During the current COVID-19 outbreak and lockdown, social distancing does not mean that sessions have to stop for current and new clients. This page sets out my relevant duties as a psychotherapist in this situation; how we will manage online and phone sessions; and lastly, since many of us are spending a great deal longer on the internet during the outbreak, some tips to keep yourself safe from scammers.
My duties as a psychotherapist
It is fundamental to my role as a psychotherapist that I protect your confidentiality. In the current situation, when someone tests positive for COVID-19, NHS staff have a duty to undertake contact tracing. This means the patient is interviewed about people they’ve been in contact with. NHS staff are then in touch with contacts to provide support and testing.
The usual legal boundaries of confidentiality are written into the therapeutic contract we both sign in the first session, that everything we discuss is strictly confidential, except in the circumstance that a child is at risk of harm, or if there is a threat to an adult’s life. In the present situation, if I should at any point test positive for the virus, I will be obliged to inform NHS staff that I have been in contact with you (if, at that time, we have been in physical proximity within the previous 2 or 3 weeks), but I am not obliged to reveal the nature of the relationship, so I will not tell anyone you are my client. If you should test positive, feel free to tell NHS staff either that I am your therapist or, if you prefer, that I am your friend. I will not then be surprised if I should receive a phone call naming you as my friend rather than my client.
If I should be temporarily unable to continue sessions due to illness, I will contact all clients by text or email, then again when I am recovered, to continue sessions. If I should suddenly become so ill that I cannot contact clients, I have a therapeutic executor, another psychotherapist who will be given access to my client contacts only and strictly in the event of my serious illness or death, to inform my clients of the situation.
My cancellation policy is that the session fee is still payable if the session is cancelled fewer than 48 hours before time, except in emergencies. This is standard practice, and is especially important to enable me to be flexible enough to see clients who cannot commit to a regular time. A session cancelled at short notice creates a space I could otherwise have offered to clients who are shift workers, such as medics, the emergency services and transport staff. I will waive this 48 hour policy in cases related to COVID-19, such as your high temperature or continuous cough beginning within 48 hours of the session, or your need to care for someone with these symptoms, such as a partner, child or parent.
My primary commitment is to you and your welfare. Therefore, if you should find yourself in the position of having to miss consecutive sessions, please rest assured that your appointment with me is sacrosanct as long as you need it, regardless of health-related gaps.
Online sessions are conducted on camera via Zoom. Not everyone is entirely comfortable with technology, so I want to make it easy for you.
You do not need a Zoom account, just a computer or phone with a camera. For your security, before the session starts I send you a one-off link with a password. Both the link and the password are valid only for the duration of that session. There is an online ‘waiting room’ facility, so if you wish you can log on shortly before the session starts, before I’m online.
If there should be a technology failure, the person who has lost the connection should try to re-establish it. It is important that only one of us is trying to do this. If it is not possible to reconnect, we should have a back-up plan of continuing the session by phone.
As with all online platforms, we can make ourselves much safer and ensure the session runs smoothly by following some simple tips.
1. Most importantly, sessions are confidential, so you should be in a safe environment where you will not be interrupted or overheard.
2. Once you have logged in to the session, stay with the computer. Do not walk away from the screen so that someone else can see.
3. Be on a computer where your internet use will not be monitored. This means being on your own password-protected computer, or at least on a shared computer where you have your own password-protected area which only you access. Do not use a work computer where your use is monitored by tracking software.
4. Additional confidentiality can be secured by using headphones so you only you can hear me.
5. Close down any unnecessary programmes running in the background, to free up system resources for a better quality Zoom call.
6. If at all possible, please connect to the internet using a cable rather than wi-fi. Wi-fi signals can be intermittent and unstable, causing drop-outs which interrupt the flow of communication. If wi-fi is the only option, please make sure your wi-fi is password-protected – your own password, not the factory default – and ensure you are in a spot where the signal is good.
7. Please do not record sessions, as the existence of the recording on a computer potentially compromises your confidentiality.
8. Once the session is over, please close all programmes connected with the session, primarily your email, Zoom and camera.
For more online security tips, see the last part of this page.
When the session is due to start, simply call me and we’ll begin.
Sessions are confidential, so you should be in an environment where you will not be interrupted or overheard.
If there should be a break in signal and we are cut off, I will wait while you re-establish the connection.
Please ensure you are as fully present in the session as we would be face to face, giving attention to our communication, not engaging in other activities (driving, washing up, etc.) during the session.
Tips to keep yourself safe online and on the phone
My intention in this last section is to strike the right balance by simply taking appropriate precautions without causing undue concern. Since more of us are spending more time at home and online during the COVID-19 lockdown, criminals have increased their online and telephone activity to try to catch us out and, of course, there are new coronavirus versions of scams, which you can read about here and here.
It’s important to remember how cyber-criminals operate. They’re not very original. They more or less always use the same methods, taking advantage of others’ trust or their lack of knowledge about security, as described below. If you have up to date anti-virus and anti-malware software you stand a much greater chance of shielding yourself against the scams that require you to click on a link. Even better, don’t click on the link!
If the password on your wi-fi has not been changed since it was set in the factory, change it now, as not doing so is an open invitation for criminals to tune in and hack away.
Make the password complicated and apparently meaningless. A hacker will easily crack a password like Alex123. Instead, find a way of memorising something that looks like gobbledegook to anyone not in the know. A good example includes a mix of characters – lower and upper case letters, numbers and other characters – such as kdJV%b!0sJV£5dy&*
I am [a scammer pretending to be] your bank, Google, etc.
