Lesson 5: Staying safe and legal online

Introduction

Welcome to Lesson 5 of Everyday computer skills: a beginner’s guide to computers, tablets, mobile phones and accessibility. In this lesson we will be looking at cyber security – how to stay safe and legal online. We have already looked at staying safe in Lessons 3  and 4, so this lesson will build on what you have already learned.

Key words and concepts are in bold. There is a course glossary you can refer to if any of these are unfamiliar to you.

This lesson is in four sections:

• Protecting your computer from viruses.

• Cyber security and recognising scams.

• Fake websites and identity theft.

• Data protection.

Learning outcomes

When you have completed this lesson, you will be able to:

• Protect your computer from viruses.

• Stay secure online and recognise scams.

• Beware of fake websites and identity theft.

• Identify key data protection issues.

5.1 Protecting your computer from viruses

Show description|Hide description

A padlock surrounded by blue rings and markings representing cyber security.

As you discovered in Lessons 3  and 4, there are risks involved in engaging with the world wide web, including computer viruses. There are a few simple steps you can take to protect your computer and the personal information that’s stored on it. In this section, we will look at antivirus software and firewalls.

What is a computer virus?

A computer virus is software that enters your computer system without your knowledge or permission, and ‘infects’ your computer programs with malicious codes.

For example, a virus might attach itself to a program such as Microsoft Word. Each time the Word program runs, the virus runs too. A virus can reproduce by attaching itself to other computer programs, files or a hard drive, and can cause havoc.

Here are some different types of computer infections:

• Adware is software that causes pop-ups and banner adverts in order to generate revenue. It may not do any damage to your device, but it might be able to access your personal information.

• Malware is short for ‘malicious software’ and means any program or file that is harmful to your computer. It includes viruses, worms, Trojan horses and spyware.

• Ransomware is a type of malware that threatens to publish the victim’s data or block access unless a ransom is paid.

• Spyware is software that helps to gather information about a person or organisation without their knowledge.

• A Trojan horse is malicious code disguised as, or contained within, software that looks legitimate. It can install hidden software to gain access to the users’ systems, usually to steal data or cause data loss.

• A worm is a malicious piece of software that replicates itself in order to spread to other computers.

Here are some tips (adapted from Dell Technologies, 2020) to help you protect your computer from viruses and other malware:

Never download and install software unless you are certain it is from a trusted source.

Install antivirus software that can detect, block and eliminate all types of computer viruses.

Keep your antivirus software up to date, as well as running regular scans.

Do not open email attachments unless you have scanned them first. Even a picture can carry a virus.

Install an anti-malware program to prevent software from being installed on your device without your knowledge.

Install anti-spyware software to prevent software tracking your activities or scanning your computer for personal information.

Don’t trust modified software (cracked or hacked software), as it often contains malware.

Choosing antivirus software

Antivirus software looks for and removes viruses before they can infect your computer. Have a look at PC Magazine’s guide to the Best Free Antivirus Protection for 2020.

Your internet service provider (ISP) might offer security software as part of your internet deal. There are also popular free security software programs available to download online, such as AVG or Avast. Windows Defender is also free and already built into recent Windows devices. MoneySavingExpert.com has a guide to the best free antivirus software for PCs and Macs.

If you decide to pay for your antivirus software, you may find that it offers more protection than the different pieces of free software listed above. Before you decide, check out the various options online, look at review websites or ask your local computer store for guidance.

Firewalls

Show description|Hide description

A laptop, tablet and iPhone with screens displaying ‘Firewall update’ signs and icons.

Running a firewall on your computer can help to protect you from unauthorised users and control the spread of malware when you’re online. Windows Firewall is included in Windows computers; and Apple products (such as iPads and Apple Macs) have built-in firewall software to safeguard your device. You can also buy physical firewalls which plug in to your router.

This is a really important thing to do if you have smart technology like smart heating, smart appliances, or smart cameras (e.g., doorbells or baby/pet monitors).

Updates

Show description|Hide description

An internet security image of a hook through the username and password bars displayed on a screen.

Your computer will be better protected from viruses if you keep your operating system updated, because these updates often include security responses to new kinds of threats. Whether your operating system is Windows or Mac, you will receive notifications when new updates are available. You can also update your system manually.

If you’re worried that your computer is not working properly or think that it may have a virus, run a scan with your antivirus software. If that still doesn’t work, contact a computer store helpline.

