Police warn Devon residents of fake security app scam

A WIDESPREAD scam is tricking people into installing fake security apps, Devon & Cornwall Police has warned.

Police say scammers impersonate major email and tech providers to convince you that your account is at risk so they can steal your personal information.

Scammers send urgent messages that look like they are from your email provider (e.g., Outlook, Gmail, iCloud, or Yahoo).

These include official-looking emails or texts warning of unauthorised logins or urgent pop-ups saying things like, ‘Security Breach: Protect your account now!’.

Also in the news

Channings Wood prison officer jailed for relationship with inmate

Royal visitor for this year's Devon County Show

Police warn of alcohol licensing fee scam calls

Communities across Devon to benefit as two popular grant funds return

These links lead to a convincing fake website designed to look like a legitimate login or security portal, where you are asked to perform a ‘security check’.

Once on the fake page, you are guided through a series of fake ‘security steps’.

At the end, you are prompted to download and install a security app or certificate to ‘fix’ the issue, but, in reality, this app is malware designed to monitor your device.

And because you are tricked into giving the app permission to install, your antivirus might not always block it.

Once installed, the app can monitor your keystrokes, read your messages and access your contacts, even after you close your browser.

A spokesperson for Devon & Cornwall Police said: ‘Your email provider will never ask you to install a separate ‘security app’ via a pop-up or a link in an email.

‘If you get a security alert, close the message.

‘Instead of clicking the link, open a new browser tab and log in directly through the official website (e.g., mail.google.com or outlook.com) to check your account status’.

Devon & Cornwall Police are reminding people of the ‘red flags’ to watch out for:

• Being asked to install software to ‘verify’ your identity;

• Requests to share your real-time location or contact list;

• Prompts to enter your password on a site you didn't navigate to yourself.

The force has also shared some tips to help users:

• Before typing your password, look at the address bar, if the website name looks slightly ‘off’ (e.g., security-login-check.com instead of microsoft.com), leave immediately;

• Enable Two-Step Verification.

‘It is the single best way to stop a scammer even if they get your password’, the spokesperson said.

For more information on setting up Two-Step Verification, visit the National Cyber Security Centre website.

And, finally, what to do if you are a victim of fraud:

• Report it: Visit - UK's Home for Reporting Cyber Crime & Fraud - Report Fraud or call 0300 123 2040.

• Contact your bank: If you shared financial details, contact your bank's fraud department immediately by calling 159.

• Report Phishing: Forward suspicious emails to [email protected] and suspicious texts to 7726.

Police warn of fake security app scam

Newsletter Sign up

Comments