Safer Internet Day Supported by Get Safe Online

by Tony Neate on February 8, 2011

A guest blog from the Rt Hon Baroness Neville-Jones, Minister of State for Security

More and more of us, especially young people, are spending our leisure time on the internet; whether that be by updating our social network pages, buying and selling goods via online market places, or escaping into virtual worlds and second life games.  The internet is a great place to relax and entertain ourselves.
 
However, we should all be aware of the risks that exist on the internet and take steps to protect ourselves when we’re online.  This year, Get Safe Online is supporting Safer Internet Day and reminding internet users across Europe of the simple steps they should take to protect themselves from the risk of fraud and identity theft and their computers from viruses.

Below are 5 simple steps we can all take in order to limit the chance of becoming a victim of online fraud:

• Choose strong passwords which use a mixture of letters, numbers and punctuation – this makes them harder to crack
• Keep your passwords safe and never disclose them to anyone or post them online
• Take care about the amount of information posted on Facebook, on blogs and on other social networking sites
• Don’t fall for scam emails which say there is a prize to claim but which ask for a fee in order to do so. If it sounds too good to be true, it probably is!
• If you think you’ve been scammed, conned or ripped off while online then report it.  Visit Action Fraud at www.actionfraud.org.uk

Explore the rest of the Get Safe Online site for further tips and advice on staying safe online.

{ 0 comments }

A guest blog from Sharon Lemon OBE, Deputy Director SOCA e-Crime and Chair of GetSafeOnline.org

This year I’ve been pretty organised (for once) and managed to do most of my Christmas shopping already. I’ve been up late, shopping online, so occasionally wonder if, through tiredness and that peculiar feeling you get from being the only one awake late at night means that my family this year will end up with some very strange gifts. But it’s certainly made life easier, as I don’t like crowds at all and I can decide when and where I am going to shop.  I always check the returns policy and p & p before I start. I do most things online now, including banking – I think it’s much safer.  I can check my balance every day if I want, rather than wait for a monthly statement – and I’m doing my bit for the planet.

The one thing I noticed whilst whiling away the wee hours, are the notifications I get, asking me to update software and restart my computer. The temptation is to ignore these – normally because they seem to occur just at the moment you find the perfect present, or you’re in the middle of an online chat with a friend. They get filed in the ‘later’ category, and are promptly forgotten about.  It’s easy to think, ‘it’s all still working, so why worry?’

But they are really important messages, because updating software maintains your computer, and allows it to carry on performing well. Ignoring updates is like ignoring warning lights on the dashboard of your car – you know that sooner or later, things are going to catch up with you.

Leaving updates to an unspecified ‘later’ date leaves you potentially vulnerable to online threats. The Get Safe Online website site has a page explaining updates.

During our recent Get Safe Online week, we focused on criminals who sold fake anti virus packages known as ‘scare ware’.  The best way to stay safe online whilst keeping your computer updated is to get updates directly from the company website – so if you’re updating Microsoft Office, go to the Microsoft Office website. You should never be charged for security patches, so if someone asks for payment, it is likely to be a con. 

Updating your computer should also keep it performing well, which means you’ll have an easier time online, whether it’s buying presents or being one of the first to bag a bargain when the post-Christmas sales start.  Have a good one!.

{ 2 comments }

Mega shopping Monday.

by Tony Neate on November 30, 2010

The Guardian reports that this week is expected to be the busiest online shopping period of the year, this Monday as hundreds of thousands of Christmas shoppers order mail-order gifts from e-tailers. The day has been dubbed Mega Monday by Visa Europe, which expects 3.8m purchases worth £265m to be made using Visa cards.
 
It says 80% of purchases will be made on debit cards, with 2,600 transactions worth £184,000 taking place every minute, or just over £3,000 per second. Visa said that UK consumers will defy fears over the recession and any resulting job cuts by splashing out 5.5% more this year than they did during 2009′s Mega Monday.
 
The payments specialist said the Monday closest to December occurs shortly after pay day for many consumers and has consequently been the busiest day for e-tailers for the last two years. Visa’s predictions, which are based on current spending data as well as previous years’ Christmas spending trends, are considered accurate because more than £1 in every £4 spent in the UK is on a Visa card.

But Visa Europe warns shoppers to be vigilant when shopping for Christmas presents online and on the high street, claiming that three in five shoppers put themselves at risk of fraud through poor personal security habits including sharing PINs and card details.

To find how to be safe whilst shopping on line visit Get Safe Online’s safe shopping guide.

