In the middle of The Great British Spring Clean 2023, we thought it would be good to think about why it’s good to clean up your data, to help protect from scammers who will use it against you if they can.
There are so many scams around these days, it’s worth knowing what to look out for. And it’s also worth knowing the things that can make us more vulnerable to scams that might target us.
Spotting a scam
A scam can be started in many different ways. But a common way is when you receive an email or text message that you probably weren’t expecting. Often, the message will appear to be from some official organisation or a government institution such as HMRC, DVLA or the TV Licensing authority.
There are some tell-tale signs that the message is the first step in trying to set up a scam to either steal your money or capture certain personal information that the scammer will use later in some way.
Scam signs
If an unexpected email or text arrives, make some simple checks of your own:
- Check the email for bad spelling and grammar
- If the message starts with a general greeting instead of your name, for example, ‘Dear HMRC user’, it’s more likely to be a scam
- You can search the internet for the sender’s details, the email subject line or the organisation’s name – you might find people discussing a scam
- If the email asks for personal information, account numbers, address, anything like that, it’s worth remembering that organisations like banks or HMRC will never do that
- Check whether the email address matches the sender’s name or organisation – you might have to click on their name to see the actual email address
- Remember too that there are some intuitive checks you can make. If ever you feel rushed into responding to an unexpected message, take a breath and pause.
It could be scam if:
- The message contains something that just seems too good to be true. Examples might include a super cheap smartphone or a holiday that costs much less than it should
- Someone you don’t know contacts you unexpectedly with an offer
- You may simply suspect you’re not dealing with a real company. Sometimes scammers will present themselves as a company but there’s no postal address, a warming sign it could be a scam
- You’ve been asked to transfer money quickly. Remember, scammers will often put urgency into their scams to make you do something without thinking it through
- You’ve been asked to pay in an unusual way – examples include paying by BitCoin, by vouchers, or through a transfer service
- You’ve been asked to reveal personal information like passwords or PINs. Remember, no legitimate bank or genuine organisation will ask you for complete passwords or PINs
READ MORE: State pension alert as grandparents could boost sum by £2,340
Keeping yourself safe
The scammers are very resourceful and constantly coming up with new, more clever ways to capture your money or your personal information. So here are a few tips to keep yourself safe:
Fake shops
Are you sure the online retailer you’re about to use is real? Scammers are clever at making online shops look like the real thing. Sometimes they make up a name for the store, but sometimes they pretend to be a popular brand. So, spend a few minutes checking things including the store’s terms and conditions. Included in there you should find a proper postal address, not just a PO Box number.
Check online what people have said about the store, read reviews on independent sites, not just on the website itself. At one time you could rely on the padlock symbol in the address bar of your browser to show a site is secure – but no longer, scammers have found ways to do that, so don’t rely on that as a check.
Don’t click
You may have received messages by email or by text message that invite you to click on a link. Don’t do it. If the link is not from someone you know, it may lead to a download of malware to your phone or computer that could be used to compromise your personal information. Or it could download a virus.
Keep it personal
Some scams aren’t designed to steal from you directly. But some are designed to capture personal information. Scammers build profiles of people using publicly available information such as that they can scrape from social media profiles and anything they can collect from data breaches. Hackers sell data they steal from company databases to scammers. If a scammer gets enough data on an individual, it can make it easier for them to dupe the unwary, because they can be very convincing if they have a few details included in their approach. So, keep your personal data close, and minimise who has it. If someone is asking for personal information, in general don’t give it.
Keep it secret, keep it safe
Make sure that passwords for your email, social media accounts and any online shopping, banking or other commerce accounts are kept secure and use passwords that are strong, very hard to guess and never use on more than one account. A password manager app can help because it will generate complex, unique passwords for every account you have and using it will mean you are not tasked with having to remember dozens of different and complicated passwords.
Dance the two-step
In addition to creating complex passwords, many online accounts offer two-factor authentication. This is a system that requires you to make a second step in addition to the password, which makes it much harder for a scammer to access any of your accounts, even if they have the password.
Stay informed
The government operates an email alert system for scams which you can sign up to and that provides alerts on the latest online, telephone and face-to-face scams.
Spring clean your data
When people are shown how many organisations have their data, they are often amazed. Amazed by how many companies have the data, not least because often people have no idea who some of the organisations are. That’s because data is bought and sold, legally and illegally, every day so it can become difficult to keep a grip on who has what information on you, or how they’re using it.
Data brokers are organisations that trade in personal information. Mostly it’s legal and they scrape people’s online activity and digital footprint to profile them. Then the data brokers sell that data on to literally thousands of companies who subsequently bombard us with marketing information, porn and other communications we never asked for. And sometimes our data falls into the hands of criminals leading to ‘spear phishing’.
It’s well worth carrying out a digital spring clean, getting your data under control so you know exactly where it is, who’s got it and what they’re using it for.