If anyone phones you and tells you they’re your bank, HMRC, Social Security, Google, Microsoft, or any organisation at all, and they start asking you security questions, stop the call immediately. They’ll probably tell you your account has been compromised, or that your computer has a virus, or some other story to make you concerned, or that you are owed money to encourage you to hand over your account details. That is their aim: for you to reveal your password and security details so they can clean out your account.
If you call your bank (for example), you should expect them to ask you security questions, to make sure it’s really you. But if your supposed bank (or other organisation) is calling you and asking you the security questions, you can be sure it’s a criminal. If they don’t know your name and are phishing even for that, then you know it’s a scam; but there are many ways of linking a name to a phone number, such as your name and number on a website advertising something for sale, so don’t be fooled.
And, just in case the news of such scams hasn’t reached you, your bank will never call you to transfer money to another account for ‘safekeeping’ because of ‘suspicious activity’. This is a criminal, getting you to do his job for him by asking you to transfer your money to his account.
[Don’t] click on the link
The following 4 examples are actual emails I have received in the last few days as I write this. What you see in each case is a screenshot of the email, which I have slightly modified in each case so that the email and website of the criminal sender is changed (just in case anyone is tempted to try the link!).
The first example is essentially an email version of the phone scam just described. This is called a phishing email: they’re trying to hook you with bait and reel you in so you key in sensitive information.
Some emails of this type look quite convincing at first. This is one of the obvious scams.
1. The supposed sender, GOV.UK, doesn’t match the email address (which I have changed). Sometimes the criminals are a little cleverer than this, so that the email is almost right, e.g. ‘Lloyds’ becomes ‘LL0yds’.
2. They don’t know my name. Typically, an email like this begins ‘Dear Customer’, or just ‘Dear’. Beware – sometimes the scammer does know your name. This email is unusually casual, addressing me as “Hey”!
3. “We tried to call you”. They didn’t.
4. They tell me I have a council tax refund, but the email is supposedly from HM Revenue and Customs, who don’t deal with council tax.
5. The link to the “Refund Form” is the phishing link. If you hover your mouse over the link, you see the URL (website address) displayed, as shown above (which I have changed), which will be different to the claimed sender. Sometimes the URL is surprising – a furniture seller or a carpet cleaner – which may mean the website was legitimate but has been hacked and hijacked.
If I did click on this link I would probably find a page that looks like the HMRC website, log in with my HMRC user name and password, and by this means the criminal can find my financial details and follow a trail to steal my money.
There are now special COVID-19 versions of this scam. In one, a text or email is sent ‘from HMRC’ claiming to give you a tax rebate due to coronavirus. To receive your rebate, all you have to do is – you’re probably ahead of me here – click on the link. In another, a text is sent claiming you have left the house 3 times today and will therefore be fined. To ‘pay the fine’ there is – you guessed it – a link to click on. You can read more about the latest scams by clicking on this link, or this link, which is perfectly safe. Honestly.
There is more to these malicious links than stealing your data or money on a fake website. Often, the clicked link automatically downloads malware (malicious software). Malware comes in various forms, including a computer virus, which infects and corrupts files; ransomware, which locks the computer until you agree to pay a large amount of money or else everything is erased; spyware, which logs everything you do, including your passwords, credit card numbers and surfing habits; and Trojans, which disguise themselves as legitimate software (analogous to the story of the Trojan horse), acting in the background to undermine your security and let other malware in. (This isn’t an exhaustive list of malware types, but you get the idea.)
The example above is more straightforward. A criminal finds your name and your email address, then emails you a malicious link purportedly from someone you know. (I have changed the name and link in this email.) This is easy to spot. There is rarely a message, and the email address of the sender is always a mismatch for the email address of the real person.
The example above is the bottom part of a quite convincing fake email, purportedly from a company, selling their products. Clicking on any of the links will lead to malware. Not only that, they’ve thought about the detail. A non-customer may think, ‘I’ve never subscribed to this advertising list, so I’ll click the link to unsubscribe.’ That way they’ve got you again. Not only that, clicking on the link confirms to the criminals selling your email address that your email is live, so you’ll receive more scams.
This last email is meant to look like a legitimate advertisement for investment, but of course it’s another phishing/malware scam. There are obvious clues, almost as if the scammer wants to give recipients a head start in spotting the fakery! BBC has become “CBC”; their “special report” is entirely unconvincing; and the email address that sent this (which I have changed) was gobbledegook. I’ve received this email numerous times, each time from a different email address, all of which have been gobbledegook. Since the way an email address appears can easily be changed, in all likelihood all these different email addresses are fronts for the same account. Having front emails gives the scammers the advantage of making it very difficult to block and blacklist them, as the email never appears to come from the same place twice. The email address in the sendee box is never mine, which tells me I’m on a mass email list for these scams. That’s OK, as millions of us are – as long as I never click on the link.
There are also various social media versions of the ‘trick you to click on the malware’ scam. One of the latest is a private message which will come from the account of a friend whose account has already been compromised, with a message such as ‘Oh my God, is this you in the video?’ or ‘I thought I saw you in this video’. Click on the click, sometimes disguised to look like an actual video, and your social media account will be taken over and your computer infected with malware. You can read a little more about this scam by clicking here.
Another social media scam is the online version of a chain letter. You receive a private message from a friend, with a picture attached, such as a rainbow heart with NHS written on it, asking you to send it on to 10 (or some other number) more people. Don’t do it. A scammer is recruiting the unwary to spread their malware. Click on the picture, and your social media account and computer belong to them.
If you have been scammed
If you have been scammed on the phone or online, inform the organisation the scammers claimed to be (where applicable); and send a report to Action Fraud, the national fraud and cyber-crime reporting centre. Their website is available by clicking here.