{ 0 comments }

Guest blogger: Lord Harry Renwick Chair of EURIM

I was delighted to be invited to attend the sixth annual Get Safe Online Summit on Monday.
 
What it seems to have achieved, and it certainly showed, was how important it has been to bring awareness of the activities of the Cyber Criminals to the attention of Internet users of all types, and to bring together Industry players with Government bodies and law enforcement agencies to attempt to keep one step ahead of them.
 
Speaker after speaker, from SOCA, ACPO, NFA and others joined together with industry representatives to draw attention to the pivotal role played  by Get Safe Online in this, and to the importance of promoting innovative ways of achieving Internet Security, also the need to provide an effective means for reporting breaches in such security, through Action Fraud.  Only an accurate assessment of loss can justify the provision of adequate resource to counter such fraud.
 
James Brokenshire endorsed all that and declared the Government’s commitment with extra funding in these straightened times.  He was followed by Sharon Lemon, Deputy Director at SOCA and the Chair of Get Safe Online, who closed the very successful meeting quickly, saying she did not want to detract from the sense of enthusiasm that had been built up.  

To find out more, download the speakers presentations and the Minister speech from the Get Safe Online website.

{ 0 comments }

Today is the start of this year’s Get Safe Online Week – and I can hardly believe it myself that we’re about to head into our sixth year! However, as I will be saying at our annual Summit taking place later this morning in central London, our job is never done.
 
Today, my colleagues and I are out and about talking about one of the latest online scams – anti-virus software that is actually malicious software in disguise. Not only is this big business for criminals, but it also represents a shift in their approach – rather than exploiting our lack of awarenss, they are now exploiting the fact that most of us know how important (genuine) AV software is. Visit the Get Safe Online homepage to find advice on how these scams work and what warning signs to look out for.
 
We have also just launched our annual Report. This contains views and analysis from all of our major sponsors and partners, both in terms of our attitudes to online safety today as well as some of the risks facing us tomorrow. Again, you can download this by following the links from the homepage.
 
Happy reading!

We’ve now added a video to our website so you can see for yourself how these operations work.

• 1 in 4 UK web users targeted via cold calls
• Wolf in sheep’s clothing – AV software is malware in disguise
• 80% UK web users unaware of scam
• Latest cases indicate gangs are making millions
 

To find out more visit the Get Safe Online website.

{ 6 comments }

Get Safe Online Week – 15th November 2010

by Tony Neate on October 27, 2010

15th to 19th November 2010
What is Get Safe Online Week?

Get Safe Online is an annual event to raise awareness of internet safety issues.

We reach out to consumers and small businesses through competitions, events and PR activity. And to businesses and organisations through our annual Get Safe Online Summit which kicks off the week on Monday, 15th November in central London.

Watch this space throughout November to find out the latest updates or follow us on Twitter @GetSafeOnline

What is our objective?

Our objective is to encourage everyone to take some time out of their week to learn more about internet safety and to make sure that their computer is properly protected.

The risks are serious but prevention is easy. A few hours is all you need. It’s a small price to pay compared to the huge hassle of dealing with viruses, identity theft and online fraud.

For bloggers and webmasters

Show your support for Get Safe Online by displaying a Friend logo on your site. To download these .GIF images, just right click on the size you want and select ‘Save image as’ (Firefox) or ‘Save picture as’ (Internet Explorer). Please link back to our home page, www.getsafeonline.org.

{ 6 comments }

Facebook puts you in your Place

by Tony Neate on October 18, 2010

Guest Blog from Rik Ferguson – Senior Security Advisor at Trend Micro

Today sees the launch of Facebook Places in the UK, a new service that allows you to use your iPhone or other touchscreen GPS enabled device to “check-in” and show the world where you are.

With the launch of this service, Facebook are jumping onto the geo-location bandwagon previously offered by the likes of foursquare and others. However with Facebook’s 500 million users and the ever increasing popularity of GPS aware mobile devices the could be the first time it hits most mainstream users.
 
Essentially Facebook places allows user to manually check themselves in at any location they happen to visit, which sounds great for locating friends and acquaintances who may be at the same place or event, but also has some serious privacy implications.
 
Like most things on Facebook who is able to see your updates and check-ins can be restricted by your privacy settings, and the check in process itself must be manually completed every time, so no one’s going to be able to follow from place to place unless you allow them to.
 
However in these default privacy settings, once you check in, even if you have set your location to be visible to “Friends only” Facebook will allow anyone else checked in nearby to see your location, that doesn’t sound ideal to me and could represent valuable information to someone with less than honourable intent. By the way, to get here and change these settings you should click on Account in the top right of your Facebook screen, then choose Privacy Settings and then search for the very small “Customise settings” link on that page. As well as the settings shown in the image above, if you scroll down a little further you can choose to disable Friends being able to check you in, which is once again sadly enabled by default.
 
