named very similarly to the official account, and were usually the first to respond to the original question, many people gave the fraudulent account their bank details and security information via direct messages without even realising.

While most of these accounts were quickly reported and shut down by Twitter, a similar trend has sprung up where scammers try to hijack verified Twitter accounts in order to lure people into giving them money in the form of cryptocurrency.

Donald Trump, John McAfee, Jordan Belfort, and many other verified users have all been impersonated by fraudsters trying to scam their followers.

In the screenshot above, the cloned account responds to a legitimate tweet put up by Jordan Belfort in order to make it seem like Jordan himself had forgotten to say something in his original tweet.

Starting with phrases such as “By the way…” or “Oh and another thing…” attempts to add an air of legitimacy to the fake account with the aim of extorting money in the form of cryptocurrency from any of Jordan’s followers.

Looking closer at the fake account in the screenshot, the inconsistencies between it and the real account become quickly apparent.

The lack of a verified tick and a slight misspelling in the Twitter handle are just a few of the warning signs that might not be obvious at first, especially if you’re hooked on the prospect of getting something for effectively nothing, but upon further investigation start to reveal themselves.

While this particular scam seems to be only mimicking verified Twitter users and focusing specifically on cryptocurrency as its “cash out” at the moment, it’s only a matter of time before the medium, content, targets, or even social network changes.

Check your credit report for any unusual activity

Text and call spoofing is still a dangerous problem

Banks, HMRC, DVLA, private companies, the NHS, and many other organisations now use text messages to communicate with their customers, notifying them of any issues or keeping them informed of any changes to their accounts.

Scammers know this – and use it to their advantage.

Spoofing popular banks or companies, fraudsters will typically use language to encourage a reaction from the victims, such as “Your account is being blocked due to unauthorised access” or “Your account is overdrawn”.

The natural reaction to receiving a message like this is to immediately want to resolve the problem.

Messages will include either a number to call, a link to a website, or can even indicate a time when you’ll receive a call from their “fraud department”.

Spoofed text messages are incredibly believable because they “thread” into the chain of messages you’ve previously received from that company, thereby giving some sort of credibility to the message itself.

By matching known language used by banks, or ironically even occasionally including a warning about fraudulent messages, fraudsters seek to further legitimise their claim of representing a company you know and trust, with the ultimate aim of luring you into revealing financial information.

Never feel pressured into responding to, or interacting with, a text message – even if it demands urgent action.

Call the purported sender immediately on a number you trust, never a number provided via a text message, and ask them to verify if the message is genuine.

Not only will it confirm you were right to be suspicious if it isn’t genuine (or give you peace of mind if it is), it could also let the company or bank know that their customers are currently a target of fraudulent messages.

Similar in function to text spoofing, but arguably more dangerous, is call spoofing.

This is where fraudsters mask their own telephone number by spoofing various organisations such as a bank, an 0800 number, or even a number that shares the same area code to where you live.

To make things even more believable, fraudsters have been known to assure victims that they are a representative of their bank by spoofing the bank’s recognised telephone number and then asking the intended victim to check the number against the one on the back of their bank card.

As the numbers match, most people believe that the caller is genuinely the bank and are guided through an extensive “security check” where they unknowingly give the fraudsters all their information.

This is why it’s incredibly important to hang up the call if you’re unsure about the caller’s legitimacy and call the company back using a number you trust, found on their website or a letter, from another phone.

Think you might have fallen victim to a scam? Check your credit report for anything suspicious

What does a “green padlock” really mean?

There’s a fair amount of confusion surrounding so-called “green padlocks”: what do they do and, more importantly, do they make the website they’re attached to legitimate?

While it’s true that you should always look out for a green padlock in the address bar before submitting any personal data, including credit card information or passwords, the presence of one doesn’t mean that the website is legitimate.

A number of years ago, SSL certificates (the technical term for green padlocks) were fairly difficult and time consuming for both legitimate and fraudulent websites to obtain.

This meant that most fake websites didn’t even bother trying to get an SSL certificate and, as a direct result, a lot of the advice that was given out surrounding fake websites was to look out for the absence of a green padlock.

Although it wasn’t impossible for a fake website to have an SSL, at the time it was highly unlikely. In the last few years, however, SSLs have become much easier, cheaper, and quicker to obtain, yet the advice hasn’t changed to reflect this.

Simply put – websites that have a green padlock in the address bar only ensure that data sent to or from the website (such as your username, password or credit card details) is encrypted and cannot be intercepted by anyone “listening in”.

However, it doesn’t verify that the website is legitimate. You could be sending your data in a secure way, but delivering it directly to the fraudster who owns or maintains the website.

You can’t use gift cards to pay fines

Targeting one specific demographic, rather than the entire population, has already proven an effective tactic for fraudsters as there’s a greater chance a scam will be successful.

For example, when it comes to over 65s, fraudsters will often try and confuse their victims by throwing overly technical terms around or, as in this case, asking for fines to be paid using iTunes gift cards.

Commonly, a fraudster will call a victim claiming to be from a Government authority, such as the police or HMRC.

They then inform the victim that a large amount of unpaid tax is due, or that they are suspected of criminal charges, and to avoid any criminal convictions they must pay a fine via a gift card.

As the over 65s demographic tend not to be frequent users of services like iTunes, Google Play, or PlayStation Network, fraudsters are able to use this unfamiliarity to their advantage and insist it’s the only way to process payment of the fine.

The underlying reason for this is that it’s infinitely more difficult for banks and the police to track the money leaving the victim’s account and arriving in the fraudster’s account.

With an average loss of over £1,000 per victim it’s a very profitable scam for fraudsters to conduct and, while companies like Apple and organisations like HMRC are actively distributing advice warning people of the scam, it’s still highly successful and shows no signs of slowing down.

How to protect yourself from scams

The fight against the fraudsters can seem to be an unwinnable battle at first, but there are some simple and effective steps you can take to fight back and to help protect yourself, your money, and your information.

Take Five

• The national Take Five campaign’s advice of taking five minutes before responding to a suspicious email, text, or call, and taking some time to think before parting with any money or data sounds simple, but is remarkably powerful. Taking that extra time to think about what’s being asked of you, contacting the company via another trusted means, and not making a quick decision could save you from falling victim to a scam.

Tell 2

• The aim of another national campaign, Tell 2, is to encourage everyone to share information on scams, or how to avoid them, with two people. The idea is that if everyone makes a conscious effort to tell two people, information about the latest scams can spread quickly and the public’s heightened awareness can stop the fraudsters in their tracks.

Action Fraud and Police

• Again, another seemingly simple piece of advice is to always report suspected scams to Action Fraud and the police – even if you weren’t a victim. By reporting these scams as soon as possible, police can immediately start disrupting the fraudsters’ attempts while more relevant safety advice can be given out to help protect others.

By taking five minutes, telling two people, and reporting any suspicious activity to both Action Fraud and the police, not only could you save yourself from falling victim to a scam, but you could save countless others.

Think you might have fallen victim to a scam? Check your credit report for anything suspicious