Email phishing

This section extends what we have already learnt about email phishing in Lesson 3. Most emails sent every day are unsolicited junk mail, such as:

advertising, for example online pharmacies, pornography, dating or gambling

get rich quick and work from home schemes

hoax virus warnings

hoax charity appeals

chain emails, pretending to bring good luck if forwarded to multiple contacts.

How do spammers obtain your email address?

Show description|Hide description

A hooded, masked man holding a fishing rod is displayed on a laptop screen to the left. His rod extends out of the screen to hook a ‘Personal Data’ folder displayed on a second laptop to the right.

Spammers may use automated software to generate email addresses. They can also hack into legitimate websites to gather users’ details. Sometimes, they copy addresses from regular emails that have been copied or forwarded to lots of people without using ‘bcc’.

They may also buy lists of emails from other spammers or scammers. These may be obtained through spam emails or scams encouraging people to enter their details on fraudulent websites, as we saw in Lesson 3.

Even if we take care to ensure we only enter our email address into legitimate websites, we can't guarantee that the website stores our data safely, or even that it hasn't been hacked. This means that there's no way we can stop scammers getting our email addresses (even if we can limit the risks by being careful). Because we can't guarantee our details will be safe, we need to make sure we stay alert to phishing scams.

How to spot spam

Spam emails may feature some of the following warning signs:

You don’t know the sender.

The email includes misspellings designed to fool spam filters, such as ‘p0rn’ spelt with a zero.

The email makes an offer that seems too good to be true.

The subject line and contents of the email do not match.

The email makes a pressing offer with an urgent end date. For example: ‘Buy today and get 50% off.’

The email asks you to forward an email to multiple people and may offer you money for doing so.

The email comes with a virus warning.

The email includes attachments such as an EXE file. EXE files are executable files that run programs. Although not all attachments contain viruses, if the email comes with a virus, it will appear in an attached file. Before you open any file attachments, make sure the file is coming from a trusted source. If in doubt, scan it with up to date antivirus software.

Be wary about clicking on an email attachment as it could release a virus that scans your computer for personal information and sends out spam email to people in your address book.

You may even get a phone call from someone claiming to be from a well-known software company like Microsoft. The person calling will tell you that there’s a problem with your computer and that they need to get access to it. This is intended to include access to your personal details. Legitimate IT companies never contact customers in this way. If you receive a scam call, hang up immediately.

Spam or junk email may contain viruses and spyware and can be a vehicle for online fraud, such as phishing. Unwanted email may contain offensive images and clutters the inbox. Never reply to a spam email as this would confirm to the spammers that your email address is active.

5.2 Cyber security and recognising scams

Show description|Hide description

A ‘Cyber security’ word cloud. Larger terms include ‘servers’, ‘backdoor’ ‘information technology’ and ‘access’.

Health scams

Show description|Hide description

A nutrition expert testing food products in a lab. His finger is placed vertically over his lips in a ‘Shhh’ gesture.

There are plenty of websites out there that will take advantage of consumers looking for a quick fix for minor to serious health issues. Health and medical product scams offer you products at much lower prices than high street pharmacies. You may or may not receive the product after you’ve paid for it or you might receive a product that is poor quality and possibly even harmful to your health. Some websites will make false claims that certain products, medicines and treatments can bring about a ‘miracle’ health cure.

All pharmacies in the UK, including those providing internet services, must be registered with the General Pharmaceutical Council and meet their standards for registered pharmacies.

The General Pharmaceutical Council maintains an extensive pharmacy register. If you click on the Registered Pharmacy logo on a website, it will take you to a web page where you can verify if the website is legal. If it’s not, you can report the suspected scam.

Show description|Hide description

The Registered Pharmacy logo. It features a green addition symbol.

There is also an EU-wide scheme. The EU logo looks like this:

Show description|Hide description

The EU registered pharmacy logo. It features a white addition symbol on a layered green background.

Romance scams

Show description|Hide description

A fish hooked on a rod held by a cat above the screen of a mobile phone.

Online dating can be safe but it’s wise to be careful, because people have been exploited through online relationships. We will explore two types of friendship or dating scams: catfishing and revenge porn.

