News, tips and updates from the GetSafeOnline.org team

A guest blog from Sharon Lemon OBE, Deputy Director SOCA e-Crime and Chair of GetSafeOnline.org

This year I’ve been pretty organised (for once) and managed to do most of my Christmas shopping already. I’ve been up late, shopping online, so occasionally wonder if, through tiredness and that peculiar feeling you get from being the only one awake late at night means that my family this year will end up with some very strange gifts. But it’s certainly made life easier, as I don’t like crowds at all and I can decide when and where I am going to shop.  I always check the returns policy and p & p before I start. I do most things online now, including banking – I think it’s much safer.  I can check my balance every day if I want, rather than wait for a monthly statement – and I’m doing my bit for the planet.

The one thing I noticed whilst whiling away the wee hours, are the notifications I get, asking me to update software and restart my computer. The temptation is to ignore these – normally because they seem to occur just at the moment you find the perfect present, or you’re in the middle of an online chat with a friend. They get filed in the ‘later’ category, and are promptly forgotten about.  It’s easy to think, ‘it’s all still working, so why worry?’

But they are really important messages, because updating software maintains your computer, and allows it to carry on performing well. Ignoring updates is like ignoring warning lights on the dashboard of your car – you know that sooner or later, things are going to catch up with you.

Leaving updates to an unspecified ‘later’ date leaves you potentially vulnerable to online threats. The Get Safe Online website site has a page explaining updates.

During our recent Get Safe Online week, we focused on criminals who sold fake anti virus packages known as ‘scare ware’.  The best way to stay safe online whilst keeping your computer updated is to get updates directly from the company website – so if you’re updating Microsoft Office, go to the Microsoft Office website. You should never be charged for security patches, so if someone asks for payment, it is likely to be a con. 

Updating your computer should also keep it performing well, which means you’ll have an easier time online, whether it’s buying presents or being one of the first to bag a bargain when the post-Christmas sales start.  Have a good one!.

{ 2 comments }

The Guardian reports that this week is expected to be the busiest online shopping period of the year, this Monday as hundreds of thousands of Christmas shoppers order mail-order gifts from e-tailers. The day has been dubbed Mega Monday by Visa Europe, which expects 3.8m purchases worth £265m to be made using Visa cards.
 
It says 80% of purchases will be made on debit cards, with 2,600 transactions worth £184,000 taking place every minute, or just over £3,000 per second. Visa said that UK consumers will defy fears over the recession and any resulting job cuts by splashing out 5.5% more this year than they did during 2009′s Mega Monday.
 
The payments specialist said the Monday closest to December occurs shortly after pay day for many consumers and has consequently been the busiest day for e-tailers for the last two years. Visa’s predictions, which are based on current spending data as well as previous years’ Christmas spending trends, are considered accurate because more than £1 in every £4 spent in the UK is on a Visa card.

But Visa Europe warns shoppers to be vigilant when shopping for Christmas presents online and on the high street, claiming that three in five shoppers put themselves at risk of fraud through poor personal security habits including sharing PINs and card details.

To find how to be safe whilst shopping on line visit Get Safe Online’s safe shopping guide.

{ 0 comments }

Guest blogger: Lord Harry Renwick Chair of EURIM

I was delighted to be invited to attend the sixth annual Get Safe Online Summit on Monday.
 
What it seems to have achieved, and it certainly showed, was how important it has been to bring awareness of the activities of the Cyber Criminals to the attention of Internet users of all types, and to bring together Industry players with Government bodies and law enforcement agencies to attempt to keep one step ahead of them.
 
Speaker after speaker, from SOCA, ACPO, NFA and others joined together with industry representatives to draw attention to the pivotal role played  by Get Safe Online in this, and to the importance of promoting innovative ways of achieving Internet Security, also the need to provide an effective means for reporting breaches in such security, through Action Fraud.  Only an accurate assessment of loss can justify the provision of adequate resource to counter such fraud.
 
James Brokenshire endorsed all that and declared the Government’s commitment with extra funding in these straightened times.  He was followed by Sharon Lemon, Deputy Director at SOCA and the Chair of Get Safe Online, who closed the very successful meeting quickly, saying she did not want to detract from the sense of enthusiasm that had been built up.  

