The most common cyber scams and how to protect yourself

21 November 2017

From ordering groceries online to checking emails on our phones, digital technology and the Internet have brought numerous benefits to our lives and made a lot of daily tasks easier. But they have also unwittingly created a new golden age for scammers.

Specialist criminal groups target individuals, small businesses, and large corporate networks to steal personal information in order to profit from the compromised data available to them.

This is why it’s so important to have a strong separate password for every online account – particularly email accounts as these are often the gateway to other personal and financial information. 

It’s also vital to be alert for advances from cyber criminals. Here are the most common cyber scams to watch out for:

1. Phishing scams

The most common cyber threat is phishing, where you receive a bogus email asking for security information or personal details. Alternatively, you may be asked to click on a link or open an attachment.

The reason why cyber criminals love this scam is that it is so cheap, fast and easy to scatter emails at random and there are so many organisations they can pretend to represent, such as banks, credit card issuers, tax officials, online shopping outlets, delivery companies, and email account providers.

It doesn’t matter if only a tiny proportion of recipients fall for the scam because so many people are targeted at once.

What’s worrying for consumers is that often these scams can seem very realistic. These days criminals go as far as to collect information on individuals to make their emails seem more trustworthy to the victim. They might masquerade as services the criminal knows that the victim actually uses, for example, spoof the email addresses and details of trusted contacts to make an email look legitimate or reference personally-relevant information to appear as if the sender somehow knows the victim.

Typically, a phishing scam will pretend to be a routine check to put you off guard. The sender just wants to check that it has your correct details. It will convey an air of authority to appear genuine. There may be an attempt to panic you into acting before you have time to think, for instance your account is about to be closed down unless you confirm your security details.

You should always work on the assumption that any emails asking for personal or security details are scams unless, and until, you can verify their authenticity by some other means.

First, look at the email address of the sender. It’s amazing how many messages supposedly sent from Microsoft security emanate from a Gmail account. If there are multiple recipients of the message, it’s definitely a scam.

But you should still be suspicious even if the sender seems superficially to be genuine, as cyber criminals can spoof email addresses so it looks as though the email comes from a legitimate sender when actually the real sender’s address is hidden.  

If you weren’t expecting an email or you’re suspicious that the email isn’t genuine, do not click on any links or attachments: it is through these that the scammers steal your information. And never reply to any email asking for such details. That just confirms to the scammer that your email address is active and you will be bombarded with more scams.

If you still think the email could be genuine, note down any details, such as a reference number and either ring the company that has supposedly sent the email - find a number on its official website, don’t ring any numbers listed in the email you’ve been sent - or log onto its website. Again, don’t click on any web links in the email - it is much safer to find the legitimate website yourself through an online search engine.   

2. Downloaded malware

Another scam is where cyber criminals will attempt to get control of your computer by downloading malware onto it. This is likely to happen if you click on any link or attachment in any phishing email.

Alternatively, you get a telephone call telling you that your computer is sending out error signals. The caller will claim to work for Microsoft or BT. But following the caller’s instructions inevitably produces fake evidence confirming a non-existent fault on your computer and ultimately leads to you agreeing to hand remote control of your computer to an “expert”. Far from solving the non-existent problem, the computer expert loads malware onto your computer.

This malware will often carry out one or more of the following functions, although this is not an exhaustive list:

1. Webcam manager: where criminals takeover your webcam.

2. File hijacker: where criminals hijack files and hold them to ransom.

3. Keylogging: where criminals record what you type on your keyboard.

4. Screenshot manager: where criminals take screenshots of your computer screen.

5. Ad clicker: where a criminal directs a victim’s computer to click a specific link.

Once malware is downloaded onto your computer you may also receive a demand for payment to remove it. This is typically known as ‘ransomware’ – where the cyber criminals have blocked access to your important files, precious family photos and everything else on your system unless you pay a ransom.

In addition, criminals have been known to threaten to publicise compromising or embarrassing information they may have obtained while accessing a victim’s systems (for example, images from a highjacked webcam). Do not pay, as there is no guarantee that the criminal will put things right. Even if your computer is apparently restored, the criminals are likely target you again because they know you will pay up.

Guard against this happening by ensuring you don’t disable any in-built security settings and by regularly updating your software. Apple, Google, Microsoft and all the other software firms are constantly trying to stay ahead of hackers and scammers and to protect users against new strains of malware by adding patches and amendments to their software’s security systems.

But unless you keep your device and software up-to-date, you won’t get the benefit of the constantly evolving security software and you’ll leave yourself open to cyber criminals. Also ensure any security downloads are installed promptly, put a firewall on your computer, and scan your software for malware once a week.

It’s not just consumers at risk, businesses are targeted too

While individuals can protect themselves from scammers, businesses are also a target too.

The two main dangers are:

1. Hacking, where scammers gain access to information from which they can make money, such as by stealing clients’ passwords and banking details or by using ransomware to block access to systems until payment is made.

2. Denial of service attacks, where scammers block the computers from carrying on the company’s business.

Phishing can also happen in the workplace where cyber criminals purport to be a colleague or boss over email. 

All companies, whatever their size, should have someone in charge of technology with direct access to the managing director. Staff should be given clear instructions not to open dubious emails and to check by calling or speaking to a person directly if they are in any doubt about opening an email or carrying out a task within an email.

They should also be warned to report anything suspicious immediately so that the company can try to remedy any threat as soon as possible.  

Any person who leaves the company for whatever reason, whether they are fired or the parting is amicable, should have their access to the computer system removed immediately.

Report fraud immediately

If you fall for a cyber scam, take action immediately. Unfortunately, too many victims are so ashamed of falling for a scam that they stay quiet.

Immediately change every password on your computer and on any online accounts. Contact the fraud department of your bank or credit card provider to alert them. Report the incident to the Action Fraud via its website ( or by calling 0300 123 2040.

Top tips for avoiding fraud

Follow the tips below to avoid being a victim of fraud, and check out our 10 tips to beef up your cyber security.

  • Be suspicious of uninvited approaches or requests to move money
  • Don’t trust the word of a complete stranger
  • Don’t allow yourself to be panicked
  • Never click on any links or attachments in unexpected emails
  • Never divulge your PINs, passwords or other personal and financial details
  • Don’t assume it can’t happen to you, however clever and computer savvy you may be.

For more information and tips on how to protect yourself online, visit the Moneywise hub in partnership with Cyber Aware - Stay secure online: How to be Cyber Aware - see and visit the National Cyber Crime Unit, which is the part of the National Crime Agency responsible for fighting cyber crime.

In reply to by anonymous_stub (not verified)

Can you please provide a list of emails i should forward and advise of suspicious emails received to?

In reply to by anonymous_stub (not verified)

Hi, thank you for the advice. Who should I alert the emails I am receiving to? A list of the top 10 emails I should be sending the emails to. I have just received a ransome email abd need to act immediately.These oxygen thieves need stopping in thier tracks!KEEP UP THE GOOD WORK

In reply to by anonymous_stub (not verified)

I usually forward any suspicious emails to whoever the email is supposed to have come from. All the main companies have a fraud department and an email address to which dodgy emails can be sent e.g. spoof Quite often I get an email back confirming that the email was not genuine and thanking me for forwarding it.

In reply to by David Hotson (not verified)

Hi David,

You can forward suspicious emails onto crime reporting agency Action Fraud - the email address and more information on this can be found on the Action Fraud website here:

Best wishes,
Moneywise Helen

Add new comment