5.3 Fake websites and identity theft

Show description|Hide description

A fingerprint

Scammers and online fraudsters can create fake, fraudulent or scam websites that look official. They are good at creating convincing websites that may look like a government department, your internet provider or your bank’s website. Fake websites will look very similar to the genuine bank website, and only a few tiny details may be different.

Scam websites are created to mislead you into providing personal or financial information. For example, a fake bank website may ask you to update your account or security information.

You might also come across websites that are set up to look like a service offered by one of the government websites. For example, there are websites that offer to help you apply for a passport renewal or a new driving licence. Although they are not necessarily illegal, these websites charge a fee to use them. You can avoid paying by going directly to the official government department. Your first stop should be GOV.UK, the government’s official website. See Lesson 4 for more information about online public services.

In its online guide, Which? lists eight steps to test whether a website is legitimate or not. You covered most of them in Lesson 4, aside from ‘Can you trust a trust mark?’. Trust mark labels or logos are not always a good way of judging whether a website is trustworthy. A website that carries the logo of a reputable organisation still may not be genuine. If you’re in doubt, contact the trust mark company to check.

Identity theft

One of the main reasons for setting up a fraudulent website is to steal identity details.

Show description|Hide description

A padlock with the words ‘Identify theft’ beside it.

Identity theft is a type of fraud where an attacker uses stolen personal information to impersonate another person. In the past, this type of fraud involved intercepting postal deliveries containing personal information: names, addresses, bank account details and so on. It would then be possible for the fraudster to open credit card accounts and apply for loans in your name. It goes without saying that identity theft can ruin a person’s finances.

The online world has opened up new sources of information for fraudsters. Even security-conscious people can fall victim to malware designed to detect your personal information. We have seen in Lesson 3  how phishing attacks can persuade users to divulge personal information. In Lesson 4, we learned how hackers can steal millions of personal records by attacking online retailers.

How to spot identity theft

Show description|Hide description

A fingerprint with the words ‘Identify theft’ beside it.

Online identity theft may pass unnoticed for some time, allowing great damage to be done to your finances. Some useful signs to watch out for include:

unexplained bank withdrawals or credit card charges

bills and other expected official letters don’t arrive

cards or cheques are declined

fraudsters making contact about debts you know nothing about

receiving notice that your information was compromised by a data breach at a company where you do business or have an account

your bank or credit card provider making contact about suspicious behaviour on your bank account.

Activity 5.3: Are you safe online?

Timing: Allow about 5 minutes

Now that you have gained some insights into identity theft, what can you do to protect yourself from it?

This animation from OpenLearn gives some useful tips on how to keep your information safe online.

Download this video clip.Video player: lesson6_act6_3_ministry_of_sharing.mp4

Show transcript|Hide transcript

Transcript

The information superhighway: a bustling place, bumper-to-bumper with cat videos and baby photos and statue lols.

Every day, millions of people – young and old – use it to connect and share with each other.

But watch out! Sometimes sharing can be hazardous.

Say hello to Tony. He loves to snap a cheeky selfie with his intelligent telephone.

Gosh. This one must be for his lady friend.

Careful now... Oh, Tony! It looks like the whole world just got to see your gearstick!

Estimates show that some 11,000 teenagers die of embarrassment every week.

And it’s not just the nation’s youths at risk:

Miss Jenkins loves her new, electronomical jogging tracker.

But wait! The privacy settings! That route is being broadcast publicly!

Oh no, Miss Jenkins! Your beautiful ornaments!

Yes, careless sharing is a very real danger. It may already have affected someone you know.

And who can say how far its consequences may yet reach?

Don’t have a bad share day. Take our free online test and find out if you’re a safe sharer.

This message was brought to you by the Ministry of Sharing. All Instagram and Facebook activity is undertaken at your own risk. Please do not retweet.

End transcript

Download

 

Interactive feature not available in single page view (see it in standard view).

There is a short quiz for you to take at the end. How well did you do?

5.4 Data protection

Show description|Hide description

A padlock inside a circle with the words ‘General Data Protection Regulation’ on its perimeter.

Data protection is about the fair and proper use of private information. It relates to a person’s essential right to privacy. On another level, it is also about building trust between people and organisations.

Data protection regulations are meant to ensure that you are treated fairly and openly. For example, your right to have control over your own identity and your interactions with others – so long as these do not have an adverse impact on the wider interests of society.

