The UK’s first national hunt for future cyber security professionals launches today in central London. The Cyber Security Challenge UK is a series of online and face-to-face competitions designed by leading security, education and government organisations as a response to the worryingly small numbers of skilled personnel in the cyber security and online crime prevention profession.

The Challenge will identify the most talented individuals in the country capable of becoming our first line of defence against cyber attacks and online crime now and in the future. It will excite and inspire participants to consider a career as a cyber security professional. The very latest technologies will be employed to test the mettle of everyone from teenagers to seasoned IT professionals.

Anyone interested in participating in the challenge can register online and have a chance to be crowned the UK’s Cyber Security Champion at http://cybersecuritychallenge.org.uk/site/Home

Guest blogger: Sharon Lemon OBE. Deputy Director e-Crime, Serious Organised Crime Agency (SOCA)

Years ago, when Internet dating started, it did have a reputation as being a bit seedy, but things have moved on and now there are a  number of reputable dating sites which advertise their success in putting couples together, many of whom get married. Needless to say though, there are some people who want to exploit this new form of relationship and romance fraud is a growing problem, and can leave its victims financially and emotionally devastated. Make sure you’re aware of the signs so that you don’t fall for Mr or Mrs Wrong and not Mr or Mrs Right – do not become a victim.

For example, when you sign up to a dating website be careful about giving out your private information, especially to people from a foreign country who contact you out of the blue and claim to care deeply for you after only one or two emails or conversations. Always stay on the website, and don’t take your conversations onto instant messaging or private email. Don’t trust anybody who won’t answer basic questions about where they are and what they do.

So far we have only seen this offence being committed against women. A common tactic is for a fraudster to claim that they are a soldier, maybe American, who is based in Iraq and wants to retire with their children to live with you. Once the relationship is established, you will be asked to speak to their friends in a completely different country, which is when you will be asked for money.

When a romance fraudster (actually probably a group of criminals posing as one person) manages to seduce somebody into an online relationship, often over weeks and months, eventually there will be a problem that only you can help with. Maybe they want to travel to see you, and want you to pay money towards a visa or airline tickets. Or maybe they or a family member falls ill, or even dies, and they need money for medical or funeral bills. There may be many different reasons, but with just one purpose – to get your money.

If you do pay, the fraudster will then give more reasons for you to send money, and you will never see any of the things they promise. If they say they are flying to see you, they won’t turn up but will have a problem at the airport requiring your money to sort out. If they say they have large amounts of cash or gold that only requires some customs charge or other fees before you can get a share, this is just another type of fraud designed to rip you off. You may even be asked to fly abroad, so that you can be exposed to these different types of fraud in person. If you do so there is a real risk of kidnap and extortion, meaning your life could be in danger.

To protect yourself, be wary of contact from these romance fraudsters. Never send money to anybody you don’t know or trust, particularly by a money transfer service instead of to a bank account. If something sounds too good to be true, it probably is. If you become a victim, you could end up losing a lot of money as a result – or worse.

If you think you’ve been a victim of romance fraud, or any other type of fraud, cease all contact straight away, don’t send any more money and get in touch with Action Fraud via their website, http://www.actionfraud.org.uk/  or call them on 0300 123 2040.

That’s all pretty serious, but remember – as in real life, most people in the virtual world are good, so enjoy your time in it.

Get Safe Online is pleased to introduce our latest guest blogger:

Rik Ferguson from Trend Micro

You might have noticed in the news today, Facebook have agreed to make the ClickCEOP app available to their users. This app, often referred to in the media as a “Panic Button” gives concerned Facebook users a place where they can go to get help and advice related to many aspects of online safety.
 
CEOP (the Child Exploitation and Online Protection Centre) encourages Facebook users aged between 13 and 18 to add a ClickCEOP tab to their profile, the tab contains a link through to the CEOP Abuse Reporting site. This site is aimed at providing direct links to report or get advice on cyber bullying, hacking (by this they mean account takeover), viruses, mobile problems, harmful content or inappropriate or unwanted sexual behaviour.
 
While the ClickCEOP app will not be installed by default into every teenager’s profile, Facebook have stated in this interview that they will support the app with a site-wide awareness campaign aimed at their younger users and the app itself is clearly designed to spread by word of mouth and recommendation.
 
It is great to see Facebook taking the safety of their more vulnerable users more seriously. Education and awareness are powerful tools against online threats, hopefully as people notice their friends adding this app to their profile pages it will rapidly become almost a default installation.
 
