The Northumberland County Council (NCC) in England has put out a general warning to residents after observing a rise in “broadband-related cyber fraud“, which occurs when scammers attempt to impersonate your ISP in order to steal financial data and money. Some 68% of the reported victims have collectively lost £12.57k to this scam alone.
The scam in question typically begins with a phone call from somebody who claims, fraudulently, to work for your ISP. The fake support agent will often say they’ve identified a fault on your line or a problem with your broadband speed, although they might also claim to have identified a virus or security breach of your connection (the irony of this one is not lost). Some can also threaten service disconnection.
However, whatever the approach or tactic taken, the goal is usually the same – to encourage, panic or pressure you into giving up either sensitive financial details or access to your computer. At this point you’ll often be instructed to download a specific application, allegedly to help in troubleshooting the fake issue, but this actually allows the scammer to remotely access the person’s device.
The software you’re asked to download could be a trojan (malware) that’s designed to infect your computer and enable hackers to gain access. But scammers typically prefer to use more legitimate remote desktop / control software (e.g. TeamViewer or similar). In either case, the scammers will use this to access and take control of your system.
Once access is obtained, the scammer informs the person that numerous viruses have been detected on the device and promises a refund. To facilitate this refund, the person is asked to make a small payment of £2.99 to verify their details. But this transaction allows the fraudsters to capture the victims’ card details and subsequently attempt unauthorised transactions, with some victims reporting losses of up to £3,000.
Sadly, the chances are fairly high that many of our readers will have already been targeted by something like this (we get several of these a year in the office), as it’s fairly common across the UK. But the vast majority of people will have been able to spot it and quickly put the phone down (or lead the scammer on a bit to waste their time).
The level of sophistication and knowledge used by such scammers does seem to vary, with some being more convincing due to having researched their victims ahead of time (i.e. they might have already got some of your personal details from prior data breaches). But others may not know your name and may just guess that you’re using one of the big ISPs due to probability (BT, Sky, Virgin or TalkTalk), which they’ll often get it wrong.
What to do?
Firstly, if you do receive such a call, then it goes without saying that you should NEVER – a) download any software they may request, b) press any options / numbers on your phone (particularly if it sounds like the initial message is from an automated system) or, c) give out any personal or financial details to the caller (they often won’t have this and will attempt to trick YOU into giving THEM such details first).
Suffice to say, a little paranoia is always helpful when receiving any kind of unsolicited call, particularly one claiming to be from a company or organisation. If you have any doubt that the call is genuine, then put the phone down, wait a few short minutes (just so the old caller will clear, as that can be an issue on older systems), then find an official contact number for your ISP and call them directly to check.
Consumers should also be conducting regular checks of your bank statements to help identify any unauthorised transactions. But if you have been targeted by this scam or have any information, then please report it to the local authorities or Action Fraud at https://www.actionfraud.police.uk .