Technological innovation makes data protection increasingly important. Data protection laws and regulations are meant to establish public trust in how personal data is used and stored by both the private and public sectors.

In the UK, data protection is set out in the General Data Protection Regulation (GDPR) and the Data Protection Act (DPA) 2018.

General Data Protection Regulation (GDPR)

Show description|Hide description

A map of the European Union on the right with a large, blue padlock containing a circle of yellow stars on the left. The background is rows of the numbers 1 and 0.

The General Data Protection Regulation (GDPR) came into effect in the UK on 25 May 2018. The regulation sets out guidelines for collecting and processing personal information from people who live in the European Union (EU). The reach of the GDPR applies beyond the EU and will still apply during Brexit negotiations. In this section we will look at some of the contents of the GDPR.

Principles relating to processing data

These principles shape how personal data should be processed and are meant to lie at the heart of organisations that provide services to EU citizens. The principles are:

• Fairness and transparency.

• Limiting how much data is required for the intended purpose.

• Minimising data.

• Accuracy.

• Limits of storage.

• Integrity and confidentiality.

• Accountability.

The GDPR addresses what organisations must and must not do with your data. For example, you have the right to be informed about how your data is collected and used. You also have a right to know an organisation’s purpose for processing your personal data, how long they retain it and who they will share it with. Ultimately, you have a right to concise, transparent, intelligible and easily accessible information that uses clear and plain language.

Your rights

The GDPR includes eight individual rights:

• The right to be informed.

• The right of access.

• The right to rectification.

• The right to erasure.

• The right to restrict processing.

• The right to data portability.

• The right to object.

• Rights in relation to automated decision-making and profiling.

In certain circumstances, you have a right to have your personal data erased – this is also called ‘the right to be forgotten’. You can make a request for erasure verbally or in writing, and the relevant organisation has one month to respond to this kind of request.

Lesson 5: Summary

This lesson has gone into more detail about the steps you can take to stay safe online and protect your personal information, building on what you covered in Lessons 3  and 4. In this lesson, you looked at some of the precautions you can take to minimise risks, such as running an antivirus program, keeping it up to date and not responding to phishing emails.

Computer viruses and malware are rogue programs that can spread from one computer to the next. They can steal personal information and do damage to your computer. Installing trusted antivirus software on your computer is important to protect you from online risks like viruses and malware, but you should still be aware of what you click, download and open.

You also looked at how cyber criminals can take advantage of people looking for health products or relationships online. Another serious risk is identity theft, a type of fraud that uses stolen personal information to impersonate another person. You also looked at some of the ways you can spot online scams like these and what you can do to protect yourself.

Finally, you looked at some of the principles of the GDPR. These regulations are intended to protect how your personal information is used and stored by companies and organisations and gives you certain rights.

Resources

• Action Fraud: report cyber crime to the police.

• Dell Technologies: ‘What are the different types of viruses, spyware and malware that can infect my computer?’.

• DigitalLearn.org: ‘Internet privacy: searching and visiting sites’ (online course).

• GOV.UK: ‘The Data Protection Act 2018’.

• Information Commissioners Office: ‘Guide to the General Data Protection Regulation (GDPR)’.

• OpenLearn: Introduction to cyber security: stay safe online (online course).

• Police Scotland: ‘Romance fraud’.

• PCMag UK: ‘The best antivirus protection for 2020’.

• WebMed Pharmacy: ‘Are you buying fake medicines online?’

• Which?: ‘How to spot a fake, fraudulent or scam website’.

Useful videos

You can add captions to YouTube videos by clicking on the subtitles/closed captions icon. Please note that some of these YouTube videos may have adverts.

• ‘GDPR explained: how the new data protection act could change your life’ (Channel 4 News).

Below is a subtitled recording of an online session delivered by Lead Scotland in June 2020. It is aimed at carers and others supporting disabled people to access the internet and stay safe online.

Download this video clip.Video player: lesson6_resources_video.mp4

Show transcript|Hide transcript

Transcript

MICHAEL

Hello everyone, and welcome to today’s talk on supporting others to be safe online. My name is Michael and today I’ll be covering three important areas of how to stay safe online. And that’s password security and then dealing with fake emails and fake websites. And there’ll be a focus on how we can stay secure as well as how we can help others stay secure, especially as the usual security advice can create barriers for those with low IT skills and also for disabled people.

