Original URL: http://www.theregister.co.uk/2008/11/17/get_safe_online/

Agile fraudsters prey on clueless UK surfers

Get Safe Online week aims to curtail easy pickings

By John Leyden

Posted in Security, 17th November 2008 11:14 GMT

British attitudes to online safety remain patchy at best, leaving surfers vulnerable to scammers who typically empty funds from compromised accounts before moving onto the next victim.

That's according to a survey published in conjunction with the launch the UK's fourth annual Get Safe Online Week, which kicks off today.

Although use of anti-virus software (85 per cent) is widespread, almost half (48 per cent) of net users surveyed fail to update definition files at least every month, leaving their protection ineffective against the latest malware threats. Anti-spyware protection is installed by less than one in four (23 per cent) UK internet users. Nearly half (47 per cent) are not using any anti-phishing website authentication software.

The lack of protection against phishing scams is concerning due to the increased presence of this type of scam. One in four (23 per cent) of UK net users surveyed by Get Safe Online said that they or someone they knew fell victim to such an attack this year, compared to just eight per cent in 2007.

Worst of all nearly one in five (19 per cent) of the 1,400 UK surfers polled by ICM Research on behalf of Get Safe Online use just one password for all their websites. That means if a hacker works out a way to extract the password for a less sensitive site, for example a social networking site, he has full access to any site a user might be using.

GetSafeOnline.org experts report that fraudsters typically try to get in and out of compromised accounts quickly before moving on to the next mark. This means, in practice, emptying a victim's current and savings accounts and exhausting the full limit of their credit cards.

It estimates that an average UK worker earning £23,764 a year would be worth £14,500 to online criminals. This is based on the idea of three months salary held in online bank accounts and an average of 2.4 credit cards with credit card limits of £3,500 per card, amounting to £8,400.

The estimate is not based on any example from real life and makes enough assumptions, such as the complete removal of funds from all accounts and the compromise of all accounts a person holds, to give a serious statistician heart palpitations. Nonetheless the risk of online fraud is a real enough threat.

Tony Neate, managing director of GetSafeOnline.org, explained: "We are actively encouraging more people to go online, but in doing so, to ensure that they are safe and secure.

"If internet users invest a relatively small amount of time and money in ensuring they are fully protected and up-to-date, the risk of such financial loss is almost negligible," he added.

Home Office Minister Alan Campbell backed the safety drive, adding that the government was putting £7m into establishing a new police unit dedicated to fighting cybercrime. Given that the Home Office dragged its heels for months before finally giving the Police Central e-crime Unit (PCeU) the go-ahead, to say nothing of its dismissive initial response to a House of Lords study on cybercrime, it is questionable how much credit the Brown administration deserves for taking economic crime in cyberspace seriously.

Easy-to-follow advice against online identity fraud and other internet scams can be found at the Get Safe Online website. GetSafeOnline.org is sponsored by government departments and the IT industry. Backers include the Cabinet Office, Department for Business, Enterprise and Regulatory Reform (BERR), Home Office and the Serious Organised Crime Agency (SOCA), as well as HSBC, Microsoft, Cable & Wireless, PayPal and Symantec. ®