WE were carrying out a spring clean at home recently as part of our goal to declutter our house when we came across our eldest daughter Rachel’s Communion dress. Given that Communion season is nearly upon us, we thought it would be an ideal time to sell it, so we decided to put the dress up for sale on donedeal.ie for €180.
Soon after we posted it online, we received a few enquiries, but one in particular we thought was a bit odd.
An email arrived from a woman who had viewed the dress and confirmed to my wife, Roseann, that she wanted to buy it. Great stuff. But, we asked, would she not like to know more about the dress – what size it was, how many times it was worn? Surely she would like to meet Roseann to inspect it?
No need, she told us. She didn’t have the time as she was busy travelling herself and the size didn’t matter because she was going to send it to her son who owned a shop. He was going to sell to someone else.
This women’s English was not great in the emails she was sending us but she was able to communicate that she had spoken to An Post and they would charge Roseann €40 if she was to send the dress directly to her.
Not to have us out of pocket, she was going to refund the €40 to us and send €220 in total to our PayPal account. She asked us for the email address we use with our PayPal account.
Concerned that all didn’t seem right, Roseann said she would come back to her, called PayPal and asked them what the correct procedure was for receiving payment for something sold online. They advised that when funds are received into a person's PayPal account, they (PayPal) contact the account holder and confirm funds have been received.
PayPal advised Roseann – not that she needed to know by now – that this person was trying to scam her. The reason she was looking for Roseann’s email address was because an email looking like it had come from PayPal would be sent to her by the scammer, apparently confirming that funds had arrived. It would look like a legitimate email, and the idea was that the dress would be duly posted. Shortly afterwards, upon discovery that the email was bogus, the dress would already be on its way and lost forever.
Roseann emailed back this woman and explained what she had done – and what the correct procedure was. If she wanted the dress, this is what was going to happen.
I think Roseann went to the trouble of sending an email back to this woman, just to say: “Don’t think I didn’t know what you were trying to do to me. Nice try, but stupid doesn’t live in this house.”
Of course, once the women received the email from Roseann, she knew she was rumbled and never replied. She just probably moved on to try and scam someone else.
People fall prey to this type of scam every day and just because it was a new one to me doesn’t mean it hasn’t been around for ages
But it got me thinking and I guess made me much more aware of internet security. It dawned on me the number of emails I receive each day from supposedly legitimate organisations looking for information from me.
I never reply to them or even open them, but I was looking at a few recently, and these were requests supposedly from very credible, big branded companies that I may have an account with and they look like the real deal. In the body of two recent emails, they said:
l “We are performing an annual account maintenance procedure. Please login to your account and complete the requested actions. Once logged in you will be guided to the rest of the process.”
l “As part of our ongoing effort to provide a safer, simpler and more convenient service to our customers, our risk department is flagging some suspected accounts. Your accounts was reviewed and flagged because of a potential connection to some fraudulent transactions. To avoid any restriction on your account, please verify your account information by logging on to your account by following the link below.”
I contacted the companies who had allegedly sent the emails. They told me they had done no such thing.
What the people who sent me those emails were hoping was that I would disclose details about bank accounts, PPS numbers, dates of birth and so on. What I have been told by internet security experts is that some cyber criminals are not asking directly for this information any more because people are becoming too suspicious and are naturally reluctant to give their details out because they think they are being scammed.
Knowing this, the cyber criminals use a softer approach. By not asking for any information from you, what they are doing, unbeknownst to you, is sending you a virus and malware that not only can destroy your computer, but let them monitor your internet use allowing them to log in remotely and view your activity, copy your passwords and log in details for sites like your on-line bank accounts.
So, the moral of the story is to be very careful. Be careful opening any unsolicited emails regardless of what the subject matter is about. Make sure you invest in the latest anti-virus software and when you are prompted to up-date your security, do it.
If you are shopping online, only use sites that have a padlock symbol in the browser window, and also make sure a website's address starts with https:// and not http://.
Change your passwords every couple of months and don’t use the same one for all of your internet accounts. Apparently one in four of us uses easy-to-guess passwords such as birthdays or names. If you want a strong password use one that has a combination of capital letters, numbers and symbols.
The best form of defence against hackers or scammers is common sense – if it sounds too good to be true, as was the case with Roseann, it probably is.
Not all scams will be obvious, so take your time, listen to what your gut is telling you, and take a moment before you do open anything.
We still haven’t sold that dress, by the way!
Liam Croke is MD of Harmonics Financial Ltd,
based in Plassey. He can be contacted at firstname.lastname@example.org or www.harmonics.ie