BEWARE! Scam emails purporting to be from DVLA offering a refund if you click on the link. They are taking advantage of current confusion regarding road tax - DO NOT CLICK!!!! Avoid the Microsoft phone scam, what to do if you are hit (from http://www.pcadvisor.co.uk/how- to/security/3378798/microsoft-phone-scam-dont-be- victim/) If you receive a phone call from a security 'expert' offering to fix your PC - it's a scam. Here's how to avoid the 'Microsoft phone scam', and what to do if you fear you have fallen victim to it. A quick check on Google Trends shows that the term 'Microsoft phone scam' first became popular in mid 2009, and peaked in September 2011. But the scam is still around, and my recent experience suggests lots of people are being caught out. So here is how to avoid the 'Microsoft phone scam' in the first place, and what to do if you are a victim. Microsoft phone scam: how it works Scammer calls you, and asks for you by name. They say they are a computer security expert from Microsoft (or another legitimate tech company). The 'security expert' is plausible and polite, but officious. They say that your PC or laptop has been infected with malware, and that they can help you solve the problem. What happens now depends on the particular strain of scam with which you have been targeted. Some crooks will ask you to give them remote access to your PC or laptop, and then use the access to harness your personal data. Others get you to download malware that will do that task for you. A more straightforward scam is to simply ask for money in return for a lifetime of 'protection' from the malware they pretend is on your machine. Here's the important bit: no legitimate IT security pro is ever going to call you in this way. For one thing, they can't tell that your PC is infected. They've got your name from the phone book, or any one of the thousands of marketing lists on which your details probably reside. They know nothing about your home computing set up. Basically, somebody is sitting in a room calling number after number hoping to find a victim. It's not personal, but it is ultimately dangerous to your financial and technological health. Microsoft phone scam: what to do if you are called Number one: put the phone down. Get rid of the caller and move on with your life. It is not a legitimate call. During your conversation, don't provide any personal information. This is a good rule for any unsolicited call. And certainly never hand over your credit card or bank details. Just don't do it. If you've got this far, we can only reiterate point number 1: get off the phone. But whatever you do don't allow a stranger to guide you to a certain webpage, or instruct you to change a setting on your PC or download software. If possible get the caller's details. You should certainly report any instance of this scam to the police. Finally, change any passwords and usernames that could plausibly have been compromised, and run a scan with up-to-date security software. Then ensure that your firewall and antivirus are up to date and protecting your PC. Tell everyone about it. This scam preys on people's insecurity about lack of tech knowledge. It is very easy to be a victim, and the best defence is sharing knowledge. It is much easier to put the phone down if you are forewarned. Microsoft phone scam: what to do if you have been a victim First of all don't beat yourself up. This could happen to anyone (and does). You need to change all the personal data that you can change. As much as you might like to you can't change your date of birth, and changing your name and address seems extreme. But you can change all your passwords and usernames, starting with your main email account and any bank- and credit card logins. Also, contact your bank to ask them to be on the look out for anything dodgy. Again, use up-to-date security software to scan and cleanse your PC, and if the scammer did get you to do something to your PC using System Restore to roll back the settings is always a good idea. And tell the police. If you have lost money, it's possible your credit card company or contents insurance will cover the loss Viewpoint: How hackers exploit 'the seven deadly sins' By Prof Alan Woodward Department of Computing, University of Surrey (Courtesy of: http://www.bbc.co.uk/news/technology- 20717773) Cybercriminals are more than willing to exploit instincts which make users vulnerable The phenomenon of "social engineering" is behind the vast majority of successful hacking. This isn't the high tech wizardry of Hollywood but is a good, old-fashioned confidence trick. It's been updated for the modern age, and although modern terms such as "phishing" and "smishing" are used to describe the specific tricks used, they all rely upon a set of human characteristics which, with due respect to Hieronymus Bosch, you might picture as the "seven deadly sins" of social engineering. Apathy: To fall for a confidence trick, or worse, we assume others "must" have taken the necessary steps to keep us secure. Sadly this leads to a lack of awareness, and in the world of the hacker that is fatal. When we stay in a hotel and we programme our random number into the room safe to keep our belongings secure, how many of us check to see if the manufacturers override code has been left in the safe? It's nearly always 0000 or 1234 so try it next time. Curiosity: Humans are curious by nature. However, naive and uninformed curiosity has caused many casualties. Criminals know we're curious and they will try to lure us in. If we see an unfamiliar door appear in a building we frequent, we all wonder where it leads. We might be tempted to open it and find out, but in the online world that might just be a trap waiting for an innocent user to spring it. A colleague built a website that contained a button that said Do Not Press, and was astonished to find that the majority of people actually pressed it. Be curious, but exercise a healthy degree of suspicion. Gullibility: It is often thought of as a derogatory term, but we all suffer from this sin. We make assumptions. We take others at face value, especially outside of our areas of expertise. Put a uniform on someone and we assume they have authority. Give an email an