The reason why predators are so successful on social networks and online in general, is because they work diligently to allay any suspicions or fears that their victim my feel. They use stolen photographs, misappropriated identities and outright lies to appear to be something they are not. For some commentators, this is the reason the Panic Button may not be as effective as could be hoped. But surely something is better than nothing at all?
 
One argument that says that the simple presence of the button will help to raise awareness and help to raise the suspicion level of the more vulnerable. It could also be the case that repeat offending will be uncovered more rapidly if even one potential victim sounds the alarm.
 
Unfortunately an alternative outcome is that this functionality could drive bullies and predators into more devious tactics, for example the creation of “use once and destroy” alter-egos making finding and stopping them all the more complicated.
 
At the very least for the younger or more vulnerable there should be no more confusion about where to go or what to do when they feel somehow targeted. One of the aggravating factors when it comes to online crime is the absence of any central reporting facility. For Facebook users this small part of the problem, at least, is now solved.

“Microsoft have issued an advisory notice to its customers that a vulnerability exists in the Microsoft Windows Help and Support Center (HSC) application.  This vulnerability affects Windows XP and Windows 2003 and could allow hackers remote access to your computer. 

To stay safe you should not to open suspect file attached to emails from people you do not know or visit any suspicious websites.  You should update your anti-virus and firewall settings and regularly check the Microsoft security website for any security updates and patching information.

Keeping your operating system and all your application software up to date is crucial and cannot be emphasised too strongly.  It is strongly advised that you set up automatic security updates for firewalls and secure wireless connections.”

It is only two days until the 2010 FIFA World Cup Finals kick off on 11th June. Judging by the flags on cars there is a great deal of excitement and this tournament promises to be a fantastic festival of football. The 2010 World Cup has been described as the first of the ‘social media age’. In 2006 when Germany hosted the finals, Facebook was still a closed network and Twitter was only three months old!

http://www.getsafeonline.org/nqcontent.cfm?a_id=1179

With the buzz of anticipation, people are already using every aspect of social media to share the experience together. There are all manner of ‘apps’, and complex spreadsheets calculating the permutations of the group stages and the draw for subsequent rounds, and imported e-calendars with all the fixtures right up to the final. There are websites where you can play 2010 fantasy football and have your very own World Cup dream team.

As always though, there are opportunistic criminals who want to cash in on the World Cup. They see the event not as a sporting extravaganza but simply a means of ripping-off honest football supporters. To avoid scoring an own-goal and becoming a victim of cyber crime, take some simple but effective steps to protect yourself online by viewing our Beginner’s Guide at:

Everyone at Get Safe Online wishes you all a very enjoyable World Cup, and don’t let the criminals ruin your fun!

We’ve heard that a number of people that have received calls from people pretending to be from Microsoft alleging there is a problem with their computer that can be fixed for a fee.  Microsoft do not make unsolicited phone calls to help you fix your computer. 

If you receive an unsolicited call from someone claiming to be from Microsoft Technical Support, hang up.  More advice from Microsoft here http://www.microsoft.com/protect/fraud/phishing/Msname.aspx

Emails claiming to be from the Civil Aviation Authority offering compensation to those travellers left stranded by the recent volcanic eruption in Iceland have been exposed as fake.  Researchers at the Scam Detectives website (www.scam-detectives.co.uk) noticed the emails sent from fraudsters asking for newly returned travellers for the passport data, bank account details and other personal information.  Travellers were asked to provide this information in return for up to £2,000 compensation.

This is the most recent case of ‘disaster’ email fraud within a series of scams including the Haitian Earthquake donation appeal and the Boxing Day Tsunami appeal.  A spokesman for the CAA said; “I can categorically say that this email has nothing to do with us.  It’s a scam – and we’ll be asking the police to investigate.”  The Director of Scam Detectives, Charles Conway said; “If you receive a an e-mail claiming to be offering you repayment to compensate you for the inconvenience of being stuck overseas, you should delete it immediately without responding.”

GetSafeOnline echoes this advice and would remind all internet users to be vigilant when screening their e-mail and pay extra attention to correspondence relating to current affairs and disaster appeals.  If something seems to be to good to be true then it probably is.

All that is new and shiny in the world of information security and cyber crime was on show at InfoSec Europe this week.  One of the many education sessions on offer dealt exclusively with the current value of fraudulently acquired data traded on ‘dark market’ websites.  Facilitated by Marcus Alldrick of Lloyds, a panel of experts including Martyn Croft (Salvation Army), Geoff Harris (ISSA) and Michael Paisley (Santander) gave their views on how much criminals can expect to sell stolen personal data for on the black market. 