Passwords. Passwords are everywhere. You need them for accessing your email, your banking, your Amazon account, your social media, amongst many other things. They keep potentially sensitive data safe, for example, I might have sent a copy of my National Insurance number via email to my employer. And passwords are also important because they confirm that you are you online.

If a fraudster had the password of any of my shopping accounts, they could buy things using my card. If they had access to my email password, they could send emails to whoever they wanted. If they had access to my banking password, they could drain my funds, apply for a loan in my name, and drain that too.

So, at a basic level, passwords are important because they allow you to access services, access records of how you’ve interacted with services and verify your identity online.

So how can we keep ourselves safe online? There are two aspects of password security that work together here. And those are strong passwords and unique passwords.

Now strong passwords are passwords that are difficult to guess. And although it’s tempting to think that hackers are sat there trying to get your password one attempt after the other, it’s sadly much more advanced than this. Hackers can use software to try passwords at a rate which a person can’t match. Using a standard desktop, hacking software can easily surpass 2.8 billion guesses per second.

So how can we keep ourselves one step ahead of hackers? We need to consider the following things when we create a password. And those are upper case letters, lower case letters, numbers, special characters, length. So, your password should be at least nine characters long, but the longer it is, the safer it will be.

Now the reason for this is using that hacking software that I was talking about, if you have eight characters, it would take a hacker just over nine hours to crack. But if you have nine characters, so one extra character, it would take about four weeks. If you add a further character to make it 10 characters, it will take six years. So that illustrates why we need to have a long password and as long as you can feasibly manage.

And the final thing to consider is un-obviousness. So, don’t use things that are easily guessed, like special dates, names, or places, so, for example, Michael1! is a really weak password, despite the fact that it complies with the above rules, because it could quite easily be guessed.

Now, strong passwords are only half the battle. To keep yourself safe, you must also use unique passwords. A unique password is a password that’s only used once and therefore not used across multiple accounts. Using unique passwords means that if an account is compromised, hackers won’t be able to access your other accounts.

The average internet user has over 200 online accounts. And this shows the importance of having unique passwords - using the same password for everything could give a hacker unfettered access to your life.

So, now that we know what goes into a password, how do we actually make them?

One way which we can do that is we can use a password generator. Now password generators are pieces of software which can create strong, unique passwords instantly. So, for example, here’s one with 12 characters, and it’s capital K, capital T, 8, capital G, lower case x, capital Y, lower case q, lower case c, equals, 2, @, capital F. And for 16 characters, 8, lower case u, capital T, dollar sign, lower case j, lower case e, open brackets, 1, &, lower case w, capital T, lower case a, the power sign, capital T, capital Y, capital X.

People with learning impairments, dyslexia and low literacy skills might all find a generated password really quite difficult to read and also to rewrite. So, how can we balance the need for strong, unique passwords with the barriers that they can actually create? I think the solution to this is to use a barrier-- a solution to this barrier, sorry, is to use a memorable short phrase or collection of words as a password.

So, for example, KeithElginForres, 1, 5, percentage sign, or The Jungle Book, 88, asterisk. These passwords have the benefit of being strong and the format can easily be adapted to make them personally meaningful. For example, the first example there are the first three stations heading north from Huntly, but you could use three memorable points for any journey and that can be tailored to any individual. To ensure that this meets all the requirements of creating a strong password, I would add a number and a special character to the end. Now this pattern of three words, number, special character might be slightly more easily guessed than a generated password, but it does strike the balance between security and accessibility.

But, however you choose to create your passwords, we still have an issue. How do we remember all of these passwords?

A secure way of keeping passwords safe is to use a password safe. Now password safes are software that allow you to add account details, such as usernames and passwords. They’re password protected, so this will keep your password safe in the event of a hacker gaining access to your computer. And another way of keeping passwords safe is to write them down on paper and keep this in a safe place. It’s better to risk accounts being compromised like this than to use a weak, non-unique password for everything that you do online.

However, if we can use a password safe, I really would recommend it. And the benefit of password safes is you only need to remember the one password to access the database that you create. This password will, of course, need to be strong and unique. But it does mean that users could generate a password using a password generator, copy and paste it into your password safe and then copy and paste it from there to the login box when you next need it. This helps overcome barriers with learning impairments and low literacy skills because you don’t need to be able to read or rewrite the password if you can just copy and paste it.

