- The purpose of scams and malware is to trick people into handing over personal data, money or property or to steal it without their knowledge. With internet use rising year on year, online fraud and identity theft are forms of cybercrime that continue to grow. They can take a variety of forms and can also be very sophisticated, making them hard to spot.
- Online scams are designed to trick people into giving over personal data or money. A person believes that they will receive a product/service in return but end up receiving nothing or counterfeit goods. Online scams can take the form of selling fake products and services, false financial opportunities (where the only person to make any money will be the criminal) or offering giveaways or free things. In all cases, a criminal is after money or personal data that can either be sold for money, used to access online accounts that can be exploited for financial gain (such as bank accounts, shopping accounts, etc.) or used to sign up for services in someone else’s name (such as applying for loans or credit).
- Phishing is a common strategy used by criminals online to trick people into giving away important personal data such as usernames or passwords. They typically take the form of messages (often emails) that appear to be from a trustworthy source (such as a bank, social network, or even a friend/coworker) asking a person to follow a link. The message will often be persuasive or urgent (such as suggesting an account will be suspended if action is not taken) and request the link be followed in order to confirm important personal data such as a password or other login details. Following the link takes a user to a fake page (designed to look like a genuine site) where they must enter their login details. This fake page saves the details and sends them to a criminal, who can then use the details to access the account on the genuine site.
- Smishing is a form of phishing that occurs via SMS messages on mobile phones. These messages will also be very persuasive and request a link is followed in order to confirm personal details.
- Encourage your students to be very wary of any messages asking them to follow a link or confirm personal details or reset a password, especially if they haven’t requested it. Advise them that it is always best not to follow the link but to tell a trusted adult as soon as possible. They can then work together to log in to their online account using a method you trust.
- Help your students recognise the clues that give away phishing and scam attempts. This often includes poor spelling or grammatical errors, especially from messages claiming to be from banks and businesses. If you hover a mouse cursor over a link (or hold your finger on it on mobile devices) you can see where the link will take you. If the address doesn’t match the official site address then it could be a fake.
- Explain to your students that banks and organisations will never ask you to share your password or personal data by sending it via an email or message. If you are doubtful about whether an email from a bank/company is genuine, then always visit their official site yourself and log into your account using a method you trust.
- Remind your students that if it sounds too good to be true then it probably is! Online schemes offering to make money quickly or free things from companies you’re not familiar with should be treated with suspicion. If you haven’t entered a competition, you can’t have won the prize!
- If you are the target of identity theft or online fraud then always report it to the online service (if it happened there) and local law enforcement. Encourage your students to always tell a trusted adult if they have been targeted by identity theft attempts online.