NEWS
BT has said UK web surfers are still doing too little to protect themselves against identity theft and has released a web user guide in an attempt to stop the problem escalating even further.
The 10-point guide has been put together by BT in association with CPP, LloydsTSB, the Met Police and Yahoo! as well as the Get Safe Online initiative.
Ray Stanton, head of security at BT Global Services, said identity theft is still on the rise, dubbing it a "silent part of fraud in the UK". Stanton cited figures from the UK government which suggest fraud accounted for £1.7bn in the UK last year. Although those figures have subsequently been subject to serious doubts, it's undeniable that identity theft is a major problem.
BT also claims that eight per cent of UK PC users fall victim to online fraud and said too few are taking even basic steps to protect themselves, such as not handing over credit card numbers to unidentified third parties.
Stanton added in a statement: "We want to make sure that people are aware of the threat and are protecting themselves online, so they can enjoy the benefits of the internet."
Detective chief superintendent Nigel Mawer, head of the Met Police Economic and Specialist Crime Unit, said: "Criminals are always looking for new ways to make money. Online identity theft and fraud are the latest techniques. By protecting themselves against the growing threat, users are also protecting others, so we urge everyone who uses the internet to follow the 10-point guide."
The 10-point plan
1. Keep your wits about you at all times
Understand the risks and operate on the internet as you do in the offline world, with caution and appropriate scepticism.
2. Question why a website is asking for information about you
Think about whether it is somewhere or someone you want to give your details to.
3. Never give any online security details to anyone unless it is completely necessary
Be particularly cautious if you share your accommodation with other people. Consider passwording your computer to avoid unnecessary access.
4. Look after your password
Change your passwords regularly and avoid standard passwords. Do not use the same password for every secure site you are registered with.
5. Never click on links in emails
Always type the website address for banks, financial institutions and retail sites into the browser.
6. Keep up-to-date
Keep your security software, operating system and applications up-to-date at all times.
7. Remove the spies
Check all files on every computer that is connected to the internet at least once a week using anti-spyware and adware applications.
8. Keep your connection secure
Make sure everyone who uses the computer understands the precautions they need to take when online. Do not leave your broadband connection switched on if you are not using it and if you use a wireless modem ensure you set it to use at least 128-bit encryption if you are registered for online banking.
9. If it seems too good to be true, it probably is
Don't open emails or go to sites that claim you have won a prize, unless you've entered a specific competition.
10. Know where to go for help should you be a victim of online identity theft
There are wide range of organisations and groups that people can turn to for advice including the police, industry bodies and suppliers of online services.
Comments
There are 3 comments. Join the discussion
1. anonymous
This is all very well, but it is BT (or they claimed to be working on behalf of BT) who called me up some months ago to get me to sign up for a new pricing plan. However, the only information they had was my name, phone number and postcode (well, they asked me to confirm my name and postcode) which is available via any phone directory... they had no access to any billing information as i was asked about my calling habits. And they then proceeded to ask for my banking details in order to sign up for their new deal! When i asked for a form be sent that i could fill in and return, the person i was speaking to said that wasn't possible!
ID theft via the telephone is just as bad as over the Internet. If BT believe we should all be more careful with our personal data, maybe they should set a good example by not using standard phishing tactics themselves!
2. Mike
Mother's maiden name. This is overused. A friend suggested making one up, but you could invalidate an application by doing so. It isn't that difficult to find it out & it gets put into too many sites.
As a minimum we should be allowed to choose any 5 from 30 authentication items, including at least one custom one. At any one check only 2 would be used.
These need to be fairly obtuse like "name of first dog" or "colour of first car" etc.
Part of security is that the person asking has to know which of the 30, you have chosen.
Ideally yhis should work both ways - You have a check word to ask them.
3. anonymous
Interesting - becuase the point made is valid - this is a typical phone scam and obviously as the reader actually points out (but doesn't really say) this obviously wasn't BT! But a fraudster trying to get the information and using BTs name, but when pushed for details, they backed down.
Social Engineering which is what this is called is on the rise and this is a typical way of doing it - whether it using BTs name, or anyone elses.
Point here, never give details out if you're not sure. Do a check-back on them first - ask them to confirm your details, ask them to tell YOU details about your recent transactions before you tell them anything. Simple but effective!