How to avoid falling victim to cybercrime

Fraud, ID theft, hacking, viruses and online abuse have left millions feeling “extremely violated” after being targeted by criminals.

If fraudsters get their hands on your bank or credit card details they can use them to drain your accounts of cash.

Now a new campaign, Get Safe Online Week, aims to alert us to the dangers and how we can protect ourselves.

Internet fraud costs the UK an estimated £670 million a year. The real figure could be far higher because so much online crime goes unreported, the campaign says.

Here are the main online dangers and how to protect yourself.

Password poison

The average person has 19 online accounts, according to Cyber Streetwise, yet three-quarters of us fail to create sufficiently complex passwords. Many people still use logins such as “Password”, “12345678”, their name or date of birth, says Danny Young at online electrical retailer Ebuyer.com. “These can be easily guessed.”

A good password should use at least three separate words plus a symbol to make it more secure. Avoid using the same password across multiple accounts and change your logins regularly.

Don’t keep your passwords or Pin numbers in your purse or wallet. Use a password app for your phone or put them in a locked document on your computer.

Gone phishing

Sending fake emails, known as “phishing”, is an old trick. The message will typically ask you to click on a malicious link and reveal passwords and account numbers.

Criminals are getting better at making their fake emails look as though they have come from a reputable source such as your bank, credit card issuer, a well-known retailer or even the taxman, says Andy Hinxman, security expert at Keybridge IT.

“The fraudsters cleverly use a reputable company name but with a malicious twist, for example, an email purporting to come from HSBC bank might say hsbc.andy.com. The difference is minor and can easily catch you out. If in doubt, always double check before clicking further.”

Hackers may even create a website façade that mirrors a legitimate one, says Lawrence Jones, founder of internet hosting firm UKFast. “Read the URL carefully for spelling mistakes. Most legitimate sites have a small padlock symbol in front of the web address when you try to sign on.”

Be extra vigilant in the run-up to Christmas. “It’s better to be safe than sorry and you can always contact the company or organisation about any suspicious communication,” Jones says. A typical phishing email will have a generic greeting, such as Dear User, or no greeting at all rather than addressing you by your title and surname.

Any email that asks you for sensitive personal information is typically fraudulent.

Don’t click on an attachment in a suspicious email as it could download spyware or a virus to your machine.

Computer cold calls

Millions of households have received unsolicited phone calls by crooks claiming to be from Microsoft offering to help solve a problem with a PC.

The scammers calculate that if they ring enough people they will happen across someone who has got a problem and assumes the call is genuine, says Professor Alan Woodward from the University of Surrey. “Nobody thinks the scammer would be calling everyone in the book but that’s what they’re doing.”

Once they have your interest, they will ask for your username and password to get you back up and running or ask you to click on a weblink that gives them remote access to your machine. They can then take over your computer and drain your online bank accounts. As Woodward says, “If you’re targeted put the phone down, even if you really do have a computer problem.”

Mobile malware

You’re equally at risk of fraud when using mobile devices such as a smartphone, tablet, laptop or cloud-based data services, warns Nick Mothershaw, director of fraud at Experian. “Yet about half of smartphone and tablet users have no malware protection, leaving them vulnerable to cybercrime,” he says.

Even people with anti-virus software on their home computer don’t consider protecting their smartphone or tablet. “Never open emails from unknown sources using your phone. Think carefully before clicking on hyperlinks in emails and don’t provide personal details to unknown sources.”

Antisocial media

You should also think twice before posting personal details on social media such as Facebook and Twitter, says John Eggleton, head of e-commerce risk products at payment processing company WorldPay.

“Scammers can use these details to build a personal profile of you which they can use to commit fraud.”

Also be careful about using social media to tell your friends you’re on holiday. This could alert criminals to the fact that your house is empty and trigger a burglary.

Holiday booking fraud

Don’t be conned by fake websites, false advertising and email scams, warns Daisy Parker at travel association Abta.

“Legitimate villa rental websites are often used to advertise holiday homes or apartments that don’t exist and criminals pocket the money from your booking.”

Travellers booking rooms on legitimate sites such as Owners Direct, HomeAway and Airbnb have lost thousands after being tricked into handing over money for accommodation that didn’t exist

Worse, you have little protection in law and will struggle to recoup your losses, says Lauren Haas at BL Claims Solicitors. “Be suspicious if told to pay the rental upfront or send it to a foreign bank account or via Western Union or telegraph transfer.”

Pay by UK credit card if you can as payments between £100 and £30,000 are protected under the Consumer Credit Act, allowing you to claim reimbursement from your card issuer.

When booking online, check whether the holiday company is a member of a travel association such as Abta. Reading customer reviews on sites such as TripAdvisor.com can also alert you to dodgy operators.

Student loan scam

Students are being tricked into diverted their loan repayments to bank accounts run by criminals.

The Student Loans Company’s security team has prevented almost £3 million from going to fraudsters by closing down phishing sites, says head of counter fraud services Heather Laing. “All students should remain vigilant, especially at the three main instalment dates in September, January and April.”

With so many scams out there protect yourself by visiting GetSafeOnline.org.Fraudsters require only a handful of personal data to rip you off online, says Andrew Webb, identity fraud expert at Equifax.

He says the following tips should protect you against online ID fraudsters.

Never respond to emails and phone calls asking for your bank, credit card or other personal details such as Pins or passwords. Genuine companies will never ask you to provide this information by email.

Make sure you install the latest virus protection that ideally updates hourly and provides your computer with a strong firewall.

Always log out of all online banking, social networking sites and online shopping accounts rather than just closing the window, especially when using a public computer.

Never consider storing Pins or passwords on your mobile, tablet or smartphone.

Make sure that any mobile, smartphone or tablet is password protected.

Regularly check credit card and bank statements for unauthorised transactions.

Things your bank will NEVER ask you to do:

1. Request your full Pin number of any online banking passwords by telephone or email.

2. Send someone to your home to collect cash, bank cards or anything else.

3. Ask you to email or text personal or banking information.

4. Send an email with a link to a page that requires you to enter details of your online banking login.

5. Ask you to authorise the transfer of funds to a new account or hand over cash.

6. Call to advise you to buy diamonds, land or other commodities.

7. Ask you to carry out a test transaction online.

8. Provide banking services through any mobile apps other than the bank’s official apps.

Source: the British Bankers’ Association