Feeds

Agile fraudsters prey on clueless UK surfers

Get Safe Online week aims to curtail easy pickings

Seven Steps to Software Security

British attitudes to online safety remain patchy at best, leaving surfers vulnerable to scammers who typically empty funds from compromised accounts before moving onto the next victim.

That's according to a survey published in conjunction with the launch the UK's fourth annual Get Safe Online Week, which kicks off today.

Although use of anti-virus software (85 per cent) is widespread, almost half (48 per cent) of net users surveyed fail to update definition files at least every month, leaving their protection ineffective against the latest malware threats. Anti-spyware protection is installed by less than one in four (23 per cent) UK internet users. Nearly half (47 per cent) are not using any anti-phishing website authentication software.

The lack of protection against phishing scams is concerning due to the increased presence of this type of scam. One in four (23 per cent) of UK net users surveyed by Get Safe Online said that they or someone they knew fell victim to such an attack this year, compared to just eight per cent in 2007.

Worst of all nearly one in five (19 per cent) of the 1,400 UK surfers polled by ICM Research on behalf of Get Safe Online use just one password for all their websites. That means if a hacker works out a way to extract the password for a less sensitive site, for example a social networking site, he has full access to any site a user might be using.

GetSafeOnline.org experts report that fraudsters typically try to get in and out of compromised accounts quickly before moving on to the next mark. This means, in practice, emptying a victim's current and savings accounts and exhausting the full limit of their credit cards.

It estimates that an average UK worker earning £23,764 a year would be worth £14,500 to online criminals. This is based on the idea of three months salary held in online bank accounts and an average of 2.4 credit cards with credit card limits of £3,500 per card, amounting to £8,400.

The estimate is not based on any example from real life and makes enough assumptions, such as the complete removal of funds from all accounts and the compromise of all accounts a person holds, to give a serious statistician heart palpitations. Nonetheless the risk of online fraud is a real enough threat.

Tony Neate, managing director of GetSafeOnline.org, explained: "We are actively encouraging more people to go online, but in doing so, to ensure that they are safe and secure.

"If internet users invest a relatively small amount of time and money in ensuring they are fully protected and up-to-date, the risk of such financial loss is almost negligible," he added.

Home Office Minister Alan Campbell backed the safety drive, adding that the government was putting £7m into establishing a new police unit dedicated to fighting cybercrime. Given that the Home Office dragged its heels for months before finally giving the Police Central e-crime Unit (PCeU) the go-ahead, to say nothing of its dismissive initial response to a House of Lords study on cybercrime, it is questionable how much credit the Brown administration deserves for taking economic crime in cyberspace seriously.

Easy-to-follow advice against online identity fraud and other internet scams can be found at the Get Safe Online website. GetSafeOnline.org is sponsored by government departments and the IT industry. Backers include the Cabinet Office, Department for Business, Enterprise and Regulatory Reform (BERR), Home Office and the Serious Organised Crime Agency (SOCA), as well as HSBC, Microsoft, Cable & Wireless, PayPal and Symantec. ®

Mobile application security vulnerability report

More from The Register

next story
Yorkshire cops fail to grasp principle behind BT Fon Wi-Fi network
'Prevent people that are passing by to hook up to your network', pleads plod
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
NEW, SINISTER web tracking tech fingerprints your computer by making it draw
Have you been on YouPorn lately, perhaps? White House website?
BMW's ConnectedDrive falls over, bosses blame upgrade snafu
Traffic flows up 20% as motorway middle lanes miraculously unclog
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Attackers raid SWISS BANKS with DNS and malware bombs
'Retefe' trojan uses clever spin on old attacks to grant total control of bank accounts
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.