Identity fraud: How to stay safe online

Identity fraud is one of the fastest growing crimes in the UK and with more of us shopping and banking online than ever before, it’s vital to take steps to keep your identity and money secure. In fact, 2011 saw the highest ever number of frauds perpetrated in this country, particularly online fraud.

What’s going on?

Basically, more of us are shopping online and cyber-criminals are coming up with more and more inventive ways to scam us.

They use a sort of online black market to trade credit card details in bulk – in fact they can trade email address and accounts from only 5p, with a full identity going for about £45, according to new research from anti-virus supplier Symantec.

In fact figures from the National Fraud Authority estimate that every year in the UK, identity fraud costs more than £2.7 billion and affects over 1.8million people. Scarily, at least £1.9billion of this is gained by the fraudster, which means that on average, fraudsters gain over £1000 from every stolen identity.

Garreth Griffith, Head of Risk Management at PayPal says: “Forewarned is forearmed. With more people than ever shopping online in the UK it’s really important that people remain vigilant whenever they are making financial transactions online and don’t inadvertently leave themselves open to becoming a victim of a scam or fraud.”

What are the scams I need to watch out for?

Phishing scams

Phishing is a common tactic used by hackers and identity thieves to acquire sensitive information like usernames, passwords and bank details. This is done by creating a website that looks identical to big brand sites such as online banks, social networking sites, eBay and AOL.

An email directs you to the dodgy website, where you are asked to enter your personal information into what appears to be the trusted site’s ordinary log-in form. However, your details are actually collected and stored on a database which is likely to be sold on to another fraudster.

A phishing email can seem very legitimate, perhaps featuring your bank’s logo, but your bank or credit card company should never ask you to confirm private details in this way – and it’s better to be safe than sorry so if you’re at all unsure, contact your bank or the company in question, and ask them to confirm details over the phone or in the branch.

Phishing has even morphed into what has been called SMSing (ID theft using SMS texts) then into vishing (ID theft using voice over internet protocol).

Here are some tips from Paypal on how to spot a phishing email:

1. Generic greetings

Many spoof emails begin with a general greeting, such as: “Dear PayPal member.” If you do not see your first and last name, be suspicious and do not click on any links or buttons.

2. A fake sender’s address

A spoof email may include a forged email address in the “From” field. This field is easily altered.

3. A false sense of urgency

Many spoof emails try to deceive you with the threat that your account is in jeopardy if you don’t update it ASAP. They may also state that an unauthorised transaction has recently occurred. Always remember, if it is so urgent, the real organisation will let you know when you go directly to their website rather than clicking on any links in the email.

Social networking scams

Sites such as Facebook, Bebo, Twitter, Linkedin and MySpace can seem like a bit of fun, but identity theft is dramatically rising across social media, particularly now so many of us have smart phones.

New research from credit card provider Capital One reveals that social networks have been accessed without permission more than 60 million times in the last year – the equivalent of 1.9 profiles every second.

Michael Woodburn, Chief Marketing Officer, Capital One said: “Social networking sites are a great way to stay in touch with friends and family. Yet in the excitement of connecting with those around us, remembering to protect your online profile can often take a back seat, which can leave people open to smugging (social media mugging), or worse, identity theft.”

Be very careful with the personal information you divulge on social networking sites, and make sure your profile is set to the highest privacy settings – otherwise you just can’t guarantee who is looking and what they might be able to find out about you.

Scareware scams

There’s also the rather ominous sounding Scareware scams – sent around after almost any breaking news story.

As an example, when Patrick Swayze died recently emails were sent round mentioning his death, some even contained an actual CBS news clip. But, before the clip ended, a text box appeared stating that a virus had been found then invited the recipient to click on to run a free test. At this point, it pretended to search and find malicious software then asked to download and pay for a malicious software remover.

Spoof websites

Should you come across a website with numerous spelling and grammatical mistakes, or with lots of pop-ups and banners – it’s probably not legit and it’s advisable you don’t give out any valuable information on it.

Similarly, if you come face-to-face with any pop-ups telling you that you need to download software you’ve never heard of, close the window and try not to visit the site again.

Here are some tips from Paypal on how to spot a spoof website:

1. Deceptive URLs

Some fraudsters will insert a fake browser address bar over the real one, making it appear that you’re on a legitimate website. The term ‘https’ should precede any web address (or URL) where you enter personal information. The “s” stands for secure. If you don’t see “https,” you’re not in a secure web session and you should not enter any personal data.

2. Out-of-place lock icon

Make sure there is a secure lock icon in the status bar at the bottom of the browser window. Many fake sites will put this icon elsewhere on the page to deceive you.

3. Logo, design and type

The brand logo, design and fonts used on a fraudulent web page may look obviously wrong or out-of-place, but some fake websites have a very professional design which closely mimics the original site, so use the tips above to determine whether a site is genuine or not.

How can I protect myself?