official appearance by using the correct logo and apparently coming from the correct email address, and we might just assume it's real, regardless of how silly its instructions might be. All of this can be easily forged online, so make no assumptions. Courtesy: We quite rightly all teach our children to be polite. However, politeness does not mean you should not discriminate. If you do not know something, or you feel something doesn't feel quite right, ask. This principle is truer than ever in the online world, where we are asked to interact with people and systems in ways with which we are quite unfamiliar. If someone phones you out of the blue and says they are from your bank do you believe them? No. Phone them back - phone your bank - don’t just return the call. And by the way, use a mobile phone as landlines can remain connected to the person who made the call in the first place and so whilst you might think you're phoning the bank on a valid number you're just talking to the person who called you. Greed: Despite what we'd like to think we are all susceptible to greed even though it might not feel like greed. Since its inception, the very culture of the web has been to share items for free. Initially this was academic research, but as the internet was commercialised in the mid-1990s, we were left with the impression that we could still find something for nothing. Nothing is ever truly free online. You have to remember that if you're not the paying customer, you're very likely to be the product. In the worst case, you might find that you have taken something onto your machine that is far from what you bargained for. Many pieces of malware are actively downloaded by owners unaware that the "free" product contains a nasty payload, even if it also appears to do what you expected of it. Diffidence: People are reluctant to ask strangers for ID, and in the online world it is more important than ever to establish the credentials of those whom you entrust with your sensitive information. Do not let circumstances lead you to make assumptions about ID. For example, if someone from "IT support" calls you and asks for your password so they can help fix your problem, how do you know they haven't called everyone else in the building first until they found you who has really got a problem? This is a well-known attack. If someone has a problem with proving who they are, you should immediately be suspicious. Thoughtlessness: Thinking before you act is possibly the most effective means of protecting yourself online. It is all too easy to click that link. Stop. How many of us when reading an apparently valid link in an email would bother to check whether the link is actually valid or whether instead it takes you to a malicious site. It's horribly easy to make links look valid so try hovering your cursor over the link for a few seconds before clicking to see what the real link is: the true link pops up if you give it a moment. As cynical as it may sound, the only answer is to practise your A-B-C: • Assume nothing • Believe no one • Check everything With more shopping expected to be done online this year than ever before, you should watch out for those that would exploit the deadly sins. Don't give criminals the chance to ruin your life, and remember that a little bit of paranoia goes a long way online. Alan Woodward is a visiting professor at the University of Surrey's department of computing. He has worked for the UK government and consults on issues including cyber-security, covert communications and forensic computing. Postal Scam: The Trading Standards Office are making people aware of the following scam: A card is posted through your door from a company called PDS (Parcel Delivery Service) suggesting that they were unable to deliver a parcel and that you need to contact them on 0906 6611911 (a Premium rate number). DO NOT call this number, as this is a mail scam originating from Belize. If you call the number and you start to hear a recorded message you will already have been billed £315 for the phone call. If you do receive a card with these details, then please contact Royal Mail Fraud on 020 7239 6655. For more information, see the Crime Stoppers website: http://www.crimestoppers-uk.org/crime- prevention/helping-prevent-crime/scams/postal-delivery- scam Telephone Scams… A reminder to be on your guard if telephoned by someone purporting to be from Windows, Microsoft or something similar and claiming that they have noticed that you have been having problems with your PC, that you have a virus, or have failed Internet downloads etc. and offering to help you. There have been a variety of different versions of the scam but they invariably end with you either visiting a website and downloading some software supposedly to protect your PC but in reality will steal passwords, credit card details etc. or paying for a ‘maintenance contract’ of some description, which turns out to be a fake. The callers can be very persistent and sometimes ring several times. The fact is that Microsoft do not monitor your surfing habits (nor does anybody else come to that). No one will know if you are having problems downloading from the web or have downloaded a virus etc. Anti-spy Virus… The Anti-spy type virus has raised it’s ugly head again and is doing the rounds. It downloads it’s self after a visit to an infected website and pops up a message which says that you have been infected with a virus and asks you to pay for and download some software which will delete it. The software, again, is fake and is designed to harvest credit card details. Malwarebytes, available from HERE, usually gets rid of it. However, in some cases the infection is so severe that it has to be dis-infected by a computer repairer. Unfortunately, many ant-virus packages miss it, including AVG and Macfee. The solution is to get one of the better packages, such as Norton Anti-virus or Kaspersky (only install the Internet Security versions if you have a fast, modern PC) and make sure it’s kept up to date. Anti-virus packages, even the best, can only stop viruses they know about. It is also advisable to download Malwarebytes now and keep it up to date because some versions of Anti-spy can block access to anti-virus websites.