Identity or ID fraud is huge.

Here are some facts to make you think ….

90% of users never check all their transactions on their bank or credit card statements. (ID Theft Protect, Aug 2007)

89% of users do not use a password manager to store their online and offline usernames and passwords. (ID Theft Protect, Sept 2007)

Identity theft is costing the British economy over £1.7 billion annually. (2006 – CIFAS)

Impersonation of the dead is growing at a rate of increase of 60% each year. (2004 – UK Home Office)

In 2004 most UK card fraud was committed via face-to-face transactions in shops. (2004 – Cardwatch)

These are just UK figures.

So what can you or should you do to help protect your ID in an ever increasingly connected and online world?

• Keep personal information secure.
• Keep all your plastic (credit / debit / identity) cards safe.
• Keep your documents safe.
• Keep your passwords and PINs safe.
• Use individual passwords for anything that requires online transactions – monetary or not.
• Protect the identity of deceased family members.
• Shred letters / documents that contain identifying information.

I will almost certainly expand on some of these in the weeks and months to come, but if you need any specific information or answers now then please do ask via the comments section or via my contact form or even by using the Skribit suggestions tab.

We’ve been getting a spate of phone calls at home.

The conversation goes something like this:

Me: Hello

Them: Can I speak with Mr. Smith? (name changed, but it isn’t mine)

Me: I’m sorry Mr. Smith hasn’t lived here since 2003.

Them: Is that Windy Way? (also changed)

Me: I’m not prepared to confirm that ….

We then bat back and forth a bit where they are trying to get some details about my address confirmed and I just stick to my mantra of “Mr. Smith hasn’t lived here since 2003″ and / or “I’m not prepared to confirm that”. At which point they have always got nasty or downright rude and it always ends with me hanging up as they try every tactic they can to get me to confirm something. Typically a day or so goes past before I get another one.

This seemingly innocuous approach to getting details is the old ‘social engineering‘ approach – whereby you use a fact (whether true or not) to gather accurate details of your target. The end game being that your or your company’s security gets compromised in some way.

The whole saga reminded me to have another chat with my children.

I’ve covered online dangers many a time with my children but for some reason had overlooked the more obvious direct approach.

My end advice to them was ultimately very simple:

If you don’t know the person then tell them nothing.

And always refer them to mum or dad.

Turns out our regular caller is a debt collection agency based in Scotland and they are known for their rude strong arm tactics in trying to get information so that they can pin a debt on you.

Reminds me that all the dangers aren’t online and we do well to remember that.

• have you any simple safety advice?
• have you fallen foul of social engineering?
• if so, what was the outcome?

AV-Comparatives have, until recently, been a site I trust.

I’ve referred you good readers to them before as a place of independence.

But today, IMO, they’ve blown that trust.

In their words:

At the end of every year, AV-Comparatives releases a summary report to comment on the various Anti-Virus products tested over the year, and to determine the winners in the various tests.

All sounds good so far – but last year, 2009, they awarded “AV Product of the year” to Symantec.

What?

How on earth can the widely recognised bloat that is Symantec beat the likes of Kaspersky (2nd) or Nod32 (3rd) as two examples I do trust? OK, so no one company will get it right 100% of the time for 100% of the people, but day in day out Symantec AV software has shown to be problematical, slow and notoriously unfriendly to systems. And woe betide you if you want to remove it.

Take a look at the summary report on which they base their award. On the surface and just looking at the chart you’d be inclined to agree – and let’s face it; not many of us dig into the meat of reports like this. But I do and I did and it makes for far more revealing reading than the headline – AV Product of the Year. After all, will Symantec care that in the details they state “being recognised as “Best Product of 2009″ does not mean that a product is the “best” (underline emphasis mine) – ah right, so now the truth comes out.

So, explain it to me. How can you on the one hand award a best of and then on the other say it isn’t necessarily the best?

Either it is or isn’t.

As I said, Symantec won’t care as they’ll just use the headline.

Oh and you get all this at twice the price of the other two I mention. Go figure.

• Do you agree with me on trust?
• What about in this particular instance – should I just shrug my shoulders?
• Has any security company lost yoru trust?

Here are 10 of the most popular Internet Scams.

I list them purely for your edification in the hopes that you don’t get caught out by them

- or that you can use this as either a quick reference

- or as a pointer for friends that may need some advice.

So, without further ado and in no particular order:

1. Nigerian scam – aka 419.

This almost always appears as an email from someone that is the “relative of the late [insert grand title]“ – in short they utilise emotion to try and get you to part with smaller sums of money in return for a decent %age of a much larger sum. One of the best sites out there for advice and fighting back is 419 Eater.

2. Lottery scams.

Similar to the 419 scam this one typically asks for an up-front payment to release the funds you’ve won. See FraudAid for some great advice.

3. Advance Loan Fees.

These, like the previous two, will ask for an up-front fee typically referred to as an admin or processing fee. They will normally ‘guarantee’ the loan – but ask yourself this: Why, when a conventional bank or credit card company will add the charge to any loan, do I need to pay an up-front fee? Short and to the point advice from Fraud.org.

4. Holiday scams.

These almost always take the approach that you’ve won a greatly reduced cost cruise or holiday but you never get to hear the ‘catch’ until you’ve signed up and paid what you believe is the total cost. Then the hidden clauses come out. ExpertLaw.com appears to have the best coverage of these types of ‘deal’.

