British attitudes to online safety remain patchy at best, leaving surfers vulnerable to scammers who typically empty funds from compromised accounts before moving onto the next victim.

That's according to a survey published in conjunction with the launch the UK's fourth annual Get Safe Online Week, which kicks off today.

Although use of anti-virus software (85 per cent) is widespread, almost half (48 per cent) of net users surveyed fail to update definition files at least every month, leaving their protection ineffective against the latest malware threats. Anti-spyware protection is installed by less than one in four (23 per cent) UK internet users. Nearly half (47 per cent) are not using any anti-phishing website authentication software.

The lack of protection against phishing scams is concerning due to the increased presence of this type of scam. One in four (23 per cent) of UK net users surveyed by Get Safe Online said that they or someone they knew fell victim to such an attack this year, compared to just eight per cent in 2007.

Worst of all nearly one in five (19 per cent) of the 1,400 UK surfers polled by ICM Research on behalf of Get Safe Online use just one password for all their websites. That means if a hacker works out a way to extract the password for a less sensitive site, for example a social networking site, he has full access to any site a user might be using.

GetSafeOnline.org experts report that fraudsters typically try to get in and out of compromised accounts quickly before moving on to the next mark. This means, in practice, emptying a victim's current and savings accounts and exhausting the full limit of their credit cards.

It estimates that an average UK worker earning £23,764 a year would be worth £14,500 to online criminals. This is based on the idea of three months salary held in online bank accounts and an average of 2.4 credit cards with credit card limits of £3,500 per card, amounting to £8,400.

The estimate is not based on any example from real life and makes enough assumptions, such as the complete removal of funds from all accounts and the compromise of all accounts a person holds, to give a serious statistician heart palpitations. Nonetheless the risk of online fraud is a real enough threat.

Tony Neate, managing director of GetSafeOnline.org, explained: "We are actively encouraging more people to go online, but in doing so, to ensure that they are safe and secure.

"If internet users invest a relatively small amount of time and money in ensuring they are fully protected and up-to-date, the risk of such financial loss is almost negligible," he added.

Home Office Minister Alan Campbell backed the safety drive, adding that the government was putting £7m into establishing a new police unit dedicated to fighting cybercrime. Given that the Home Office dragged its heels for months before finally giving the Police Central e-crime Unit (PCeU) the go-ahead, to say nothing of its dismissive initial response to a House of Lords study on cybercrime, it is questionable how much credit the Brown administration deserves for taking economic crime in cyberspace seriously.

Easy-to-follow advice against online identity fraud and other internet scams can be found at the Get Safe Online website. GetSafeOnline.org is sponsored by government departments and the IT industry. Backers include the Cabinet Office, Department for Business, Enterprise and Regulatory Reform (BERR), Home Office and the Serious Organised Crime Agency (SOCA), as well as HSBC, Microsoft, Cable & Wireless, PayPal and Symantec. ®

Related stories

• Gov to encourage e-commerce by clarifying consumer rights (6 May 2009)

  https://www.theregister.com/2009/05/06/consumer_rights/

• Cybercrime losses tax UK small business (19 February 2009)

  https://www.theregister.com/2009/02/19/cybercrime_small_business_survey/

• UK cybercrime unit to meet IT leaders (10 February 2009)

  https://www.theregister.com/2009/02/10/ecrime_summit/

• Mandy preps list of UK businesses to save (1 December 2008)

  https://www.theregister.com/2008/12/01/mandy_list/

• Anti-fraud site targeted in Joe Job attack (27 November 2008)

  https://www.theregister.com/2008/11/27/bobbear_joe_job/

• Tax break phishing scam aims to harvest details (25 November 2008)

  https://www.theregister.com/2008/11/25/tax_break_phishing_scam/

• Booming cybercrime economy sucks in recruits (24 November 2008)

  https://www.theregister.com/2008/11/24/cybercrime_economy/

• EC slams national cybercrime responses as inadequate (18 November 2008)

  https://www.theregister.com/2008/11/18/ec_cybercrime_consultation/

• Cybercrooks launch DDoS assault on anti-fraud site (17 November 2008)

  https://www.theregister.com/2008/11/17/bobbear_ddos/

• MPs (finally) debate cybercrime (7 November 2008)

  https://www.theregister.com/2008/11/07/mps_debate_cybercrime/

• FBI's fraud site spawns UK arrests (17 October 2008)

  https://www.theregister.com/2008/10/17/fbi_darkmarket_arrests/

• Home Office finally approves UK cybercoppers (1 October 2008)

  https://www.theregister.com/2008/10/01/pceu_cybercops_approved/

• UK cybercrime overhaul finally comes into effect (30 September 2008)

  https://www.theregister.com/2008/09/30/uk_cybercrime_overhaul/

• Cybercrime bust highlights PIN terminal insecurity (13 August 2008)

  https://www.theregister.com/2008/08/13/pin_security_analysis/

• Peers call for cybercrime shakeup (again) (8 July 2008)

  https://www.theregister.com/2008/07/08/peers_cybercrime_shakeup/

• IT chiefs demand centralised e-crime unit (17 December 2007)

  https://www.theregister.com/2007/12/17/cybercrime_reporting/

• Small biz needs to get safe online (18 October 2007)

  https://www.theregister.com/2007/10/18/small_biz_safe_online/

• One in ten Brits is victim of online fraud (27 March 2007)

  https://www.theregister.com/2007/03/27/uk_online_fraud_survey/

• Internet crime: scarier than mugging? (9 October 2006)

  https://www.theregister.com/2006/10/09/get_safe_online/

• UK launches major net security awareness campaign (27 October 2005)

  https://www.theregister.com/2005/10/27/get_safe_online/