So, to recap, you need to create a strong, unique password for each online account that you have. Use a password generator or create your own with three words, a number, and a special character and keep them in a safe place.

The next part of the talk’s going to be looking at fake emails. And there are really two types of fake email scam that we’re going to be concerned with. The first are malware scams. These entice you to click a link or download an attachment and this can infect your computer with malware.

The other is phishing. Phishing involves a scammer sending emails to you to try and trick you into revealing details. Closely related to phishing emails are 419 scams where a scammer promises you a substantial return for minimal effort.

So, malware scams. Malware emails, as I said, often try to trick you into opening links and downloading documents. Accordingly, malware emails often look innocuous - but usually purport to come from legitimate companies or organisations, such as banks, local authorities, utility providers, credit card providers, big names, such as Amazon, and so on.

And malware scams can also come from people saved in our contacts list if they have been a victim of a malware themselves. For example, if my brother had been a victim of malware email, his email may then send me a scam email to try and infect my computer too. So, it’s just worth remembering it’s not only the big names that can do it. It could be from anyone or anything.

And phishing and 419 scams. So phishing emails try and seduce us with an offer that’s too good to be true or worry us into giving details or making payments. Phishing emails might claim to be from your bank warning you about suspected fraud and asking you to move money into a secure holding account. Or an energy provider explaining there’s been an error with your bill and either you’re due a rebate or else you owe them money.

And 419 scams are a type of phishing scam. They usually work where you’re contacted by someone who claims to be the agent of someone fabulously wealthy with a proposition for you. They’ve got 30 million pounds in a bank account, but they don’t have access to it. If they could put it into your bank account and then take it out a few days later, they’ll let you keep 3 million pounds or something like.

So, we’re going to have a look at how we can recognise scam emails now. The first thing to consider is: is the sender’s email address right? Reputable companies usually register a domain. A domain is the part of the email address after the ‘@’. For example, the domain for my work email is @lead.org.uk.

If you have an email which you’re not sure about, first hover your mouse over the sender’s email address and make a note of the sender’s domain. Now, search for the actual company’s email address. Do they match? If not, then the email is likely to be spam.

In the example on the screen, the domain is ‘@service.outlook.com’, which is a spoof of the Microsoft Outlook’s legitimate domain ‘@outlook.com’. The email here is asking you to follow a link to change your password. And this is a scam in which they gain sensitive information about you because you type in your old password and presumably your new password and then the scammer’s got your passwords.

The next thing to consider is: do they know who you are? Is the email addressed to you? So that would be James McDonald, Mrs. Miller, et cetera or does it have a generic opening, like customer, Sir, or Madam? And does this match with what the sender has previously called you?

In this example, the greeting ‘customer’ is used and the recipient is then asked to download a file and update their login details as their account’s been restricted. This scam might both download malware to your computer and also pass sensitive information, such as your new password, on.

The third thing to consider are spelling and grammar mistakes. If you’ve received an email that’s full of spelling mistakes, it could be a scam. Companies put a lot of effort into appearing professional. If you’re unsure about the spelling or grammar, try reading it aloud. Grammatical errors are easily noticed when reading aloud and it’s therefore quite a good way of catching some scam emails.

The reason for this is that many scams originate in countries where either British English isn’t spoken as the first language or English isn’t spoken at all. If British English isn’t spoken as the first language, the sentences might sound a bit peculiar. So, in the example in the presentation here, the sentence ‘truth you are doing well’ is quite odd. If English isn’t spoken at all, then the scam will usually put it through translation software, like Google Translate, to reach an English-speaking market. Google Translate is good, but it’s not flawless.

A fourth thing to consider are links in the email. Before you click on any links, hover your mouse over it. This will bring up the destination URL. Does this look right to you? If it looks strange, perhaps it’s very long, or the domain looks wrong, it could well be spam.

The example on the screen is an ad for a Visa credit card. You are guaranteed to be accepted, it says, even if you have poor credit. However, the URL, with the arrow pointed towards it, doesn’t resemble anything to do with Visa. It’s very long and Visa is not mentioned in it at all. So that’s quite likely to be a scam as well.

Another thing to consider is: is the email life changing? As the saying goes, if it seems too good to be true, it probably is. Many phishing 419 scams promise you a vast sum for minimal effort - you can have 3 million pounds for letting someone put money in your bank account for a few days, or for the payment of a modest fee, you can access your winnings in a lottery you don’t remember playing.