Unfortunately it doesn’t stop there, it is also possible to tag friends in your own check-ins, meaning that you can be “checked-in” either against your will or without your consent. Friends can check you in anywhere, regardless of your actual location, even making it look as tough you are somewhere you are not. Once another user has been tagged in your check-in, they receive a notification along with the option to remove the tag; but from the moment they are tagged, the information is posted on Facebook, without their consent, even if they have not started using Places themselves. Also, it cuts both ways. If I check-in and tag a friend, then although my privacy settings should allow “Friends Only” to see my location, any friends of the person I tagged will see my location on that person’s wall.
 
Clearly this systems represents a massive risk to individual privacy. If Facebook persist in allowing check-ins by third parties then they need to ensure that the information is not made public until it has been agreed to by all people identified. Facebook should also ensure that any privacy settings are either fully respected or that the implications of your actions are make crystal clear.

For more information visit GetSafeOnline.org

{ 2 comments }

Safer Social Networking

by Tony Neate on October 11, 2010

Guest Blog from Rik Ferguson – Senior Security Advisor at Trend Micro

Get Safe Online has asked me for a few tips on how to look after yourself online, particularly with regard to social networking. I know many of the people who read this blog are regular users of Facebook & Twitter, so I wanted to share those tips here. It’s by no means an exhaustive list and I didn’t quite make to the catchy “10 top tips” but hopefully there are a few things here that you may not have previously considered.
1 – Familiarise yourself with both the privacy settings and the security policy of any social and professional networking sites you use. If you’re not happy with them, stop using the site.  

2 – When you create your profile consider each piece of information that you share and whether if it is necessary or even relevant to that site. Do you need to share telephone numbers for example, maybe if your mail or direct messages come direct to your phone that is enough. Think practically don’t complete a form just because it is in front of you.

3 – When you share content, chat, mail or comment on other people’s posts or profiles never consider your communication to be personal or private. Even if you have made full use of the privacy settings available to you, you cannot be sure your content won’t be copy/pasted, downloaded or otherwise shared more widely without your knowledge.

4 – Most sites offer a means to reset your password should you forget it. This is also one of the most common ways to break into an account. If you are asked to provide answers to “Security questions” consider whether the answers are really secure. Secure means that you are the only person who can answer the question. If the possibility exists to create your own questions, use it. If you are obliged to answer more standard questions such as “First school”or “First pet” remember the answer doesn’t have to be the truth, it only has to be something you can remember.  

5 – Do not use a single password for multiple different sites, that way if one is compromised you don’t have to worry about the others. Create complex passwords using upper and lower case letters, numbers and special characters such as $%&!. Devise a way to differentiate your password for each site you use, for example putting the first and last letters of the web site name at the beginning and end of your complex password. (Tip: the character £ does not feature in some automated tools for brute forcing passwords so it can be a good one to use. To get that character on a non UK keyboard, hold down the Alt key and tap 0163).

6 – If you receive a friend request from someone you don’t know or recognise, contact them directly before you make the decision to add them to your circle of trust. Ask how they know you, and check they are legitimate. It’s not only your own privacy you are protecting, it’s also that of all your friends.  

7 – Consider sorting your friends into groups, in many cases this will allow you to share specific content with specific groups only.  

8 – Try to minimise the number of third party apps and services that you install or allow to access your account, learn how to remove or disallow them and get rid of any that you no longer use. Don’t forget even on Twitter once you authorise a service to access your account, that permission remains unless you manually remove it and it also persists through password changes.

9 – Don’t click links in messages or wall posts, even links sent to you by friends without checking first if the person intended to send it to you. The few moments it takes to check could save you from falling for a phishing scam or worse, infecting your computer. You could also be doing your friend a favour if you are letting them know their account is compromised and sending out links.

For more information visit GetSafeOnline.org

{ 3 comments }

OpenID and you

by VeriSign on August 16, 2010

This is a guest blog post from VeriSign UK, a Get Safe Online sponsor.

Passwords are not perfect when it comes to keeping your identity safe online. Too many people use the same password for different websites or choose weak passwords that hackers and their software can easily guess.

Choosing strong passwords is always a good idea but perhaps there is a better alternative. OpenID is, as the name suggests, an open standard for authentication. It replaces the traditional user name and password with a digital identity backed up by a choice systems to prove that you are who you say you.

