For a richer life

Identity fraud: how to stay safe online

Identity fraud: how to stay safe online

Identity fraud is one of the fastest growing crimes in the UK and with more of us shopping and banking online than ever before, it’s vital to take steps to keep your identity and money secure. In fact, 2011 saw the highest ever number of frauds perpetrated in this country, particularly online fraud.

What’s going on?

Basically, more of us are shopping online and cyber-criminals are coming up with increasingly inventive ways to scam us.

They use a sort of online black market to trade credit card details in bulk – in fact they can trade email address and accounts from only 5p, with a full identity going for about £45, according to new research from anti-virus supplier Symantec.

In fact figures from the National Fraud Authority estimate that every year in the UK, identity fraud costs more than £2.7 billion and affects over 1.8million people. Scarily, at least £1.9billion of this is gained by the fraudster, which means that on average, fraudsters gain over £1,000 from every stolen identity.

Garreth Griffith, Head of Risk Management at PayPal says: “Forewarned is forearmed.  With more people than ever shopping online in the UK it’s really important that people remain vigilant whenever they are making financial transactions online and don’t inadvertently leave themselves open to becoming a victim of a scam or fraud.”

What are the scams I need to watch out for?

Phishing scams

Phishing is a common tactic used by hackers and identity thieves to acquire sensitive information like usernames, passwords and bank details. This is done by creating a website that looks identical to big brand sites such as online banks, social networking sites, eBay and AOL.

An email directs you to the dodgy website, where you are asked to enter your personal information into what appears to be the trusted site’s ordinary log-in form. However, your details are actually collected and stored on a database which is likely to be sold on to another fraudster.

A phishing email can seem very legitimate, perhaps featuring your bank’s logo, but your bank or credit card company should never ask you to confirm private details in this way – and it’s better to be safe than sorry so if you’re at all unsure, contact your bank or the company in question, and ask them to confirm details over the phone or in the branch.

Phishing has even morphed into what has been called SMSing (ID theft using SMS texts) then into vishing (ID theft using voice over internet protocol).

Here are some tips from PayPal on how to spot a phishing email:

1. Generic greetings

Many spoof emails begin with a general greeting, such as: “Dear PayPal member.” If you do not see your first and last name, be suspicious and do not click on any links or buttons.

2. A fake sender’s address

A spoof email may include a forged email address in the “From” field. This field is easily altered.

3. A false sense of urgency

Many spoof emails try to deceive you with the threat that your account is in jeopardy if you don’t update it ASAP. They may also state that an unauthorised transaction has recently occurred. Always remember, if it is so urgent, the real organisation will let you know when you go directly to their website rather than clicking on any links in the email.

Social networking scams

Sites such as Facebook, Bebo, Twitter, LinkedIn and MySpace can seem like a bit of fun, but identity theft is dramatically rising across social media, particularly now so many of us have smart phones.

New research from credit card provider Capital One reveals that social networks have been accessed without permission more than 60 million times in the last year – the equivalent of 1.9 profiles every second.

Michael Woodburn, Chief Marketing Officer, Capital One said:  “Social networking sites are a great way to stay in touch with friends and family. Yet in the excitement of connecting with those around us, remembering to protect your online profile can often take a back seat, which can leave people open to smugging (social media mugging), or worse, identity theft.”

Be very careful with the personal information you divulge on social networking sites, and make sure your profile is set to the highest privacy settings – otherwise you just can’t guarantee who is looking and what they might be able to find out about you.

Scareware scams

There’s also the rather ominous sounding Scareware scams – sent around after almost any breaking news story.

As an example, when Patrick Swayze died emails were sent round mentioning his death, some even contained an actual CBS news clip. But, before the clip ended, a text box appeared stating that a virus had been found then invited the recipient to click on to run a free test. At this point, it pretended to search and find malicious software then asked to download and pay for a malicious software remover.

Spoof websites

Should you come across a website with numerous spelling and grammatical mistakes, or with lots of pop-ups and banners then it’s probably not legit and it’s advisable you don’t give out any valuable information on it.

Similarly, if you come face-to-face with any pop-ups telling you that you need to download software you’ve never heard of, close the window and try not to visit the site again.

Here are some tips from PayPal on how to spot a spoof website:

1. Deceptive URLs

Some fraudsters will insert a fake browser address bar over the real one, making it appear that you’re on a legitimate website. The term “https” should precede any web address (or URL) where you enter personal information. The “s” stands for secure. If you don’t see “https”, you’re not in a secure web session and you should not enter any personal data.

2. Out-of-place lock icon

Make sure there’s a secure lock icon in the status bar at the bottom of the browser window. Many fake sites will put this icon elsewhere on the page to deceive you.

3. Logo, design and type

The brand logo, design and fonts used on a fraudulent web page may look obviously wrong or out-of-place, but some fake websites have a very professional design which closely mimics the original site, so use the tips above to determine whether a site is genuine or not.