1. The most important thing to do is protect your computer

Install the latest software versions of anti-virus, anti-spyware and firewall. A firewall acts as a barrier blocking unauthorised access and viruses from the internet.

You can dramatically reduce your vulnerability to internet scammers and hackers by installing simple security software on your computer. A free anti-virus programme such as AVG can protect you against viruses, Trojans and worms (self-installing programmes that can damage your PC) and other users logging on to your computer and accessing your files.

For less than £25 you can get a Norton Anti-Virus programme to give you full internet security.

2. Ditch Internet Explorer

The most commonly used web browser is Internet Explorer (the default browser on all PCs) but unfortunately for internet users, its security system isn’t the best.

Check your version is up to date – you can install a service pack from the Microsoft website, or even better, download a smaller rival web browser like Mozilla Firefox for free. Mozilla is a company that’s run by internet good guys who are dedicated to improving the quality of web browsing – so you know you’re in good hands when you use their software.

3. Check your credit report!

Identity fraud – where fraudsters take out credit cards or loans in your name – is the fastest growing crime in the UK. And it’s not always easy to find out if you’ve had your identity stolen, unless you check your credit report.

You’ll be able to see straight away if anything has been set up in your name which isn’t yours, or spot any unusual activity – then you can take action against the fraudsters. Credit Expert offers a 30-day free trial where you can view and update your report, though if you’re particularly concerned, you can pay a small monthly fee for continued access to your report.

4. Look out for the little padlock

Every time you enter any form of bank account information online, look out for the little padlock on the bottom right side of your web browser. This padlock means that the website is secure, and can’t be accessed by any third parties, so your information is safe from prying eyes.

If at any point you are asked to enter bank details, make sure you can see the padlock otherwise your details can easily be accessed. You should be taken to a secure server (the URL should start https://www).

5. Don’t open email attachments from people you don’t know

If you receive an email from someone you’ve never even heard of, or that looks particularly dodgy (trying to sell you Viagra or get your bank details, for example), delete it immediately.

The attachments will probably contain harmful files that can seriously damage your computer, or even help scammers access your personal details.

6. Think before giving out your details

Before you give out any information about yourself online – even your name – think who wants that information and what they might be able to do with it. Make an informed decision as to whether or not you want to give the company your details.

For example, a legitimate survey website has every reason to ask you your age, but a “bargain offer” pop-up asking for it is highly questionable.

7. You can’t really make £1,000s in a day

A successful business requires time, effort and perseverance – companies telling you otherwise are usually lying.

Recently, there have been a lot of emails telling people they can make £1,000s a week from filling out surveys at home – providing they pay an initial fee and then a subscription. Don’t fall for it – no legitimate market research should ask you to pay to take part.

Instead, use a tried and tested survey site like Panelbase and take a look at our article about taking part in online surveys for more information. Anything telling you that you can make large amounts of money in short amounts of time is shady and should be avoided at all costs.

8. Beware of ‘cash prizes’ and ‘free gifts’

As tempting as it might be to give out your bank account details to collect the £1,000,000 cash prize you’ve been sent in an email (even though you didn’t enter any competitions) – don’t do it!

Companies advertising free gifts will normally be referral sites, where you have to purchase one of their products, or use one of their services, then get loads of your friends to sign up and purchase a product. Then you will get the free gift if you’re lucky, and it is very often of lesser value than the service you’ve had to pay for.

If at any point you find yourself looking at an email, pop-up or advert telling you you’ve won a cash prize, ignore it (or delete it if it’s an email). People just don’t give money away for nothing, and you can’t win prizes for competitions that you’ve never entered.

If you’ve been “automatically” entered into a competition then ask yourself how this company got your details, and why would they enter you into this competition. If it sounds too good to be true then it probably is.

9. Get a prepaid credit card

Prepaid credit cards are a great way to protect yourself from skimming. Having one doesn’t mean that you are immune to having your details stolen, however the card has no relation to your bank account and cannot give away your bank details, so even if scammers get hold of your card details, they can only steal as much as there is on the card at one time.

All you then have to do is be prudent about how much you top up the card with. Only top up as much as you are going to need and make sure you do not keep a high balance on the card for long periods of time. This way you will be protected from serious fraud. For more information see our whole article about prepaid credit cards here.

10. More top tips

Never log onto your bank account in an internet café or public library
Check any social networking sites that you’ve joined and use the security settings to restrict access – your date of birth, address, full name and place of birth can be all that’s needed to steal your identity so keep any personal info to a real minimum
If there’s a website you want to make a purchase from, check their credentials for free first with 192.com – that way you can verify that it’s a genuine company or individual by checking their contact details are real.
Getsafeonline.org offers advice on keeping your details private on social networks
If you sell an old computer, wipe any personal details
Do not use the same password for several online accounts
Choose a password with a combination of letters and numbers to make it more difficult to guess
Check out the National Identity Fraud Prevention Week website for loads more tips and advice.