To find out more, download the speakers presentations and the Minister speech from the Get Safe Online website.

{ 0 comments }

Today is the start of this year’s Get Safe Online Week – and I can hardly believe it myself that we’re about to head into our sixth year! However, as I will be saying at our annual Summit taking place later this morning in central London, our job is never done.
 
Today, my colleagues and I are out and about talking about one of the latest online scams – anti-virus software that is actually malicious software in disguise. Not only is this big business for criminals, but it also represents a shift in their approach – rather than exploiting our lack of awarenss, they are now exploiting the fact that most of us know how important (genuine) AV software is. Visit the Get Safe Online homepage to find advice on how these scams work and what warning signs to look out for.
 
We have also just launched our annual Report. This contains views and analysis from all of our major sponsors and partners, both in terms of our attitudes to online safety today as well as some of the risks facing us tomorrow. Again, you can download this by following the links from the homepage.
 
Happy reading!

We’ve now added a video to our website so you can see for yourself how these operations work.

• 1 in 4 UK web users targeted via cold calls
• Wolf in sheep’s clothing – AV software is malware in disguise
• 80% UK web users unaware of scam
• Latest cases indicate gangs are making millions
 

To find out more visit the Get Safe Online website.

{ 6 comments }

15th to 19th November 2010
What is Get Safe Online Week?

Get Safe Online is an annual event to raise awareness of internet safety issues.

We reach out to consumers and small businesses through competitions, events and PR activity. And to businesses and organisations through our annual Get Safe Online Summit which kicks off the week on Monday, 15th November in central London.

Watch this space throughout November to find out the latest updates or follow us on Twitter @GetSafeOnline

What is our objective?

Our objective is to encourage everyone to take some time out of their week to learn more about internet safety and to make sure that their computer is properly protected.

The risks are serious but prevention is easy. A few hours is all you need. It’s a small price to pay compared to the huge hassle of dealing with viruses, identity theft and online fraud.

For bloggers and webmasters

Show your support for Get Safe Online by displaying a Friend logo on your site. To download these .GIF images, just right click on the size you want and select ‘Save image as’ (Firefox) or ‘Save picture as’ (Internet Explorer). Please link back to our home page, www.getsafeonline.org.

{ 6 comments }

Guest Blog from Rik Ferguson – Senior Security Advisor at Trend Micro

Today sees the launch of Facebook Places in the UK, a new service that allows you to use your iPhone or other touchscreen GPS enabled device to “check-in” and show the world where you are.

With the launch of this service, Facebook are jumping onto the geo-location bandwagon previously offered by the likes of foursquare and others. However with Facebook’s 500 million users and the ever increasing popularity of GPS aware mobile devices the could be the first time it hits most mainstream users.
 
Essentially Facebook places allows user to manually check themselves in at any location they happen to visit, which sounds great for locating friends and acquaintances who may be at the same place or event, but also has some serious privacy implications.
 
Like most things on Facebook who is able to see your updates and check-ins can be restricted by your privacy settings, and the check in process itself must be manually completed every time, so no one’s going to be able to follow from place to place unless you allow them to.
 
However in these default privacy settings, once you check in, even if you have set your location to be visible to “Friends only” Facebook will allow anyone else checked in nearby to see your location, that doesn’t sound ideal to me and could represent valuable information to someone with less than honourable intent. By the way, to get here and change these settings you should click on Account in the top right of your Facebook screen, then choose Privacy Settings and then search for the very small “Customise settings” link on that page. As well as the settings shown in the image above, if you scroll down a little further you can choose to disable Friends being able to check you in, which is once again sadly enabled by default.
 
Unfortunately it doesn’t stop there, it is also possible to tag friends in your own check-ins, meaning that you can be “checked-in” either against your will or without your consent. Friends can check you in anywhere, regardless of your actual location, even making it look as tough you are somewhere you are not. Once another user has been tagged in your check-in, they receive a notification along with the option to remove the tag; but from the moment they are tagged, the information is posted on Facebook, without their consent, even if they have not started using Places themselves. Also, it cuts both ways. If I check-in and tag a friend, then although my privacy settings should allow “Friends Only” to see my location, any friends of the person I tagged will see my location on that person’s wall.
 