In the example on the screen at the moment is an email which claims to come from the United Nations and they say that they’ve got 4.8 million dollars to put into your bank account. These sorts of things don’t happen in real life.

And a final thing to consider is whether or not you’ve been contacted at all. Some organisations, such as HMRC, will never contact you via your email about fines, charges or bills. This example claims that you’ve got a tax refund of 243 pounds and 18 pence and requests you follow the link to get your refund. Again, this may involve malware being downloaded, sensitive information being passed to scammers, such as your National Insurance number, bank details, and those sorts of things. Or it could be both.

Now, those six things that we’ve covered, any of them by themselves should be enough to make you wary and if two or more are present, I would suggest just deleting the email. But deleting emails can be difficult if you’ve got anxiety and finding spelling issues or peculiarities in domains can be difficult if you have learning impairments, dyslexia, or low levels of literacy.

So, how can we look at making the standard email security more accessible? I’d suggest if there’s an email which seems like it might be a little bit suspicious, the best thing to do is just to contact the organisation or person it claims to be from. However, don’t use any contact details that are present in the email.

Search for the contact page for their website and then phone or email them using these details. This means that if the email is fake, you won’t simply be contacting a scammer. The organisation can then tell you if the email is fake, and if it’s not, they’ll be glad to know that their correspondence is causing concern. You should never open links or download attachments until you’ve done this.

So, how can we avoid scam emails then? Well, the first thing that we can do is make sure our spam filters are turned on. Whilst they’re not perfect, using spam filters to help catch fake emails is a very good way of getting rid of the majority of them. For example, today my spam filters have intercepted 17 spam emails.

And the second thing that we can do is to make sure we keep our email addresses safe. This means not putting them online. So, for example, in the personal information sections on social media, by making sure we tick ‘do not share my data’ boxes when filling in forms online.

And the final part of today’s talk is going to be looking at fake and fraudulent websites. Now fraudulent websites are the website equivalent of phishing emails. They might try and trick you into entering sensitive information, particularly card details. Fake websites are the website equivalent of malware emails. They might try and trick you into installing software that seems legitimate but is in fact some malware.

So, the first thing to consider with any website is: is it secure? When you are loading a website up, look in the URL bar and see if the address starts with ‘https’ or ‘http’. The ‘s’ stands for secure and indicates that the website uses encryption when transferring data. This encryption protects your data from hackers.

However, whilst ‘https’ doesn’t guarantee security, it is a good start. So just because it’s got ‘https’ in there, it doesn’t mean that it is definitely right, but it is a good start. If it doesn’t have ‘https’, if it’s just ‘http’, then you should be concerned.

If you use Chrome, it will have a black padlock for ‘https’ up in the bar and a red warning triangle for ‘http’ instead of showing it.

The next thing to consider: does the domain look right? So many fraudulent websites try and mimic the domain of legitimate companies. For example, tesc0.co.uk and that’s Tesco spelt with a zero instead of an ‘o’. Although these can be obvious if you’re looking, if you’re not paying attention then it can easily be missed.

Something which makes these sorts of things more tricky is that scammers can use both spoofing and code to make fake domains appear legitimate. Now this can be in on screen links as well as in the URL bar itself. Don’t click on links without first making sure that the domain looks correct by hovering your mouse over the link. If you use Chrome, the URL will then appear in the bottom left-hand corner.

If you use a site-- if you’re on a site, sorry, which appears to have a legitimate domain, but you’re not sure, then select the URL and copy and paste it into another tab. This will reveal the actual URL if you use Chrome.

Third thing to consider: how complete is this website? Legitimate websites often have extra features on their site like an ‘about us’ section, privacy policies and shipping and returns information if it’s a shopping website. Check these pages to make sure that they’re fully populated.

The example on the screen is from legitimate shopping website Free People. As you can see, there’s a plethora of different pages, which should give you confidence that the website itself is legitimate. However, if these didn’t exist, then it should raise alarm bells. And most importantly, check the ‘contact us’ page. There’s several ways of contacting the company?

Next thing, how secure are payments? You should never buy anything online using non-refundable payment methods like BACS. Make sure you use payment systems like card payments or PayPal, as these both allow chargebacks. However, chargebacks aren’t legally required - they’re part of a voluntary set of rules that banks sign up to and if scammers have withdrawn money and closed accounts, your chargeback won’t be successful. And therefore, you are better off just leaving a suspicious website rather than risking losing your money.