Get new money-making secrets every week for free. Signup here now!


How can I protect myself?

1. The most important thing to do is protect your computer

Install the latest software versions of anti-virus, anti-spyware and firewall. A firewall acts as a barrier blocking unauthorised access and viruses from the internet.

You can dramatically reduce your vulnerability to internet scammers and hackers by installing simple security software on your computer. A free anti-virus programme such as AVG can protect you against viruses, Trojans and worms (self-installing programmes that can damage your PC) and other users logging on to your computer and accessing your files.

For less than £18 you can get a Norton Anti-Virus programme to give you full internet security.

2. Ditch Internet Explorer

The most commonly used web browser is Internet Explorer (the default browser on all PCs) but unfortunately for internet users, its security system isn’t the best.

Check your version is up to date – you can install a service pack from the Microsoft website, or even better, download a smaller rival web browser like Mozilla Firefox for free. Mozilla is a company that’s run by internet good guys who are dedicated to improving the quality of web browsing – so you know you’re in good hands when you use their software.

3. Check your credit report! 

Identity fraud – where fraudsters take out credit cards or loans in your name – is the fastest growing crime in the UK. And it’s not always easy to find out if you’ve had your identity stolen, unless you check your credit report.

You’ll be able to see straight away if anything has been set up in your name which isn’t yours, or spot any unusual activity – then you can take action against the fraudsters. Credit Expert offers a 30-day free trial where you can view and update your report, though if you’re particularly concerned, you can pay a small monthly fee for continued access to your report.

4. Look out for the little padlock

Every time you enter any form of bank account information online, look out for the little padlock on the bottom right side of your web browser. This padlock means that the website is secure, and can’t be accessed by any third parties, so your information is safe from prying eyes.

If at any point you are asked to enter bank details, make sure you can see the padlock otherwise your details can easily be accessed. You should be taken to a secure server (the URL should always start https://www).

5. Don’t open email attachments from people you don’t know

If you receive an email from someone you’ve never even heard of, or that looks particularly dodgy (trying to sell you Viagra or get your bank details, for example), delete it immediately.

The attachments will probably contain harmful files that can seriously damage your computer, or even help scammers access your personal details.

6. Think before giving out your details

Before you give out any information about yourself online – even your name – think who wants that information and what they might be able to do with it. Make an informed decision as to whether or not you want to give the company your details.

For example, a legitimate survey website has every reason to ask you your age, but a “bargain offer” pop-up asking for it is highly questionable.

7. You can’t really make £1,000s in a day

A successful business requires time, effort and perseverance – companies telling you otherwise are usually lying.

Recently, there have been a lot of emails telling people they can make £1,000s a week from filling out surveys at home – providing they pay an initial fee and then a subscription. Don’t fall for it – no legitimate market research should ask you to pay to take part.

Instead, use a tried and tested survey site like MySurvey and take a look at our article about taking part in online surveys for more information. Anything telling you that you can make large amounts of money in short amounts of time is shady and should be avoided at all costs.

8. Beware of ‘cash prizes’ and ‘free gifts’

As tempting as it might be to give out your bank account details to collect the £1 million cash prize you’ve been sent in an email (even though you didn’t enter any competitions) – don’t do it!

Companies advertising free gifts will normally be referral sites, where you have to purchase one of their products, or use one of their services, then get loads of your friends to sign up and purchase a product. Then you will get the free gift if you’re lucky, and it is very often of lesser value than the service you’ve had to pay for.

If at any point you find yourself looking at an email, pop-up or advert telling you you’ve won a cash prize, ignore it (or delete it if it’s an email). People just don’t give money away for nothing, and you can’t win prizes for competitions that you’ve never entered.

If you’ve been “automatically” entered into a competition then ask yourself how this company got your details, and why would they enter you into this competition. If it sounds too good to be true then it probably is.

9. Get a prepaid credit card

Prepaid credit cards are a great way to protect yourself from skimming.  Having one doesn’t mean that you are immune to having your details stolen, however the card has no relation to your bank account and cannot give away your bank details, so even if scammers get hold of your card details, they can only steal as much as there is on the card at one time.

All you then have to do is be prudent about how much you top up the card with.  Only top up as much as you are going to need and make sure you do not keep a high balance on the card for long periods of time.  This way you will be protected from serious fraud.  For more information see our whole article about prepaid credit cards here.

10. More top tips

  • Never log onto your bank account in an internet cafe or public library
  • Check any social networking sites that you’ve joined and use the security settings to restrict access – your date of birth, address, full name and place of birth can be all that’s needed to steal your identity so keep any personal info to a real minimum
  • If there’s a website you want to make a purchase from, check their credentials for free first with – that way you can verify that it’s a genuine company or individual by checking their contact details are real
  • offers advice on keeping your details private on social networks
  • If you sell an old computer, wipe any personal details
  • Do not use the same password for several online accounts
  • Choose a password with a combination of letters and numbers to make it more difficult to guess
  • Check out the National Identity Fraud Prevention Week website for loads more tips and advice.

