Conveniently named the SAS (Scam Avoidance School), the workshop put on by the University’s Santander-branch last Monday (the 11th November) tackled how students can avoid being scammed. This was in response to a recent phenomenon of international students being targeted by scammers. These scammers posed as foreign authorities demanding imbursement, otherwise threatening students’ positions in the UK.
It was noted during the SAS presentation that the majority of fraudulent cases are stopped in their attempts, although admittedly the chance of students losing money always exists. These recent scams targeting students are part of approximately 6 million attempts made every year in the UK.
Scammers are referred to as social engineers, who use emails, text messages, malware, phone calls, and daily situations to manipulate individuals into giving away their banking details. Sometimes, as is the case with our international students, the scammers may even take it one step further and insist upon their target making a direct transfer. The most popular mode of scamming is through emails and text messages, where scammers masquerade as a bank or utilities provider.
Some tell-tale signs of fraudulent emails are:
• If the senders email address doesn’t match the organisation it claims to represent
• If the email sent is impersonal and fails to mention your name
• If the email has a sense of urgency to act immediately
• If the included hyperlink through which you must change your details/transfer money is misspelt
• If the email has spelling and/or grammatical errors
• If you are unable to highlight the body of the text in the email (meaning it is an image)
It is important to remember that banks tend not ask their customers to confirm their banking details over an email, in accordance to their safety protocols. Nor would they typically send a hyperlink attachment, unless in a follow-up to a customer’s in-store appointment. Hyperlinks can be especially dangerous, as they may install harmful software. This malicious software (commonly referred to as malware), can swipe personal information and passwords without your knowledge or consent, or spy on your online activities to get the information needed to log into your online bank account.
Similarly, responding to fraudulent emails – even without initially giving them any personal information – allows scammers to establish a chain of communication with you. Through this chain of communication, they may be able to extract the information they actually need. Don’t be fooled by their introductory email containing some personal details, as these may have been acquired by other means and up until the point when you confirmed them may have been useless.
Besides emails, phone calls and text messages are an easy means for social engineers to target individuals. There is often no way to know how scammers came to possess your phone number; always be conservative with your assumptions of why an unknown number is messaging or phoning you. On this note, unfortunately, some social engineers engage with ‘number spoofing’, where the social engineer has edited the number ID displayed in such a manner that a legitimate phone number is shown (like that of your bank).
Concisely, genuine banks, or other companies for that matter, will not contact you unsolicited and ask for your personal details. One should never state log-in details or security question answers over the phone or in an email. Nor should you ever enter your banking details after clicking on a link that took you directly into a form demanding such information.
If every worried, err on the side of caution. As the cliché goes: rather safe, than