Phishing attackers are using a new tactic to try to trick you into parting with your private and sensitive information.
Phishing usually comes in the form of a fake email, which spoofs a familiar brand to falsely gain your trust and send you to malicious websites. These websites look just like the real thing in a bid to gain your trust and get hold of your bank details, passwords and more. But as people wise up to the scam, phishers are trying a new approach, specifically targeting Windows 10 users. Find out everything you need to know to keep yourself safe below:
What is the Windows 10 tech support scam?
According to Microsoft’s malware protection researchers, the newest form of phishing comes in the form of shady website links which use pop-ups and scare tactics to tell victims they need to dial a number for unnecessary technical support services.
These emails claim to be from well-known places such as Amazon or LinkedIn – see the example below.
Once you click on the link, you are redirected to a Windows 10 tech support website which looks official. A pop-up then appears with a number to dial, claiming to be free of charge.
The pop-ups usually warn about a malware infection or licence expiration, and will sometimes play sounds or show a countdown to increase the urgency.
However, this is not a legitimate tech support service and you should not follow the instructions.
How can I avoid phishing attacks?
The first port of call is security software, such as BT Web Protect, which will protect you from phishing and other web-based threats.
If you’re suspicious, there are ways you can make sure an email isn’t a scam yourself.
First of all, were you expecting the email? Taking Amazon as an example, did you actually order anything in the first place? If you didn’t, and the email talks about an order cancellation, then it’s possible it’s a phishing attack.
Secondly, does it look legitimate? Sometimes scam emails include spelling mistakes or are just in plain text.
A third and major point is to look at the links in the email itself. Hover over them to see the URL. The address should be pretty simple and easy to understand – using Amazon as an example, you should expect to at least see “amazon.co.uk” towards the beginning. Random words and addresses such as the one shown below are reason to be suspicious and shouldn’t be clicked.
A good rule to follow is always think before you click.
What should I do if I’ve opened a phishing email?
You should immediately close the windows, open your web browser again, and delete cached data and cookies – this can be done on any web browser by following the same process you would when deleting history, as explained here.
To be extra careful, you might want to carry out a virus scan.
If you’ve got a dialog box like the one shown below, simply close it. Should it keep reappearing every time you close it, see if it has a tick box that allows you to prevent any further boxes. See below for an example from Microsoft Edge.
If you’re still not able to close the window, try clicking the ctrl + alt + delete buttons on your keyboard to either close the window or restart your computer. You should still delete cached data and cookies.
What should I do if I’ve already given out details?
If you’ve already given out details, you’ll need to act fast.
Given out a username and password? Go to the official website of whatever login details you shared and change them.
If you’ve provided your bank account details, contact your bank straight away so they can put a block in place.
You should then report it to Action Fraud.
For more advice, visit our dedicated site, bt.com/scams.