Psychotherapy sessions are usually in person, but for various reasons some clients may find online or phone sessions necessary or preferable. This page offers some practical guidelines.
Online sessions are conducted via a secure online platform. Not everyone is entirely comfortable with technology, so I want to make it easy for you.
You do not need an account, just a computer or phone with a camera. There is an online ‘waiting room’ facility, so if you wish you can log on shortly before the session starts.
If there should be a technology failure, just reconnect. If this is not possible, we should have a back-up plan of continuing the session by phone.
As with all online platforms, we can make ourselves much safer and ensure the session runs smoothly by following some simple tips.
1. Most importantly, sessions are confidential, so you should be in a safe environment where you will not be interrupted or overheard.
2. Please place your device on a flat and stationary surface, as screen movement from being held in the hand or on your lap can induce motion sickness in the viewer.
3. If at all possible, please connect to the internet using a cable rather than wi-fi. Wi-fi signals can be intermittent and unstable, causing drop-outs which interrupt the flow of communication. If wi-fi is the only option, please make sure your wi-fi is password-protected – your own password, not the factory default – and ensure you are in a spot where the signal is good.
4. Once you have logged in to the session, stay with the computer. Do not walk away from the screen so that someone else can see.
5. Be on a computer where your internet use will not be monitored. This means being on your own password-protected computer, or at least on a shared computer where you have your own password-protected area which only you access. Do not use a work computer where your use is monitored by tracking software.
6. Additional confidentiality can be secured by using headphones so you only you can hear me.
7. Close down any unnecessary programmes running in the background, to free up system resources for a better quality call.
8. Please do not record sessions, as the existence of the recording on a computer potentially compromises your confidentiality.
9. Once the session is over, close all programmes connected with the session.
For more online security tips, see the last part of this page.
When the session is due to start, simply call me and we’ll begin.
Sessions are confidential, so you should be in an environment where you will not be interrupted or overheard.
If there should be a break in signal and we are cut off, I will wait while you re-establish the connection.
Please ensure you are as fully present in the session as we would be face to face, giving attention to our communication, not engaging in other activities (driving, washing up, etc.) during the session.
Tips to keep yourself safe online and on the phone
My intention in this last section is to strike the right balance by simply taking appropriate precautions without causing undue concern. Criminals use online and telephone activity to try to catch us out. Since March 2019 there are new coronavirus versions of scams, which you can read about here and here.
It’s important to remember how cyber-criminals operate. They’re not very original. They more or less always use the same methods, taking advantage of others’ trust or their lack of knowledge about security, as described below. If you have up to date anti-virus and anti-malware software you stand a much greater chance of shielding yourself against the scams that require you to click on a link. Even better, don’t click on the link!
If the password on your wi-fi has not been changed since it was set in the factory, change it now, as not doing so is an open invitation for criminals to tune in and hack away.
Make the password complicated and apparently meaningless. A hacker will easily crack a password like Alex123. Instead, find a way of memorising something that looks like gobbledegook to anyone not in the know. A good example includes a mix of characters – lower and upper case letters, numbers and other characters – such as kdJV%b!0sJV£5dy&*
I am [a scammer pretending to be] your bank, Google, etc.
If anyone phones you and tells you they’re your bank, HMRC, Social Security, Google, Microsoft, or any organisation at all, and they start asking you security questions, stop the call immediately. They’ll probably tell you your account has been compromised, or that your computer has a virus, or some other story to make you concerned, or that you are owed money to encourage you to hand over your account details. That is their aim: for you to reveal your password and security details so they can clean out your account.
If you call your bank (for example), you should expect them to ask you security questions, to make sure it’s really you. But if your supposed bank (or other organisation) is calling you and asking you the security questions, you can be sure it’s a criminal. If they don’t know your name and are phishing even for that, then you know it’s a scam; but there are many ways of linking a name to a phone number, such as your name and number on a website advertising something for sale, so don’t be fooled.
And, just in case the news of such scams hasn’t reached you, your bank will never call you to transfer money to another account for ‘safekeeping’ because of ‘suspicious activity’. This is a criminal, getting you to do his job for him by asking you to transfer your money to his account.
[Don’t] click on the link
The following 4 examples are actual emails I have received in the last few days as I write this. What you see in each case is a screenshot of the email, which I have slightly modified in each case so that the email and website of the criminal sender is changed (just in case anyone is tempted to try the link!).
