18. Recognising malicious activity

Posted by DLT Admin on

Introduction

This section covers online threats that could affect you, your family and friends, and the people that you support in your role. Although you might be concerned that doing things online might be too risky, please remember that most online interactions are safe and can provide real benefits to people. The information in this section is designed to help you avoid online harm.

MyLearning badge information

MyLearning Badge: SSSC 23 Things TEC – Thing 18: ‘Recognising malicious activity’.

This counts towards the ‘Support and protection‘ milestone badge.

Dos & Don’ts

As most people spend more and more time online, this also provides more opportunities for criminals to information and even money from them. This is often called ‘Cyber-crime’, and included things you may have heard of, like ‘hacking’ and ‘ransomware’.

While we may not be able to prevent all cyber-crime, as workers, volunteers, or carers, we all have a role to play in reducing this as much as possible. You do not need to have technical expertise to help prevent it from happening, just taking a few simple steps can make it much more difficult for someone to access your information and money.

Remember that cyber criminals often use sophisticated techniques to try to make you behave in ways that are more likely to give them access, and even experienced and vigilant IT people can still be caught out, so don’t be too hard on yourself if you become a victim of cyber-crime. Hopefully, by following the advice below, you may be able to avoid this, and as importantly, help the people you support to avoid it too.

Don’t panic

One of the most common ways that cyber-criminals try to get you to part with information like PIN numbers and personal information is to create a sense of panic. This is to make you react quickly without thinking, which can make you do things that you would not do if you had time to think about it. For example, if someone called you unexpectedly and asked for the PIN number of your bank account, it is likely that you would refuse because you have time to make a rational judgement.

However, what if they tried to panic you by saying that they are from your bank and someone has already accessed your account, is removing money and they need your PIN number to create a ‘safe’ account to transfer your money? The chances are all that you have heard is ‘someone is taking your money’ and your immediate response is likely to be that you need to stop this now.

By taking a few moments to stop and think, you can reduce the feeling of panic which will enable you to think more rationally. Would your bank really ask you to tell them your PIN, whether by phone or in person?

This technique of creating a sense of panic or urgency does not just apply to money leaving bank accounts. Scammers may also try to tell that an offer that is almost too good to be true is only available for a short period so you must act now. While this technique can also be used by legitimate salespeople, you should pause and think before responding.

Always check that a phone call or email is legitimate

Always be wary about any email, phone call or social media post/message that you are not expecting, even if it is from someone you know. Online criminals will often use emails or telephone numbers that look very similar to legitimate ones. Always look carefully at the email address or the social media tag line to see if there are any spelling mistakes or additional characters. Scammers will often make subtle changes to their fake names so that  someone glancing at the address or tag may think it is the real thing. NEVER click on a link in an email or social media message unless you are sure that it is legitimate.

If you receive an unexpected phone call, close it and phone the organisation that called you using a contact number that you have like on their website or the back of your bank card. Always check that you hear the dialling tone before making the call because scammers can sometimes stay on the line and pretend to be your bank. If it is feasible, it is best to call from another phone so they can’t do this. 

If you are asked for any personal information, always ask yourself why are they asking for this? If you have an existing relationship with them, like an account, they should already have access to a lot of information that they need. A common trick used by scammers is to ask you to ‘confirm’ information. You give them this information which they did not already have. NEVER confirm passwords or PIN numbers in a phone call.

Learning activity 1

While you are supporting a person who uses your service, they receive a telephone call from someone saying it is their bank fraud team. The person is told that their bank account has been hacked and someone is transferring all their money. What advice would you give them and why?

Always check that a call, text or email is legitimate

Always be wary about any email, phone call or social media post/message that you are not expecting, even if it is from someone you know. Online criminals will often use emails or telephone numbers that look very similar to legitimate ones. Always look carefully at the email address or the social media tag line to see if there are any spelling mistakes or additional characters. Scammers will often make subtle changes to their fake names so that  someone glancing at the address or tag may think it is the real thing. NEVER click on a link in an email or social media message unless you are sure that it is legitimate.

If you receive an unexpected phone call, close it and phone the organisation that called you using a contact number that you have like on their website or the back of your bank card. Always check that you hear the dialling tone before making the call because scammers can sometimes stay on the line and pretend to be your bank. If it is feasible, it is best to call from another phone so they can’t do this. If you are asked for any personal information, always ask yourself why are they asking for this? If you have an existing relationship with them, like an account, they should already have access to a lot of information that they need. A common trick used by scammers is to ask you to ‘confirm’ information. You give them this information which they did not already have. NEVER confirm passwords or PIN numbers in a phone call.

Social media

Most of us now use some form of social media to interact with friends and family. Social media posts are usually more relaxed and less formal than other forms of communication. While this can feel a more natural way to interact with people, it can also mean that we may let our guards down about spotting malicious and fake posts.

It is a simple task for cyber criminals to create fake accounts and posts in social media that look very convincing. Sometimes they will include images of the people they are pretending to be so you think the posts are from that person. These posts often appear to be endorsements of products or services designed to get you to give financial information like your bank details. If you are interested in the product or service, always search for it on a search engine like Google or DuckDuckGo rather than click on any links in the post.

Please remember that it can be easy for anyone to look at all the information in your ‘feed’ unless you have your security settings to enable access only to your friends on the platform. Many people like to provide a running commentary of their social lives on social media platforms, however this can also be used by criminals to build a picture of their lives.

It is now possible for people and organisations to create posts specifically for you based on the knowledge they have acquired about you from your activity on social media. Sometimes this is done through innocent-looking quizzes that encourage you to give away personal information that cyber criminals can use to develop a profile of you to enable them to create posts that will be appealing to you. They can also use Artificial Intelligence (AI) to create fake videos and images that look genuine and designed to reassure you about the legitimacy of posts. This is known as ‘Deep fake’. A good example of this are the videos of the financial expert Martin Lewis that were posted on Facebook in 2023. These were created by cyber criminals using AI and appeared to show Martin Lewis endorsing an investment scheme that was a scam. They looked so convincing that Martin Lewis said he could have been fooled by them as they recreated all his mannerisms and voice so accurately. 

So, like in an email, never click on a link within a social media post unless you are sure it is legitimate. Scammers often use fake links to enable them to install something on your device (for example, smartphone or tablet) so that they can then use the information stored on it for malicious activities. Usually, you would not be aware that your device is ‘infected’ until the scammer starts to do something malicious like access your bank account.

Learning activity 2

You are helping Brenda to get ready for bed when she tells you that she has seen a post in her social media from a well-known money expert. The expert is advertising a way of investing money that guarantees really good returns and profits. Brenda says that it almost sounds too good to be true but it must be legitimate because it is being endorsed by the famous money expert.

What would you suggest that Brenda does and explain why you would give her this suggestion.