Page last updated at 11:09 GMT, Monday, 17 November 2008

Q&A: Stay safe online

Computer keyboard, Eyewire
Fraudsters are targeting those that bank online

To an internet fraudster an identity is worth £80, suggests research from the UK's Get Safe Online campaign. The same study revealed that in 2008 23% of net users fell victim to phishing attacks - far higher than the 8% it claims were caught out in 2007.

Small wonder that Britain has been described as being in the midst of a cyber crimewave. Here the BBC offers some advice about how to stay safe online.

How bad is identity fraud?

In 2006, a government estimate put the cost of ID theft at £1.7bn a year. In 2007 Cifas - the UK's fraud prevention service - helped more than 65,000 victims of ID fraud and theft.

Fraudsters use personal details to gain access to bank accounts, run up bills, launder money, create false documents such as passports or birth certificates and carry out benefit fraud.

The consequences can be very distressing and a headache for victims to sort out.

While you will not normally be liable for the stolen money, credit reference agency Equifax estimates it can take up to 300 hours to resolve one case.

My bank has sent me an e-mail, asking me to update security details - what should I do?

Ignore it and delete it.

Make sure you have good anti-virus software which regularly scans for spyware
Make sure you use a firewall, spam filter and security software that keeps an eye on you while you browse the web
Avoid keeping passwords stored on your computer and disclosing them to anybody
If you are accessing banking details from a computer that is used by other people, ensure you do not click on "save" password, as another user could gain access
Check your bank statements and receipts carefully to ensure there are no fraudulent transactions

If you receive an e-mail purporting to be from your bank or credit card provider which asks you to update your details, it is very likely to be a "phishing" scam.

Anyone falling for the scam will let fraudsters can gain access to their bank accounts or use them to launder money.

It is important to remember that your bank will never ask for your log in and password by e-mail. Many explicitly say so on their banking websites - after all the bank already has these details and does not need them. By contrast the fraudsters do not have them and want them.

If in doubt, call the bank.

I've got an e-mail from a friend with an attachment but it's not the type of message they usually send. What should I do?

Ignore it and delete it. Many hi-tech criminals still use e-mail to try to catch people out. Many of the messages they send play on current events or subjects of prurient interest to get people opening them up.

The attachment could well be booby-trapped with a malicious program that aims to infiltrate your computer and lie in wait to gather data when you visit an online bank or login to an online game.

If you are not sure most anti-virus programs allow users to scan attachments and other documents before opening them. However, this check is not infallible because there are so many viruses and variants now in circulation.

The vast majority of security threats are aimed at Microsoft's Windows and its other programs. Advice from security firms is to ensure that, if you use Microsoft software, ensure it is updated as soon as security fixes are available. Some advise users to consider using non-Microsoft programs for web browsing, e-mail and other day-to-day tasks.

Am I safe if I avoid sites dealing in pornography, pirated media, cracks for games and gambling?

Not necessarily. It used to be the case that anyone visiting such sites was at far greater risk of falling victim to an attack.

Buy now button, SPL
Many scammers now target legitimate sites to catch out browsers

However, in recent months hi-tech criminals have put a lot of effort into subverting popular sites with a good reputation.

Scammers often inject booby-trapped adverts onto such sites or get at the website code to install malicious programs that infect every visitor.

Web users can reduce the chance of being caught out by making sure they use the latest version of their web browser of choice and using security software that keeps an eye on them while they browse.

A pop-up advert tells me that my computer is riddled with spyware. What should I do?

Ignore the advert and close the pop-up page. Many scammers are turning to fake tools that warn about non-existent problems on a PC.

At best when installed these machines will nag users until they pay for some useless security software. At worst they will be completely fake and simply steal saleable data. It is better to stick with one security software suite than it is to get bits and bobs from here and there.

How can I safeguard my personal documents?

Although the rise of ID fraud is very alarming, there are steps you can take to try to protect yourself.

You have a good credit history but are turned down because of a default on your record
There are entries on your credit file you do not recognise
You are being chased for outstanding debt
Mail you normally expect from financial institutions does not arrive
You have lost or had important documents stolen
You apply for benefits and are told you are already claiming, when you are not
*Source: Home Office

Carelessly discarding personal details is an easy way to become a victim.

Criminal gangs have been known to employ homeless people to search through rubbish bins for financial records and identity documents.

The number one tip from experts is that all documents containing personal information and financial transactions should be either ripped up or shredded before they are thrown out.

Destroying evidence should also extend to direct mailings or any documentation that contains your name and address, experts advise.

Electric shredders can be purchased for as little as £15 and can help take some of the hassle out of destroying documents.

How can I keep my passwords safe?

Experts urge people not to write down their passwords and pin numbers and not to disclose them to anyone.

They also suggest people should steer clear of using obvious passwords, such as a mother's maiden name or date of birth.

Some security firms offer programs known as a "password safe", which let users keep a secure record of important logins on their computer.

It is also worth using what is known as a "strong" password. This is one that is not easily guessed or would take a long time for a computer to work out. Instead of being words it could be a random combination of letters, numbers and symbols.

What if I am a victim?

Act quickly and notify the credit provider straight away. It is also important to report it as a crime to the police and request a crime number.

Industry body Cifas advises victims to keep a record of everything, as recovering from identity theft can be a long and complicated process.

Cifas also advises all letters should be sent by recorded or special delivery and for people to keep track of how much time they spend dealing with the problem.

Victims of identity fraud or people who are concerned they could become a victim because they have had important documents stolen, can apply for extra protection through Cifas' Protective Registration Service.

It costs £11.75 and places a warning on credit files. This should ensure that if anyone applies for credit under your name, further identity checks are made.

This service can also be used to protect the identity of a deceased person. Telephone 0870 0102091 to register.

Print Sponsor

The BBC is not responsible for the content of external internet sites

Has China's housing bubble burst?
How the world's oldest clove tree defied an empire
Why Royal Ballet principal Sergei Polunin quit


Americas Africa Europe Middle East South Asia Asia Pacific