The first example is essentially an email version of the phone scam just described. This is called a phishing email: they’re trying to hook you with bait and reel you in so you key in sensitive information.
Some emails of this type look quite convincing at first. This is one of the obvious scams.
1. The supposed sender, GOV.UK, doesn’t match the email address (which I have changed). Sometimes the criminals are a little cleverer than this, so that the email is almost right, e.g. ‘Lloyds’ becomes ‘LL0yds’.
2. They don’t know my name. Typically, an email like this begins ‘Dear Customer’, or just ‘Dear’. Beware – sometimes the scammer does know your name. This email is unusually casual, addressing me as “Hey”!
3. “We tried to call you”. They didn’t.
4. They tell me I have a council tax refund, but the email is supposedly from HM Revenue and Customs, who don’t deal with council tax.
5. The link to the “Refund Form” is the phishing link. If you hover your mouse over the link, you see the URL (website address) displayed, as shown above (which I have changed), which will be different to the claimed sender. Sometimes the URL is surprising – a furniture seller or a carpet cleaner – which may mean the website was legitimate but has been hacked and hijacked.
If I did click on this link I would probably find a page that looks like the HMRC website, log in with my HMRC user name and password, and by this means the criminal can find my financial details and follow a trail to steal my money.
There is more to these malicious links than stealing your data or money on a fake website. Often, the clicked link automatically downloads malware (malicious software). Malware comes in various forms, including a computer virus, which infects and corrupts files; ransomware, which locks the computer until you agree to pay a large amount of money or else everything is erased; spyware, which logs everything you do, including your passwords, credit card numbers and surfing habits; and Trojans, which disguise themselves as legitimate software (analogous to the story of the Trojan horse), acting in the background to undermine your security and let other malware in. (This isn’t an exhaustive list of malware types, but you get the idea.)
The example above is more straightforward. A criminal finds your name and your email address, then emails you a malicious link purportedly from someone you know. (I have changed the name and link in this email.) This is easy to spot. There is rarely a message, and the email address of the sender is always a mismatch for the email address of the real person.
The example above is the bottom part of a quite convincing fake email, purportedly from a company, selling their products. Clicking on any of the links will lead to malware. Not only that, they’ve thought about the detail. A non-customer may think, ‘I’ve never subscribed to this advertising list, so I’ll click the link to unsubscribe.’ That way they’ve got you again. Not only that, clicking on the link confirms to the criminals selling your email address that your email is live, so you’ll receive more scams.
This last email is meant to look like a legitimate advertisement for investment, but of course it’s another phishing/malware scam. There are obvious clues, almost as if the scammer wants to give recipients a head start in spotting the fakery! BBC has become “CBC”; their “special report” is entirely unconvincing; and the email address that sent this (which I have changed) was gobbledegook. I’ve received this email numerous times, each time from a different email address, all of which have been gobbledegook. Since the way an email address appears can easily be changed, in all likelihood all these different email addresses are fronts for the same account. Having front emails gives the scammers the advantage of making it very difficult to block and blacklist them, as the email never appears to come from the same place twice. The email address in the sendee box is never mine, which tells me I’m on a mass email list for these scams. That’s OK, as millions of us are – as long as I never click on the link.
There are also various social media versions of the ‘trick you to click on the malware’ scam. One of the latest is a private message which will come from the account of a friend whose account has already been compromised, with a message such as ‘Oh my God, is this you in the video?’ or ‘I thought I saw you in this video’. Click on the click, sometimes disguised to look like an actual video, and your social media account will be taken over and your computer infected with malware. You can read a little more about this scam by clicking here.
Another social media scam is the online version of a chain letter. You receive a private message from a friend, with a picture attached, such as a rainbow heart with NHS written on it, asking you to send it on to 10 (or some other number) more people. Don’t do it. A scammer is recruiting the unwary to spread their malware. Click on the picture, and your social media account and computer belong to them.
If you have been scammed
If you have been scammed on the phone or online, inform the organisation the scammers claimed to be (where applicable); and send a report to Action Fraud, the national fraud and cyber-crime reporting centre. Their website is available by clicking here.
© Ian Pittaway Therapy. Not to be reproduced in any form without permission. All rights reserved.