People Are Not Using the Internet Securely
Other breaking news:
- Joseph Alois Ratzinger believed to be Catholic
- Ursus arctos horribilis found to defecate in woodland
Fewer than half the UK’s 29m adult internet users believe they are responsible for protecting personal information online, a survey suggests.
One in six of the 2,441 people surveyed felt responsibility rested with banks.
… and until you need to pass some kind of “driving test” before you’re allowed on the internet, my answer will remain “No shit, Sherlock?”
But basically the problem is that when you’re dealing with protecting information online, there are multiple ways in which your data can be stolen and used for identity fraud, some of which the individual is responsible for, and some of which they aren’t. Of course, I am not a lawyer, and none of this is legal advice, so seek professional advice if you think you’ve become a victim of identity fraud I’m just trying to highlight ways you can maybe avoid it.
If you download software, of any description, from anywhere, at any point, you are at some risk of virus infection. If you’re downloading from a reliable source, the risk descreases but doesn’t disappear — after all, how do you know that the particular server you downloaded the files from hadn’t been hacked only hours before?
And if you’re tempted to download a cracked version of a game, or a key generator or something, don’t forget to ask yourself the question “what’s in it for them?”. I’m assuming at this point you’ve already come to terms with the question “hang on, isn’t this a bit illegal?”, but if not, you might want to consider that one too.
Why would someone offer your PC a free health check? Have you heard of the company before? Why would they offer you a cracked version of the software, or a key generator? What do they get out of it? If you are struggling to provide a concrete answer, you might want to consider the option that what they are getting out of it is having you install their malicious programs on your PC all by yourself (normally bundled in with the stuff you were expecting so you don’t get too suspicious).
So you have a virus-checker on your PC. And you keep it up to date. That way, you’re only exposed to the newest viruses for a short period of time before your virus checker would recognise them. And by up to date I mean at least weekly, and ideally check for updates every time you connect to the internet. If you don’t keep it updated, you will get infected at some point.
And that’s only the first part of the equation. If you get a virus on your PC, such as a keylogger, which records every keystroke you ever press and then secretly dumps the information to an internet site for them to look through your details to try and find account numbers, passwords and so on, it’s probably your own fault.
The second part of the equation relates to exactly who you are giving your details to. Scammers use social engineering to try and make you think you need to reply to an email, or follow a link in an email and then input various details. They will tell you that there has been suspicious activity on your account, that your account is in danger of being deleted, that there has been a problem with a PayPal transaction or something like that.
If you follow a link to a malicious site — which, if they have any sense, will be set up to appear exactly like the genuine article — and type in your details, then you’ve just given the scammers your banking details, and after a very short delay, your money.
Look at it this way: If I were to approach you in the street, claimed to be from your bank, had a clipboard with your bank’s logo on it and asked you to give me your bank details, would you? If you would, just email me your bank details to save me the bother of finding where I’ve put my clipboard. If you’re not quite that daft, you’d probably pop into a local branch, where you would know the people behind the counter were genuine. And you’d enquire there.
So do the same online. Don’t follow someone else’s links to a site — type in what you already know to be their web address, Google their name, whatever. But don’t trust a route to a site given to you in an email.
Oh and — just in case you need to be told — if you win a lottery you didn’t enter, or if the late wife of General Mboto wants your help in getting £15 million out of Namibia, it’s a scam. You won’t be better off. What they want is your bank details, and then the contents of your bank account.
If you hand over your details to someone in this manner, again it’s your fault.
Social engineering can be pretty impressive here. Imagine your wallet is stolen. Imagine you phone the police to report it missing. And then five minutes later, someone from your bank phones up:
We’ve had a report from the police that your bank card has been stolen Sir, can you just confirm a few details so we can cancel it?
What’s your address?…Uh-huh.
When did you last use the card?…Uh-huh.
Did you use the default PIN that came with the card, or did you change it?…Oh, you changed it.
Ah, well I’m afraid I can’t stop the card from this screen Sir, without the PIN, and I don’t have a record of that.
Three seven nine seven? Thank you very much Sir, the card is now cancelled.Phone Caller
Fantastic you think, that’s really efficient. And then you start to wonder, so you call your bank back… to find that your card hadn’t been cancelled, and you’ve just provided someone with the information they needed to empty your account.
No, I’d hope I’d not be that stupid either. But if you’ve had something stolen, you’re likely to be flustered and not thinking straight. But it’s clever social engineering. And that’s what the scammers do.
Back to the equation then. We’re now onto part three. It’s a good job I was good at maths. Usernames and passwords. Here, it’s maybe your fault, maybe someone else’s fault depending on the circumstances. If your password is “password” or it’s the same as your username, it’s your fault. If the website allows you to use extremely weak passwords, or doesn’t at least advise what makes a strong password, then they’ve not entirely been helping.
Furthermore, if you find that you’re logging in any inputting your details on a site that shows https:// at the start of the address bar, then the information being exchanged is encrypted. If the site just shows http://, then it isn’t. Most browers will give you some sort of extra visual clue too — changing the colour of the address bar, showing a padlock or so on. Basically, if you’re sending information across the internet, it can be intercepted. If it’s not encrypted, it’s an awful lot easier for someone to get access to it.
If it ain’t https:// it’s the online equivalent of writing it down on a piece of paper and leaving it in the street. Maybe no one will pick it up. Maybe an honest person will. Or maybe, just maybe, you’ve exposed yourself to a bit of a risk. You should expect that any financial transactions of any kind, and any other transactions relating to confidential information, should be secured in this manner.
The same sort of thing goes for tihs new-fangled wireless broadband thingummy. If you’re sending data through the airwaves throughout you’re entire house, what do you think the chances are that this stops dead as soon as it encounters a window? Or do you think your wireless broadband network maybe extends beyond the walled boundaries of your house? Chances are it does. So secure it.
But of course even if you do absolutely everything you can and ensure that your details are only ever known by you and your bank, you’re still only as secure as your bank is. Maybe your bank is one of the banks that leave un-shredded confidential data in the street, allowing fraudsters a chance to pick your details up?
Even if your bank doesn’t make those mistakes, it’s only as secure as its staff. Have you heard the case where the call centre operative passed information on to fraudsters?
Still … not to worry, eh?
Remember to do your part of the job properly — have a look at Get Safe Online if you’re not sure how — and just pray that your banks and all the companies that have ever had your financial information keep up their end of the deal…
Hello. I am 
Amen
fraudsters would get a surprise if they knicked my identity - they wouldn’t get a penny out of my account but might get chased up for what i already owe.
heheheheh……….,