Useful Links

More handy articles…

If you enjoyed this article we think you’ll also like:

  • Money Bulldog

    I got an email today telling me I’d won a million euros in a sweepstake. These emails can look like the real deal with the website & email addresses they use but then it wouldn’t be a scam if they didn’t!

    Always enter the details of any emails like this you might receive into google to check if it’s a known scam & always be wary if something seems too good to be true, It usually is!

    Great Post

  • Marline Austin

    wonderful site!! You should start many more. I love all the info offered. I will stay tuned.

  • lowongan kerja dan karir

    I appreciate well-written and informative content. This article shows the writer’s knowledge of the subject matter as well as masterful writing skills. I enjoyed this article and will return for more very soon. Thank you.

  • combat arms hacks

    This article is an inspiration. You are a profound and insightful writer that knows how to get your point across with interesting and quality content. You are wonderful with words.

  • qb

    Re Internet Explorer, article from PCA

    The internet is a breeding ground for lies, half-truths, and misinformation, especially when it comes to technology. We’ve dug up some of the web’s most notorious nuggets of conventional wisdom to see which hold up to scrutiny and which are merely urban legends.

    Internet Explorer is less secure than other browsers
    Everyone ‘knows’ that Chrome, Firefox and Safari are all way more secure than Internet Explorer. But what’s the real story?

    To find out, I first looked up Symantec’s twice-yearly Internet Security Threat Report, which yielded the total numbers of reported vulnerabilities for 2009: Firefox had the most at 169, followed by 94 for Safari, 45 for IE, and 41 for Google Chrome. For more-recent data, I turned to the United States Computer Emergency Readiness Team (US-CERT), which hosts the National Vulnerability Database, a searchable index of reported computer vulnerabilities. A search of data for a recent three-month period yielded 51 such vulnerabilities for Safari (including both mobile and desktop versions), 40 for Chrome, 20 for Firefox, and 17 for IE.

    Such counts alone aren’t the best way to measure a browser’s security, however. A browser with 100 security flaws that are patched a day after being discovered is safer than a browser with only one exploit that hasn’t been patched for months.

    According to Symantec’s report, the average window of vulnerability (the time be­­tween when the flaw is reported and when it’s patched) in 2009 was less than a day for IE and Firefox, two days for Google Chrome, and a whopping 13 days for Safari. Clearly, Internet Explorer is doing fairly well. Nevertheless, you should still consider a few important factors before deciding to jump ship back to IE.

    Stay updated. The second most common web-based attack in 2009 exploited an IE security flaw patched way back in 2004 (the 2009 attack targeted un-updated PCs). The latest version of IE 8 may be pretty safe, but ditch any earlier version you have.

    Your browser is only as secure as your plug-ins. Symantec found that Microsoft’s Ac­­tiveX plug-in (enabled by default in IE) was the least secure with 134 vulnerabilities, followed by Java SE with 84, Adobe Reader with 49, Apple QuickTime with 27, and Adobe Flash Player with 23. The moral: Be careful at sites that use browser plug-ins.

    It’s tough to be on top. IE still has the biggest piece of the browser pie, meaning that cybercriminals are more likely to target IE than other browsers.

  • Kath

    I have been going to the library on purpose to access my online bank because I was told that their security systems have to be really good. Now I am confused – why not log on at the library?

    • Simon Willmore

      Hi Kath

      Thanks for your comment. The reason we suggest you do not use the library to access your online bank is because files called ‘cookies’ may be left on the computer, which may help the next user to access your details.

      But, provided you make sure you don’t leave details of your history usage on the computer, it should be absolutely fine. That includes not checking ‘yes’ when the computer asks if you would like it to remember your password!

  • Houston shredding

    With all the precautionary measures being advised to us, there are still people who get victimized by identity theft whether online or through their private documents. This is why we all need to be vigilant in safeguarding our identity. With mail and our credit records, let us shred their copies so that even if fraudulent people go dumpster diving in your bin, they will not see anything useful. For digital information, do not share too much.

  • Facebook Like Site

    Hey, this is my first comment on ur site. I’ve been reading it for a while in my RSS reader but haven’t commented before. :) Anyways, thanks for the post.

  • Edley

    Hello. I happened upon your web site while I was searching for something completely unrelated. While I do not agree with everything you posted we do have similar thoughts for the most part. I have bookmarked your website and will visit again in the near future to see what you are blogging about in 2010!

  • Ezekiel Sermons

    Thank you for the work you have put into your nice blog. We will bookmark to your blog because it is very informative. We love the site and will come back to see your new posts.