5. Phishing scams.

I’ve talked about these before – see my full advice here.

6. Disaster relief scams.

I trust I don’t need to spell this one out? Instead I will simply say – go direct to the homepage of your favourite disaster relief charity and donate there. And if you don’t know any then check out CharityNavigator.

7. Chain eMails.

This is the modern equivalent of a chain letter and you are asked  to forward a small (typically) amount of money to a name & address and add your own to the bottom. More advice and fun at some of the emails out there from BreakTheChain.org.

8. Overpayment scam.

Best way to describe this is with an example. You want to sell item A for £100. Scammer B offers £500 in the form of a cheque (or similar) for goods they’ve sold in your country and for you to forward on the remainder. In this example £400. Then the cheque bounces and not only are you without item A but you’ve also sent B £400. Much more info on this type of scam at Scambusters.org.

9. Computer money making machine scam.

In return for some money, yes up-front, you are asked to install a program on your computer that opens lots of popups / adverts. Each of these effectively generate a click for that advert and ths income for the scammer. You are highly unlikely to see any return on this other then seriously impaired computer response. Avoid.

10. Employment scam.

The only reason this scam exists is to gather information – yours. Oh, and possibly your money too. The end result is likely to be fraud of some kind, either your ID is stolen or money from your bank (knowingly or not) and far from earning you money will always cost. Job-hunt.org has some great advice on this type of scam.

• Have I missed any obvious scams?
• Have you any great links to share that provide advice on avoiding scams?

Here’s a freebie for you.

But it’s not me but Pandora Corp. that are giving something away.

Starting June 26th at 00:01 Pacific Standard Time (time conversion) which is equivalent to GMT / UTC 07:01 and finishing at midnight (PST) Wednesday, June 30th  they are giving away its signature computer monitoring software, PC Pandora 6.0, absolutely free!

Me, I’m against monitoring without first having discussion but if you’ve already reached that stage or you have another need for it, then I say grab it while you can.

Here’s how to get it:

Vist PC Pandora and use the code FREESUMMER2010. As I say – the giveaway will last until midnight on the 30th or until 50,000 units have been given away.

Here’s an interesting find.

Yesterday I blogged about how to hide your IP address and today I caught up with one of the many blogs (EFF in this case) I follow who posted about “encrypting the web”.

In short, it’s a plugin for Firefox released by the Tor Project and EFF that encrypts all your search requests and attempts to encrypt all standard web browsing. Read all about it here.

It’s still in beta but it’s a start.

I say grab it now.

N.B. it doesn’t hide your IP or stop search engines from logging but it does stop ‘in the open‘ intercepts.

So the church hosting account got hacked.

I don’t really know when but the first I was aware was a very terse email from our hoster:

Hello,

We regret to inform you that your account has been suspended for the following reason:

compromised account, spamming

Please contact us as soon as possible to discuss your options for reinstatement.

Sincerely,

Well ok that’s fair but surely they could have given us a clue as to what caused them to be aware of this so we are better able to fix it, prevent it happening again and discuss it.

Turns out the rather simple password that was used for the cpanel account was just that – too simple and consequently the hacker placed a few ‘iffy’ PHP files that were (so I’m told) sending out spam.

I’ve passed the file onto my eldest – he does PHP – and asked him to look it over.

The lesson today … use strong passwords.

Don’t know how or worried about remembering them? Then read this about various password utilities. Need to create a strong password and don’t have one of the listed tools in my link then try this online password generator. My advice, at the very minimum use the defaults but preferably up the character count to 16 or more.

Want to know what makes a strong / secure password? Then have a read of this article.

• Do you use strong / secure passwords?
• Do you have a different one for each site you access?
• Do you use any tools to help you?

First off, what is phishing?

phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. [quote]

According to the Anti-Phishing Group this type of attack is very much on the rise – it is, as I’ve maintained before (e.g. 1, 2), that we should learn about the hardware and software we use and understand what we need to do to ensure the security of said items.

Let me state upfront – you can’t prevent phishing attacks, but you can prepare yourself by taking certain precautions.

• Ensure you keep your computer OS, software, drivers, etc., up to date.
• Ensure you frequently scan your system (either schedule it or manually run) with a top class security tool such as Malwarebytes or similar.
• Ensure (especially Windows OS users) that you keep your anti-virus up to date; that it is running and that it is still working as well as you hope. Check out what independent reviewers / testers such as AV Comparatives think of your AV.
• Always check the full URL of a financial site to ensure you are where you think you are – better still, type it yourself rather than use links in an eMail.
• Don’t trust any eMail that asks for any personal information, especially financial.
• Always check that the email from your financial institution is actually from them.
• Never give out your personal logon details to anyone – this includes your bank as they should never need that information.
• Take the approach of never trusting any eMail or web link unless you are 100% satisfied that it is genuine or has come from a trustworthy source.
• Equally, never open any attachments (especially from friends) unless you know they are sending it. It never hurts to double check.
• Finally, when logged in, ensure your browser is in secure mode.

In short, apply some common sense and avoid providing anything of a financial nature to a faceless website or eMail.

As I said above, you can’t prevent phishing attacks but by applying the above steps you will go a long way towards avoiding falling for their traps.

Also remember that only a few ever fall prey to these attacks and I’m hoping the above advice will reduce those numbers even further.

Have I missed any advice in my bullet points?

Do you take active steps to avoid scams?

Or are you a blind truster?