Digital footprint
When any of us go online, we leave a digital trail of where we’ve been. Almost everyone has a digital footprint. Online activities such as photo sharing, dating, banking, shopping, gaming, professional networking, and social networking all add to it. Other people can contribute to your digital footprint by posting photographs or information about you online.
READ MORE: Britons issued stark warning as TV licence fraud email circulates
Can I delete my digital footprint?
The short answer is, no, you can’t completely. But there are ways to minimise your digital footprint, lowering the chances of your personal data being spread widely, sold, or used by data brokers.
Does clearing my browsing history remove my digital footprint?
Unfortunately, no. To access the internet, all our web traffic passes through an Internet Service Provider’s (ISP) server. This allows the ISP to know exactly which websites you visited. So, deleting your browser history on your laptop doesn’t stop your ISP from having the entire list of your web-browsing habits.
How can I minimise my digital footprint?
There are several things we can all do to reduce the amount of personal data that’s out there. Here are our top tips for cleaning up your data:
Cookie crumble
Every time we use a website, you will see a box pop up asking whether you accept cookies. It’s easy just to click ‘accept’, but do you know what information you are giving away if you do that? Cookies capture all sorts of information, from basics like your name, date of birth and email address to more in-depth information such as your hobbies, buying habits, bank details and sexual orientation, with just one click you could be inadvertently handing over a lot of personal information.
Cookies can even capture information such as what web page you were looking at before the one you’re on, and where you go next.
It’s worth clicking on ‘manage’ or ‘reject all’ cookies to minimise how your online activity is tracked.
Old accounts
Do you have any old accounts you don’t use any more but that are sitting out there somewhere in the cloud, on a server who knows where, still with your personal information?
Have a look for accounts or profiles that you’ve created online. Many of us have created multiple accounts over time – for gaming, online shopping, socialising or even just out of curiosity – but often we just don’t use them anymore. They’re easy to forget but important to manage.
Think about which networks you have social media profiles on. Aside from the main forms of social media, do you still have old accounts on sites you don’t use anymore? Which shopping sites have you registered on?
To get rid of these accounts, go to your account settings and look for an option to either deactivate, remove, or close your account.
Depending on the account, you may find it under Privacy or Security, or something similar. If you’ve forgotten your username, search through your email inboxes to find emails from the websites. Most large websites will have a process you can follow to retrieve your account details. Then create a second email account that you use when shopping online, registering for online services, and all those other unnecessary boxes.
Goggle your Google settings
Take control of your Google search results. It’s time to decide how easily you would like people to find your information. If you want to remain private, then ensure that your security and privacy settings are up to date.
Break from data brokers
Data brokers collect data from everything you do online and then sell that data to interested parties, more specifically advertise to you and sell you stuff.
You have a right to ask data brokers what information they hold on you and to instruct them to stop processing your data. Rightly has a service to help you do this.
Have you been breached?
A Google search isn’t going to tell you whether your usernames and passwords have been hacked. But some browsers now help with this. In Apple’s Safari for instance, if you check under settings and then select ‘passwords’ it will tell you whether a particular user name or password has appeared in a data breach. Checking this regularly can help you keep on top of places where your data may have been compromised so that you can change a password or close down an account.
You can also do this at haveibeenpwned.com, which checks your email against databases on the dark web. The dark web is where hackers sell stolen data to anyone who will buy it. Then, you can change key information and passwords to prevent being hacked or scammed.
Opt out option
You can opt out of marketing communications with any company you don’t want to hear from. Plus, remove yourself from as many databases as possible that store your contact details and personal information. For example, The Direct Marketing Association, the Telephone Preference Service, and the Mail Preference Services all allow you to opt out of communications and to remove yourself from their marketing databases.
But, bear in mind that unsubscribing from marketing communications is not the same as getting your data deleted. If you unsubscribe, your data still sits there, sitting on company servers, moved from here to there without your knowledge and vulnerable if a hacker breaks into the company’s systems, or if the company simply loses it carelessly.
You can use your rights under the General Data Protection Regulation (GDPR) to remove your personal data from as many companies as you’d like, for free. This is because the law states that a company must completely erase your information if you ask them to. You can do this yourself by emailing each company individually, or you can use our Rightly Protect service to make data deletion requests to a whole range of companies. It’s quick, simple, and free.
Scambusters Mail bag: Your questions answered
Question: I think I’m due a tax rebate, but I’ve seen all sorts of articles recently about HMRC scams. How can I ensure I get my tax rebate while avoiding being scammed?
A wide range of increasingly inventive scams carried out by criminals impersonating HMRC are in play, and at this time of year when many tax refunds are due, scammers will be particularly active.
Scammers use a variety of tactics, many of which play into people’s emotions, such as exciting you by saying you are due a tax refund or scaring you by calling you saying you owe HMRC unpaid tax.
The key thing to bear in mind is that HMRC will never text, email or phone asking for bank details, PINs or passwords, nor will they send a message via WhatsApp or social media saying you’re due a tax rebate. While HMRC does email in certain circumstances, they will never send emails requesting personal information or advising you you’re due a refund, so if you get one, it’s a scam.