Avoid the test and trace scammers
In his latest guest blog, Dorset Police Cyber Protect Officer Chris Conroy gives some expert tips on avoiding the fraudsters posing as NHS Test and Trace officials.
As you’ll no doubt know, if you’ve read any of my previous guest blogs, I truly believe there is a scam out there for absolutely everybody.
No matter your age, or education, all it takes is for one scammer to hit upon the perfect formula and – before you know it – you’re out of pocket.
While we have to be on our guard all the time, scammers only have to get lucky once.
We have to remember that scamming is – in essence – a day job for the bad guys. They have all the time in the world to think up schemes, and react to the 24 hour news cycle at an incredible pace. If it’s headline news of any significance, there will probably be a scam based on it.
A timely example of this is the launch of NHS Test and Trace. Within minutes of the scheme being announced, scammers got to work to make sure they had the tools they needed in order to exploit it and, sure enough, the day the scheme formally launched saw a raft of scams hitting individuals across the country.
Premium rate phone numbers, requests for sensitive personal information, even demands for payments as high as £500 for a testing kit.
Many of us will naturally assume that this isn’t right. However, these are strange times and none of us have much experience of global pandemics. We wouldn’t naturally know what to expect of a service like NHS Test and Trace, so it’s easy to see how people might fall victim – particularly if they are already concerned about their health and wellbeing.
Here’s what you should expect. NHS Test and Trace will:
- Use a single phone number - 0300 0135 000 – if they have cause to call you.
- Only ask you to visit one website - https://contact-tracing.phe.gov.uk. As ever, check any links carefully. Scammers are crafty and we’d expect them replace dots with dashes etc to trick people.
And the following should set alarm bells ringing. NHS Test and Trace will not:
- Ask you to dial a premium rate number (for example, those starting 09 or 087).
- Ask you to make any form of payment.
- Ask you for any details about your bank account.
- Ask for your social media identities or login details, or those of your contacts.
- Ask you for any passwords or PINs, or ask you to set up any passwords or PINs over the phone.
- Ask you to purchase a product.
- Ask you to visit any website that does not belong to the Government or NHS.
- Ask you to download any software or hand over control of your PC, smartphone or tablet. (The Track and Trace app may be the exception to this rule, and we will work to clarify this as soon as we can. For now, however, it is not publicly available).
Me telling you this is all well and good, but what we really need is for people like you to share it. Be it through social media or email, or even over a (socially distanced) cup of tea, the real value of this information comes when friends and family share it with the people they think might benefit.
Talking about scams, fraud and cybercrime is a key part of the fight back. One of the most common things I hear victims say is ‘I think I’ve done something stupid’, but that simply isn’t true.
Share your experiences of scams
Remember, the bad guys are often very clever people, who spend their days finding ways to trip people up. Most of the time, falling victim to a scam isn’t someone just being silly, or making mistakes. It’s someone being tricked by a well-practiced professional.
Whilst we understand people’s desire to keep things like this under wraps, think about how powerful a tool that experience could be. If families and friends knew of your first hand experience, they’d know precisely what to look out for to make sure they aren’t tricked in the same way. It’s a big issue and that’s why we’re here to do what we do.
As ever, you can find us on Facebook (www.facebook.com/dorsetpolicecybercrime) or Twitter (www.twitter.com/dp_cybercrime), or head to our website (www.dorset.police.uk/cybercrime) for more information on how to stay safe online.
If you’re unfortunate enough to fall victim to fraud or cybercrime, don’t forget to report it at www.actionfraud.police.uk. Their website is also a treasure trove of useful information about current frauds and scams.
And lastly, for those who aren’t already aware, there’s a new way to report phishing emails. Any you receive – crucially, those you have not fallen for – can be forwarded to email@example.com.
This new system will analyse an email and its associated domain, and can lead to the automatic removal of malicious websites from the internet. It’s an incredible tool, which means your reports actually have a direct impact on how safe the internet is.
Anyway… that’s probably more than enough from me. If you have any cyber safety related questions, or you want to get something in the diary when things get back to normal, please feel free to drop me an email at firstname.lastname@example.org.
Until next time, stay safe out there – whilst staying indoors as much as possible!