Financial details and medical records were accorded the highest values by the audience in a mock auction between ‘victims’ and villains’, with the average quoted price currently at £2.50 per record.  However other types of personal information such as family photographs, commercially sensitive information and school application forms were given values of up to £400,000 due to the willingness of criminals to employ extortion and blackmail tactics to make money.  The market in personal data is growing and many criminal gangs are earning millions from the trade, facts that underline the importance of protecting information online and keeping yourself safe. 

We all want to use and enjoy the internet but this education session reinforces the fact that what we value as sensitive and personal is valued very differently by criminals looking to exploit your information for material gain.

Smartphones have experienced a huge boom in recent years  – analyst numbers show that last year the market grew by 24%. Our own research shows that around 1 in 4 UK web users access the internet via a mobile web browser, and of these, 20% synchronise their handsets with a home PC, 56% use social networking sites, around 1 in 5 shop, and a further 16% have begun to manage their finances from their phones.

So, clearly, using the internet in this way is becoming common place for many of us.

Over the last few years, we’ve become more risk-aware when it comes to using the web – most of us know now to protect our PCs with the right security software, keep it updated, and are generally more aware of the dangers of sharing too much personal information online. (Find out more about the key trends in our Report.)

In an ideal world, this conscious effort would automatically transfer itself when we start using the web from our mobiles. However, it seems this may not be the case. Research we’ve released today shows that over two-thirds of smartphone users don’t secure their handset with a PIN or password – the most basic security measure and the first line of defence against fraud if your phone falls into the wrong hands. Around 1 in 5 of us have lost our phones or had them stolen, so the risk is very real.

Part of the challenge is that we still think of our phones as phones – in reality, having a smartphone is no different to carrying around a laptop. But, the way the consumer market is structured – low priced handsets offset by long term network contracts, and a regular cycle of relatively affordable upgrades – means that we just don’t place the same value on a lost phone as we would on a lost laptop or stolen PC.  Indeed, most people who lose their phone bemoan the loss of all their contact numbers – which is not great, but potentially only the tip of the iceberg when combined with all the other personal information our phones contain.

Today, Get Safe Online is running a campaign to highlight the risks to smartphone users. As always, it’s not about deterring people, but about getting them to think about their phones in the same way they do their PCs so that they can recognise and navigate the risks. We’ve now updated the website with fresh and comprehensive advice, which you can check out here. 

If you’re a parent, it’s also worth thinking about how your children use their phones – see comments from Dr Tanya Byron yesterday.

Get Safe Online has now linked up with the National Fraud Authority and Action Fraud.

With Action Fraud UK citizens can now report fraud far easier than ever before. By reporting fraud, anti-fraud agencies are provided with the vital information they need to protect us all from fraudsters. At the same time helping to bring the offenders to justice.

Action Fraud refers all cases of fraud to the National Fraud Intelligence Bureau which is run by the police service. Although each report cannot be investigated individually, the information you provide will aid the police to build up a national picture of fraud. This will help make the UK a more hostile place for fraudsters to operate in and keep other potential victims safe.

To learn more about protecting yourself from online fraud visit the Get Safe Online website

To report a fraud visit Action Fraud click:   ACTION FRAUD

 “I update my computer whenever I am told to do so by some message that appears on the screen, so I’m safe”

Unfortunately more and more security professionasl I speak to tell me updating the software on a machine is now more important than updating the operating system. Yes it is important to update your applications, but not more important. I believe you are as secure as the weakest link in your system, so updating both the operating system and all applications are critical, for both the user and the general security of the web.

However the new important update is now the computer user, we all need to protect ourselves from the threats that appear on a daily basis by updating our knowledge of what new and existing threats are out there. It’s only with this additional education and knowledge that the end user will not become the weakest part of the security link……!

As Valentine’s Day approaches, those that are single may be thinking about looking for love online.

Online dating is big business these days. Recent research shows the number of Britons paying to use online dating agencies is set to grow from 2.6m in 2006 to 6m by 2012, and set to be worth around £368m in revenues.  In terms of content that people buy online, it’s surpassed only by music and video games.

However, as you will know from me by now, there are some avoidable risks involved. Overall, our approach should be no different to doing anything else online – shopping, social networking, banking: Be aware of the risks, keep your wits about you, and if it sounds too good to be true…

…well, check out Get Safe Online’s top tips here.

Do this, and there’s little reason not to enjoy the benefits of meeting people this way. Indeed, according to independent research for one of the popular dating sites, users find a compatible match once every ten minutes.

Good luck and Happy Valentine’s Day!