Clearly this systems represents a massive risk to individual privacy. If Facebook persist in allowing check-ins by third parties then they need to ensure that the information is not made public until it has been agreed to by all people identified. Facebook should also ensure that any privacy settings are either fully respected or that the implications of your actions are make crystal clear.

For more information visit GetSafeOnline.org

{ 2 comments }

Guest Blog from Rik Ferguson – Senior Security Advisor at Trend Micro

Get Safe Online has asked me for a few tips on how to look after yourself online, particularly with regard to social networking. I know many of the people who read this blog are regular users of Facebook & Twitter, so I wanted to share those tips here. It’s by no means an exhaustive list and I didn’t quite make to the catchy “10 top tips” but hopefully there are a few things here that you may not have previously considered.
1 – Familiarise yourself with both the privacy settings and the security policy of any social and professional networking sites you use. If you’re not happy with them, stop using the site.  

2 – When you create your profile consider each piece of information that you share and whether if it is necessary or even relevant to that site. Do you need to share telephone numbers for example, maybe if your mail or direct messages come direct to your phone that is enough. Think practically don’t complete a form just because it is in front of you.

3 – When you share content, chat, mail or comment on other people’s posts or profiles never consider your communication to be personal or private. Even if you have made full use of the privacy settings available to you, you cannot be sure your content won’t be copy/pasted, downloaded or otherwise shared more widely without your knowledge.

4 – Most sites offer a means to reset your password should you forget it. This is also one of the most common ways to break into an account. If you are asked to provide answers to “Security questions” consider whether the answers are really secure. Secure means that you are the only person who can answer the question. If the possibility exists to create your own questions, use it. If you are obliged to answer more standard questions such as “First school”or “First pet” remember the answer doesn’t have to be the truth, it only has to be something you can remember.  

5 – Do not use a single password for multiple different sites, that way if one is compromised you don’t have to worry about the others. Create complex passwords using upper and lower case letters, numbers and special characters such as $%&!. Devise a way to differentiate your password for each site you use, for example putting the first and last letters of the web site name at the beginning and end of your complex password. (Tip: the character £ does not feature in some automated tools for brute forcing passwords so it can be a good one to use. To get that character on a non UK keyboard, hold down the Alt key and tap 0163).

6 – If you receive a friend request from someone you don’t know or recognise, contact them directly before you make the decision to add them to your circle of trust. Ask how they know you, and check they are legitimate. It’s not only your own privacy you are protecting, it’s also that of all your friends.  

7 – Consider sorting your friends into groups, in many cases this will allow you to share specific content with specific groups only.  

8 – Try to minimise the number of third party apps and services that you install or allow to access your account, learn how to remove or disallow them and get rid of any that you no longer use. Don’t forget even on Twitter once you authorise a service to access your account, that permission remains unless you manually remove it and it also persists through password changes.

9 – Don’t click links in messages or wall posts, even links sent to you by friends without checking first if the person intended to send it to you. The few moments it takes to check could save you from falling for a phishing scam or worse, infecting your computer. You could also be doing your friend a favour if you are letting them know their account is compromised and sending out links.

For more information visit GetSafeOnline.org

{ 3 comments }

The UK’s first national hunt for future cyber security professionals launches today in central London. The Cyber Security Challenge UK is a series of online and face-to-face competitions designed by leading security, education and government organisations as a response to the worryingly small numbers of skilled personnel in the cyber security and online crime prevention profession.

The Challenge will identify the most talented individuals in the country capable of becoming our first line of defence against cyber attacks and online crime now and in the future. It will excite and inspire participants to consider a career as a cyber security professional. The very latest technologies will be employed to test the mettle of everyone from teenagers to seasoned IT professionals.

Anyone interested in participating in the challenge can register online and have a chance to be crowned the UK’s Cyber Security Champion at http://cybersecuritychallenge.org.uk/site/Home

{ 1 comment }