People Are Not Using the Internet Securely

Monday, March 26, 2007 20:32 | Filed in Scams & Spams, Technology

Other breaking news:

  • Joseph Alois Ratzinger believed to be Catholic
  • Ursus arctos horribilis found to defecate in woodland

Fewer than half the UK’s 29m adult internet users believe they are responsible for protecting personal information online, a survey suggests.

One in six of the 2,441 people surveyed felt responsibility rested with banks.

BBC News

… and until you need to pass some kind of “driving test” before you’re allowed on the internet, my answer will remain “No shit, Sherlock?”

But basically the problem is that when you’re dealing with protecting information online, there are multiple ways in which your data can be stolen and used for identity fraud, some of which the individual is responsible for, and some of which they aren’t. Of course, I am not a lawyer, and none of this is legal advice, so seek professional advice if you think you’ve become a victim of identity fraud I’m just trying to highlight ways you can maybe avoid it.

If you download software, of any description, from anywhere, at any point, you are at some risk of virus infection. If you’re downloading from a reliable source, the risk descreases but doesn’t disappear — after all, how do you know that the particular server you downloaded the files from hadn’t been hacked only hours before?

And if you’re tempted to download a cracked version of a game, or a key generator or something, don’t forget to ask yourself the question “what’s in it for them?”. I’m assuming at this point you’ve already come to terms with the question “hang on, isn’t this a bit illegal?”, but if not, you might want to consider that one too.

Why would someone offer your PC a free health check? Have you heard of the company before? Why would they offer you a cracked version of the software, or a key generator? What do they get out of it? If you are struggling to provide a concrete answer, you might want to consider the option that what they are getting out of it is having you install their malicious programs on your PC all by yourself (normally bundled in with the stuff you were expecting so you don’t get too suspicious).

So you have a virus-checker on your PC. And you keep it up to date. That way, you’re only exposed to the newest viruses for a short period of time before your virus checker would recognise them. And by up to date I mean at least weekly, and ideally check for updates every time you connect to the internet. If you don’t keep it updated, you will get infected at some point.

And that’s only the first part of the equation. If you get a virus on your PC, such as a keylogger, which records every keystroke you ever press and then secretly dumps the information to an internet site for them to look through your details to try and find account numbers, passwords and so on, it’s probably your own fault.

The second part of the equation relates to exactly who you are giving your details to. Scammers use social engineering to try and make you think you need to reply to an email, or follow a link in an email and then input various details. They will tell you that there has been suspicious activity on your account, that your account is in danger of being deleted, that there has been a problem with a PayPal transaction or something like that.

If you follow a link to a malicious site — which, if they have any sense, will be set up to appear exactly like the genuine article — and type in your details, then you’ve just given the scammers your banking details, and after a very short delay, your money.

Look at it this way: If I were to approach you in the street, claimed to be from your bank, had a clipboard with your bank’s logo on it and asked you to give me your bank details, would you? If you would, just email me your bank details to save me the bother of finding where I’ve put my clipboard. If you’re not quite that daft, you’d probably pop into a local branch, where you would know the people behind the counter were genuine. And you’d enquire there.

So do the same online. Don’t follow someone else’s links to a site — type in what you already know to be their web address, Google their name, whatever. But don’t trust a route to a site given to you in an email.

Oh and — just in case you need to be told — if you win a lottery you didn’t enter, or if the late wife of General Mboto wants your help in getting £15 million out of Namibia, it’s a scam. You won’t be better off. What they want is your bank details, and then the contents of your bank account.

If you hand over your details to someone in this manner, again it’s your fault.

Social engineering can be pretty impressive here. Imagine your wallet is stolen. Imagine you phone the police to report it missing. And then five minutes later, someone from your bank phones up:

We’ve had a report from the police that your bank card has been stolen Sir, can you just confirm a few details so we can cancel it?
What’s your address?…Uh-huh.
When did you last use the card?…Uh-huh.
Did you use the default PIN that came with the card, or did you change it?…Oh, you changed it.
Ah, well I’m afraid I can’t stop the card from this screen Sir, without the PIN, and I don’t have a record of that.
Three seven nine seven? Thank you very much Sir, the card is now cancelled.

Phone Caller

Fantastic you think, that’s really efficient. And then you start to wonder, so you call your bank back… to find that your card hadn’t been cancelled, and you’ve just provided someone with the information they needed to empty your account.

No, I’d hope I’d not be that stupid either. But if you’ve had something stolen, you’re likely to be flustered and not thinking straight. But it’s clever social engineering. And that’s what the scammers do.

Back to the equation then. We’re now onto part three. It’s a good job I was good at maths. Usernames and passwords. Here, it’s maybe your fault, maybe someone else’s fault depending on the circumstances. If your password is “password” or it’s the same as your username, it’s your fault. If the website allows you to use extremely weak passwords, or doesn’t at least advise what makes a strong password, then they’ve not entirely been helping.

Furthermore, if you find that you’re logging in any inputting your details on a site that shows https:// at the start of the address bar, then the information being exchanged is encrypted. If the site just shows http://, then it isn’t. Most browers will give you some sort of extra visual clue too — changing the colour of the address bar, showing a padlock or so on. Basically, if you’re sending information across the internet, it can be intercepted. If it’s not encrypted, it’s an awful lot easier for someone to get access to it.

