|
Identity Fraud
According to a government report, the British economy suffers a loss of £1.3 billion per year as a result of identity fraud, which the Metropolitan Police defines as "the unlawful taking of another person's details without their permission". Identity theft techniques have included retrieving statements from dustbins and double-swiping credit cards. Application Fraud occurs when a fraudster applies for payment cards and financial products in the name of his victim.
The Internet has now opened up a whole new gateway for identity theft, often called "Phishing". A recent example involved the setup of a copy of part of the PayPal website to acquire members personal details. Other forms of Phishing include Trojans that remotely monitor keyboard strokes to access your passwords and other personal information. See the Anti-Phishing Working Group for further details of Phishing scams. It is now estimated that up to one in four people have had their identity stolen, or knows someone who has been affected by this increasingly common crime.
Currently, a common phishing scam involves e-mails that appear, at first glance, to be sent by your bank requesting that you log in to your online account to confirm various details. If you follow the links in the e-mail, you will go to a page that appears to be genuine online banking site, but is in fact fraudulent. Note that a genuine secure online banking site will contain the prefix <https> in the address bar (rather than http). Also look for the padlock icon  in your status bar, which is an indication that you are using a secure server. The Firefox browser also identifies secure sites by highlighting the address bar in yellow.
Double-clicking on the yellow padlock icon when you are on a secure site should bring up the site owner's official SSL (Secure Socket Layer) authentication certificate. The URL displayed in your browser's address bar should match the URL on the certificate. If it doesn't, leave the site immediately.
Another good way to check the authenticity of a secure website is to type (or copy/paste) the following code into the address bar (you must have javascript enabled for this to work):
javascript:alert("actual URL address: " + location.protocol + "//" + location.hostname +"/");
Then press the [ENTER] key on your keyboard. The true address of the website will be shown in the dialog box that appears.
How do you know if your identity has been compromised? The following warning signs should put you on your guard:
| • |
There are entries on your credit card bill that you don't recognise. |
| • |
You are suddenly turned down for credit when your previous credit history has been good. |
| • |
Demands appear for payment of a bill that isn't yours. |
| • |
Mail that you regularly receive, such as bank statements, do not appear. |
If you suspect that you are a victim of identity fraud, you should notify your bank and/or credit card company immediately. Report it as a crime to the police and get a crime reference number.
CIFAS - the UK Fraud Prevention Service - can help victims of identity fraud through its Protective Registration Service which prevents people applying for credit under your name.
| • |
Your computer's cache is the most vulnerable place for Worms and harvesters to obtain information of your online transactions. Users of Internet Explorer can empty their cache by selecting Internet Explorer's Options Menu > General > History> and set the "days" option to zero. Or you can automate this process by installing a third-party utility such as Window Washer or Windows & Internet Cleaner Pro.
|
| • |
Don't use obvious passwords for online accounts, and never store passwords on your PC. |
| • |
Use an anti-spam program such as the Brightmail real-time detection and filtration system for fraudulent emails. |
| • |
|
| • |
Make sure that you have the latest Windows updates and patches installed from Microsoft. |
| • |
Be cautious about revealing your credit card or bank details. Remember that banks never ask for details such as PIN numbers via e-mail or over the phone. |
| • |
Always dispose of old computers and data safely. Data can be resurrected from hard disks even after they have been formatted. |
| • |
Rip or shred personal paper documents such as credit card statements and bills before disposing of them. |
There are plenty of scams and confidence tricks that internet users should be aware of. Often they arrive in our e-mail inboxes in the form of spam. Some scams may seem obvious, but surprisingly large numbers of people have been caught out. Listed below are some well-known scams. A general rule to bear in mind is that if an unsolicited offer seems too good to be true - it probably is.
The Nigerian "419" fraud is one of the oldest internet scams. The victim receives an e-mail apparently from a high-ranking Nigerian official asking for help in transferring large amounts of money from Nigeria to the UK. The victim is offered a large commission for allowing his bank account to be used in the transfer. Although the victim may be asked to supply bank account details, the fraud involves the payment of unforeseen fees that arise before the money can be transferred, such as legal costs or taxes.
Work from home scams involve "opportunities" to earn a large income by working from home on projects of various kinds. The worker who agrees to go ahead is usually required to send money for "materials" before starting work; often they have to sell the finished items themselves. Even when the employer promises to buy the finished goods, the worker may not be paid because the goods are not of a high enough quality. If you consider doing home work of this kind, find out the exact terms of the work, and make sure everything is in writing before proceeding.
Victims of the Foreign Lottery scam receive an e-mail announcing that they have won a large prize, often amounting to thousands of euros. When the official-sounding sender is contacted, however, the "winner" will be asked to pay an escalating set of administration fees before their winnings can be handed over. The prize is never paid.
Netcraft - for news on network security services, including fraud detection, application testing, code reviews, and automated penetration testing.
Fraud Advisory Panel alerts the nation to the social and economic damage caused by fraud.
CIFAS - the UK Fraud Prevention Service - has information on identity fraud and offers a Protective Registration Service.
Visit UKOrbit's Consumer & Advice Centre for further help and information.
|
