18. Recognising online threats and malicious activities

Open badge information

SSSC 23 Things TEC: Thing 18 ‘Recognising online threats’

This counts towards the ‘Support and protection’ badge.

Introduction

This section covers online threats that could affect you, your family and friends, and the people that you support in your role. Although you might be concerned that doing things online might be too risky, please remember that most online interactions are safe and can provide real benefits to people. The information in this section is designed to help you avoid online harm.

As most people spend more and more time online, this also provides more opportunities for criminals to information and even money from them. This is often called ‘Cyber-crime’, and included things you may have heard of, like ‘hacking’ and ‘ransomware’.

Woman looking at computer screen and appearing shocked.

While we may not be able to prevent all cyber-crime, as workers, volunteers, or carers, we all have a role to play in reducing this as much as possible. You do not need to have technical expertise to help prevent it from happening, just taking a few simple steps can make it much more difficult for someone to access your information and money.

Remember that cyber criminals often use sophisticated techniques to try to make you behave in ways that are more likely to give them access, and even experienced and vigilant IT people can still be caught out, so don’t be too hard on yourself if you become a victim of cyber-crime. Hopefully, by following the advice below, you may be able to avoid this, and as importantly, help the people you support to avoid it too.

Don’t panic

One of the most common ways that cyber-criminals try to get you to part with information like PIN numbers and personal information is to create a sense of panic. This is to make you react quickly without thinking, which can make you do things that you would not do if you had time to think about it. For example, if someone called you unexpectedly and asked for the PIN number of your bank account, it is likely that you would refuse because you have time to make a rational judgement.

However, what if they tried to panic you by saying that they are from your bank and someone has already accessed your account, is removing money and they need your PIN number to create a ‘safe’ account to transfer your money? The chances are all that you have heard is ‘someone is taking your money’ and your immediate response is likely to be that you need to stop this now.

By taking a few moments to stop and think, you can reduce the feeling of panic which will enable you to think more rationally. Would your bank really ask you to tell them your PIN, whether by phone or in person?

This technique of creating a sense of panic or urgency does not just apply to money leaving bank accounts. Scammers may also try to tell that an offer that is almost too good to be true is only available for a short period so you must act now. While this technique can also be used by legitimate salespeople, you should pause and think before responding.

Always check that a phone call or email is legitimate

Always be wary about any email, phone call or social media post/message that you are not expecting, even if it is from someone you know. Online criminals will often use emails or telephone numbers that look very similar to legitimate ones. Always look carefully at the email address or the social media tag line to see if there are any spelling mistakes or additional characters. Scammers will often make subtle changes to their fake names so that  someone glancing at the address or tag may think it is the real thing. NEVER click on a link in an email or social media message unless you are sure that it is legitimate.

If you receive an unexpected phone call, close it and phone the organisation that called you using a contact number that you have like on their website or the back of your bank card. Always check that you hear the dialling tone before making the call because scammers can sometimes stay on the line and pretend to be your bank. If it is feasible, it is best to call from another phone so they can’t do this. 

If you are asked for any personal information, always ask yourself why are they asking for this? If you have an existing relationship with them, like an account, they should already have access to a lot of information that they need. A common trick used by scammers is to ask you to ‘confirm’ information. You give them this information which they did not already have. NEVER confirm passwords or PIN numbers in a phone call.

Learning activity one

While you are supporting a person who uses your service, they receive a telephone call from someone saying it is their bank fraud team. The person is told that their bank account has been hacked and someone is transferring all their money. What advice would you give them and why?