The fifth thing we’re going to look at, again: is it too good to be true? If you’re being offered a new iPhone for 100 pounds, or something like that, then you should be suspicious. You can get deals online which far exceed what you can get on the high street, but as we said earlier, if it seems too good to be true, it almost certainly is.

The advice that we’ve just talked about has similar accessibility issues as fake emails do. Checking the domain can be difficult for people with learning impairments, dyslexia and low literacy levels. However, the best advice is to talk to someone you trust about your concerns. If once you’ve done that, you’re not sure or they’re not sure, just don’t proceed.

Fraudsters can cause irreparable damage and that’s never going to be worth an iPhone for 100 pounds. Fake websites can be managed by simply closing the program, restarting your computer and running your antivirus software. Remember, you lose nothing by walking away.

How can we avoid fake and fraudulent websites? Well, there are a couple of practical steps which you can take to avoid entering them to begin with. And the first I would say is to make sure you’ve got antivirus software. Now antivirus software is a bit like a spam filter. It flags up suspicious websites before you can access them. And as a good rule, if your antivirus software is flagged up, don’t continue.

And the second thing to do is to make sure that you update your programs. Do this by turning your computer off when you’ve finished with it for the day rather than leaving it on standby.

Now the reason for this is when software is newly released, it’s often not completely finished and there are lots of bugs and flaws in it and as time goes on, those get discovered. But if you’ve just downloaded something, it could be quite out of date within a couple of weeks with new security updates and stuff, so do make sure that everything is updated.

Okay. So, we’ve looked at how we can make password, email and website security more accessible. Passwords can be made more accessible by removing the cognitive load of having to remember dozens of passwords by using a password safe, which only needs the one password. Email scams and website scams can be avoided by double checking that everything looks right. And if there’s still uncertainty, you lose nothing by asking either the person the email claims to be from or someone you trust for advice, and if you’re still not sure, you lose nothing by just walking away.

Thank you very much for coming along to today’s talk on supporting others to be safe online and I hope you have a wonderful day. Take care.

End transcript

Download

 

You should now try the quiz for this lesson. This quiz covers your learning across the whole course: if you pass it, this counts towards your digital badge.

Acknowledgements

Except for third party materials and otherwise stated (see terms and conditions), this content is made available under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 Licence.

The material acknowledged below is Proprietary and used under licence (not subject to Creative Commons Licence). Grateful acknowledgement is made to the following sources for permission to reproduce material in this free course:

Every effort has been made to contact copyright owners. If any have been inadvertently overlooked, the publishers will be pleased to make the necessary arrangements at the first opportunity.

Images

5.1 GDPR padlock circle: Image by Pete Linforth from Pixabay

5.1 Tip icon: Image by OpenClipart-Vectors from Pixabay

5.1 Laptop firewall update: one photo / Shutterstock

5.1: Internet security: Oksana Stepanenko / 123RF

5.1: No spam: Suthee Navakul / 123RF

5.1 Cartoon scammer: MicrovOne / iStock / Getty Images Plus

5.1 Warning symbol triangle: Image by Clker-Free-Vector-Images from Pixabay

5.2 Cyber security word cloud: Image by Darwin Laganzon from Pixabay

5.2 Blue/Green Triangle: TechTarget

5.2 Nutrition expert: Elnur Amikishiyev / 123RF

5.2 Do not icon: Image by janjf93 from Pixabay

5.2 Registered pharmacy: General Pharmaceutical Council

5.2 EU registered pharmacy: General Pharmaceutical Council

5.2 Catfishing: iridi / iStock / Getty Images Plus

5.3 Fingerprint: Image by ar130405 from Pixabay

5.3 Identity theft padlock: alexmillos / 123RF

5.3 Identity theft fingerprint: razihusin / iStock / Getty Images Plus

5.3 Warning symbol triangle: Image by Clker-Free-Vector-Images from Pixabay

5.4 GDPR padlock circle: Image by Pete Linforth from Pixabay

5.4 Padlock European Union: Image by Tumisu from Pixabay

Videos

Activity 5.3 Are you safe online?: The Open University

Useful videos: Supporting others to be safe online: Lead Scotland