If it ain’t https:// it’s the online equivalent of writing it down on a piece of paper and leaving it in the street. Maybe no one will pick it up. Maybe an honest person will. Or maybe, just maybe, you’ve exposed yourself to a bit of a risk. You should expect that any financial transactions of any kind, and any other transactions relating to confidential information, should be secured in this manner.

The same sort of thing goes for tihs new-fangled wireless broadband thingummy. If you’re sending data through the airwaves throughout you’re entire house, what do you think the chances are that this stops dead as soon as it encounters a window? Or do you think your wireless broadband network maybe extends beyond the walled boundaries of your house? Chances are it does. So secure it.

But of course even if you do absolutely everything you can and ensure that your details are only ever known by you and your bank, you’re still only as secure as your bank is. Maybe your bank is one of the banks that leave un-shredded confidential data in the street, allowing fraudsters a chance to pick your details up?

Even if your bank doesn’t make those mistakes, it’s only as secure as its staff. Have you heard the case where the call centre operative passed information on to fraudsters?

Still … not to worry, eh?

Remember to do your part of the job properly — have a look at Get Safe Online if you’re not sure how — and just pray that your banks and all the companies that have ever had your financial information keep up their end of the deal…

You can leave a response, or trackback from your own site.

21 Comments to People Are Not Using the Internet Securely

  1. Seb Crump says:

    March 26th, 2007 at 10:39 pm

    Amen :)

  2. mark fairlamb says:

    March 27th, 2007 at 9:19 am

    fraudsters would get a surprise if they knicked my identity – they wouldn’t get a penny out of my account but might get chased up for what i already owe.
    heheheheh……….,

  3. 1234test.com says:

    August 30th, 2011 at 10:27 pm

    Blogging For Fun and Education…

    It’s a known truth that right skill is very useful when doing work for the first time and even more it if is important to us.[...]…

  4. penny auction forums says:

    September 20th, 2011 at 9:21 am

    What’s Mandatory When Choosing A Deal…

    [...]Having right knowledge you can be successful at different projects and doing almost no mistakes.[...]…

  5. custom painting from photo says:

    October 2nd, 2011 at 7:41 pm

    New Ideas On How To Lose Weight…

    [...]When you are aware when working at your projects you can do a lot more than if you are completely without ideas….

  6. oil painting from photo says:

    October 3rd, 2011 at 4:21 pm

    Article on The All Topics…

    [...]When you know what is your job you can be a lot more successful than if you don’t have much skills.[...]…

  7. plastic surgery internet marketing says:

    November 4th, 2011 at 11:33 am

    How To Make Plastic Surgery Marketing Work…

    [...]We are absolutely sure that right skill is very useful when doing something new and especially if it’s important to us…[...]…

  8. house prices information says:

    November 28th, 2011 at 11:00 pm

    Where To Find House Prices Information…

    [...]We are absolutely sure that right knowledge can be very important when having no experience with some kind of work and even more it if is important to us.[...]…

  9. bvlgari 8025 says:

    December 6th, 2011 at 1:46 am

    Tiffany Sunglasses…

    [...]Awesome data that I’ve been looking for for some time! Certainly not forget there are other options[...]…

  10. Sunset Cove Phangan says:

    December 12th, 2011 at 10:07 pm

    How To Find Sunset Cove…

    [...]This is really cool. I will check your web page in the future.[...]…

  11. Mature Women says:

    December 18th, 2011 at 9:08 pm

    Source Of Latin Dating Advice…

    [...]This is really cool. Thank you for writting this[...]…

  12. lunette tag heuer says:

    December 23rd, 2011 at 4:42 pm

    Find Great Tag Heuer Sunglasses…

    [...]This is really cool. I will check your web page in the future.[...]…

  13. http://trafficsiphonreview.org says:

    December 27th, 2011 at 4:48 pm

    How To Do Joint Ventures…

    [...]I see you know a lot about what that you are writing about. Exciting study. Certainly not forget you can find other options[...]…

  14. Atlanta Roofing says:

    January 11th, 2012 at 12:14 am

    Do You Want To Get A New Roof…

    [...]It’s wonderful that people nevertheless know a whole lot about point like that. In no way forget you will discover other options[...]…

  15. cheap fragrances says:

    February 4th, 2012 at 12:42 am

    Make Yourself More Attractive…

    [...]It’s a known truth that right knowledge can be very important when doing work for the first time and especially if it is something very important.[...]…

  16. India Tour Package says:

    February 8th, 2012 at 12:16 am

    India Tour Packages…

    [...]Awesome data that I’ve been looking for for some time! I got some exciting suggestions from this[...]…

  17. israeli sex says:

    February 9th, 2012 at 4:21 pm

    Taking Your Life with The Full Spoon…

    [...]It’s wonderful that people nevertheless know a whole lot about point like that. In no way forget you will discover other options[...]…

  18. India Tour says:

    February 17th, 2012 at 7:40 pm

    Food In India…

    [...]I see you recognize a lot about what you are writing about. Interesting study. I got some intriguing concepts from this[...]…

  19. ghost says:

    March 30th, 2012 at 3:49 pm

    Real Paranormal Investigation…

    [...]Are you unquestionably positive this really is the suitable information. I head a thing else. You will find out extra about this topic[...]…

  20. dallas pool service says:

    April 15th, 2012 at 2:05 pm

    Pools Need To Be Maintained…

    [...]This is really cool. It is fantastic to understand a lot of people still care about this[...]…

  21. Bobbo says:

    September 5th, 2012 at 4:55 am

    That’s a creative answer to a dfifiuclt question

Leave a comment