It has several benefits. It’s easier to use. You don’t have to share your password with every Tom, Dick and Harry on the internet. And, it’s easier than keeping track of dozens of different password for different sites.

Millions of sites allow you to login using OpenID, including PayPal, eBay, Yahoo!, Google, Facebook, AOL and others.

Many companies provide OpenID credentials. One option is VeriSign Identity Protection (VIP). VeriSign lets you create your own OpenID digital identity and offers a range of different ways to identify yourself. These include a VIP Access Toolbar for your browser, free software for your smartphone that generates one-time passwords as well as advanced cryptographic tokens.

clip_image001 clip_image002

So, next time you struggle to remember a password, get frustrated at filling in another registration form or (if you are unlucky) fall victim to identity theft, why not try out OpenID instead?

{ 0 comments }

Things we check (Video)

by VeriSign on August 2, 2010

This is a guest blog post from VeriSign UK, a Get Safe Online sponsor.

VeriSign’s new advert is a good reminder that we need to check things before we trust them. VeriSign’s new Trust™ Seal lets website owners confirm their identity and prove that their site is virus-free. When you see it, you know you can buy, browse and share with confidence. For more information see: Trust the Check.

{ 0 comments }

The UK’s first national hunt for future cyber security professionals launches today in central London. The Cyber Security Challenge UK is a series of online and face-to-face competitions designed by leading security, education and government organisations as a response to the worryingly small numbers of skilled personnel in the cyber security and online crime prevention profession.

The Challenge will identify the most talented individuals in the country capable of becoming our first line of defence against cyber attacks and online crime now and in the future. It will excite and inspire participants to consider a career as a cyber security professional. The very latest technologies will be employed to test the mettle of everyone from teenagers to seasoned IT professionals.

Anyone interested in participating in the challenge can register online and have a chance to be crowned the UK’s Cyber Security Champion at http://cybersecuritychallenge.org.uk/site/Home

{ 1 comment }

Meet the rightperson, not a conperson.

by Tony Neate on July 23, 2010

Guest blogger: Sharon Lemon OBE. Deputy Director e-Crime, Serious Organised Crime Agency (SOCA)

Sharon LemonYears ago, when Internet dating started, it did have a reputation as being a bit seedy, but things have moved on and now there are a  number of reputable dating sites which advertise their success in putting couples together, many of whom get married. Needless to say though, there are some people who want to exploit this new form of relationship and romance fraud is a growing problem, and can leave its victims financially and emotionally devastated. Make sure you’re aware of the signs so that you don’t fall for Mr or Mrs Wrong and not Mr or Mrs Right – do not become a victim.

For example, when you sign up to a dating website be careful about giving out your private information, especially to people from a foreign country who contact you out of the blue and claim to care deeply for you after only one or two emails or conversations. Always stay on the website, and don’t take your conversations onto instant messaging or private email. Don’t trust anybody who won’t answer basic questions about where they are and what they do.

So far we have only seen this offence being committed against women. A common tactic is for a fraudster to claim that they are a soldier, maybe American, who is based in Iraq and wants to retire with their children to live with you. Once the relationship is established, you will be asked to speak to their friends in a completely different country, which is when you will be asked for money.

When a romance fraudster (actually probably a group of criminals posing as one person) manages to seduce somebody into an online relationship, often over weeks and months, eventually there will be a problem that only you can help with. Maybe they want to travel to see you, and want you to pay money towards a visa or airline tickets. Or maybe they or a family member falls ill, or even dies, and they need money for medical or funeral bills. There may be many different reasons, but with just one purpose – to get your money.

If you do pay, the fraudster will then give more reasons for you to send money, and you will never see any of the things they promise. If they say they are flying to see you, they won’t turn up but will have a problem at the airport requiring your money to sort out. If they say they have large amounts of cash or gold that only requires some customs charge or other fees before you can get a share, this is just another type of fraud designed to rip you off. You may even be asked to fly abroad, so that you can be exposed to these different types of fraud in person. If you do so there is a real risk of kidnap and extortion, meaning your life could be in danger.

To protect yourself, be wary of contact from these romance fraudsters. Never send money to anybody you don’t know or trust, particularly by a money transfer service instead of to a bank account. If something sounds too good to be true, it probably is. If you become a victim, you could end up losing a lot of money as a result – or worse.

If you think you’ve been a victim of romance fraud, or any other type of fraud, cease all contact straight away, don’t send any more money and get in touch with Action Fraud via their website, http://www.actionfraud.org.uk/  or call them on 0300 123 2040.

That’s all pretty serious, but remember – as in real life, most people in the virtual world are good, so enjoy your time in it.

{ 1 comment }