References - The Truth, or not the truth, that is the question!

The Spy Next Door, Stealing Your Life For £44

How easy can it be to steal your life? For less than 44 quid is it possible to steal your bank account username, password and bank account security questions? For less than 44 quid is it possible to harvest your credit card details, including your credit card security code and Verified by Visa or MasterCard SecureCode password? Is it possible to read your private Emails and access your Email account? Is it possible to monitor all your private web surfing habits and instant messenger conversations, and obtain your username and passwords for all your websites?

Click here to read the full article via the IT Security Expert's blog by Dave Whitelegg.

Scams Awareness Month - Ebay Scam

I couldn't have planned this better, but as we are in Scams Awareness Month I thought I would advise you of a scam I have received into my email inbox.

I recently received a message from 'eBay' informing me that my account had been suspended due to my credit/debit card being declined. I noticed that the email address for the sender wasn't an 'offical' eBay one, so I of course utilised the best free investigative tool in the modern world.....Google! Apparently this is a well know Phishing scam which has been around for some time.

Needless to say I didn't click on the link and enter my mothers maiden name, along with my bank details and my inside leg measurements!

Pass The Password

33% of computer users actually use the same password for every single website they use. Just one in five users say they use a different password for every site (imagine how many passwords you would need)!!

Millions of web users are being asked to reset their passwords as concerns spread over a major hacking attack on the Gawker site.

The attack on Gawker, which runs one of the world's most popular blog networks, was carried out over the weekend by an organisation calling itself Gnosis.

• Tips for keeping your password safe
• Never use the same password across lots of different websites.
• Do not use a word that you - or a hacker - could find in the dictionary: these are susceptible to so-called 'brute force' attacks.
• Try to include some digits and special characters to add a layer of complexity that will make life difficult for a criminal.
• Pick a phrase or mnemonic that helps you remember your password.
• You can avoid having to remember passwords altogether by using a password manager program. There are many available to download online.

 personnel security, personnel security, personnel security, personnel security, personnel security, personnel security

Get Safe Online - If you do nothing else, read this!

Beginner's guide

The internet is great. People like to email, chat and have fun online. We also use it to buy and sell things, do our taxes or bank online. The problem is online criminals. To make money, they want to hijack your PC, rip you off and steal your identity.

Prevention is better than cure and GetSafeOnline.org can help. This is just a high-level overview, but the site has detailed advice that will explain it all.

Protect your PC

•  Get anti-virus software, anti-spyware software and a firewall
• Keep your computer up to date
• Block spam emails
• Use an up to date web browser
• Make regular backups
• Encrypt your wireless network

Avoid online rip-offs

• When you’re shopping online, look for clear signs that you’re buying from a reputable company
• On an online auction site, learn how it works and learn to pick good sellers
• Use safe ways to pay, such as PayPal or credit and debit cards
• Use your common sense to avoid scams – if it sounds too good to be true, it probably is

Take care of your identity and privacy

• Avoid identity theft by using an up to date web browser and blocking bogus emails with a spam filter
• Always use strong passwords
• Don’t give away too much personal information on blogs and social networking sites

Get Safe Online Week 15th to 19th November

A joint initiative between the Government, law enforcement, leading businesses and the public sector. Thier aim is to provide computer users and small businesses with free, independent, user-friendly advice that will allow them to use the internet confidently, safely and securely.

Identity Fraud – The Plague of the 21st Century?

As promised below is a very interesting subject from one of our guest bloggers - Graeme Forward.

As a fraud analyst sitting down to pen his first offering for a security blog it seems to me there is only one topic I can kick off with if I want to seem hip and with it and on the pulse – yes, I speak of course of identity fraud. Identity fraud is the current ‘du jour’ crime, a terrifying new plague where just a few minutes trawling through a wheelie bin arms your local hoodie with sufficient ‘data’ to steal your money, your friends and family, your cat, your dog, your tv remote, and most importantly your self confidence and self esteem. Or so your average tabloid would have you believe.

“This ID Fraud is a menace” I hear you cry, “why not have a whole week devoted to making people more aware of it?” Good idea. So they did. It was called National Identity Fraud Prevention Week (unsurprisingly) and ran last week (17th-23rd Oct). You didn’t miss it did you?

Who is using your identity?

Now don’t get me wrong, I do think ID fraud is a problem, of course it is, and it’s only right that there are groups working to make people aware of how to prevent it. ID fraud does need to be put into perspective though. The reason it gets so much press is that it is one of the only large scale frauds which is perpetrated against individuals rather than businesses. Crime against business is rarely news.



ID fraud can take many guises but invariably the aim is to gain access to money by posing as another – thus making them responsible for it. (This begs the question why is it now possible for me to get a loan in less than 10 mins via an iPhone app or over the internet with precious little in the way of security checks? – the costs of this are already becoming apparent though, and this is a topic for another day.)

ID fraud is commonly perceived as a crime against an individual, but this is a matter for debate. If a victim of ID fraud has taken reasonable steps in their day-to-day activities to mitigate the risk then in the majority of instances the bank/building society etc will be responsible for picking up the bill, and so the party left out of pocket is rarely an individual. And with that we come to the crux. National Identity Fraud Prevention Week is not the selfless, philanthropic event it seemed at first glance – businesses understand that if they can get you to do all the hard work for them they can save themselves an awful lot of money. This is corporate fraud prevention on a national scale and I have to admit I’m impressed. Just as we were all starting to feel sorry for those poor banks again.

Worryingly, in this modern world of social networking, professional hackers and spyware, the main message to come out of National Identity Fraud Prevention Week was “get a shredder”. Conveniently, most of the companies involved in the awareness drive are able to supply you with one at a very reasonable price.



Overall, NIFPW didn’t quite achieve what it set out to. As so often is the case with these initiatives, it was the security and fraud professionals who were most aware of it – yet another case of our industries preaching to the converted. Unfortunately as with so many things, it’s not until someone becomes a victim of this kind of crime that they sit up and take notice, but by then it’s too late. So maybe fraud prevention on a macro scale isn’t quite as impressive as I first thought. Guess it’s back to the drawing board. Maybe we’d more successful if we stopped trying to preach to people and allowed them to use some common sense. Protecting yourself from ID crime is after all just about being aware and being sensible about what you do with your personal information, whether it’s online or on paper.



One final thought – There was one genuinely alarming statistic to come out of NIFPW. It seems that almost a third of all ID frauds are committed by someone the victim knows – most often a member of the family. Maybe NIFPW’s message should really have been – take your chances with the wheelie bin hoodies- rather that than leave your info lying around on the bottom of the stairs where your auntie or uncle might pick it up.

My top 5 tips to help prevent you becoming a victim of ID fraud:

- Be careful how you deal with credit/debit cards particularly when out and about. Never write down pin numbers or let your card out of your site when making a transaction.

- Think carefully about the information you display on social networking sites – your settings may only let your ‘friends’ see your information, but these 250 or so people you spoke to once at school 20 years ago are not always quite as ‘friendly’ as their supposed status would suggest

- Never give any bank details out in response to unsolicited phone calls or emails. Fraudsters are very good at forging documents or presenting themselves as a bonafide company, but your bank will never ask you to provide your pin no or the whole of your password.

- Don’t stress about it, just be sensible. Use your common sense and be mindful of how personal information could be interpreted or used.

- Get a shredder.