[an error occurred while processing this directive]
BBC News
watch One-Minute World News
Last Updated: Friday, 5 May 2006, 17:02 GMT 18:02 UK
Protecting your online identity
Click's Spencer Kelly
By Spencer Kelly
Click presenter

A computer
Keep your security software update to stay safe online
Infosecurity Europe recently ran a fake street survey with the aim of getting as many people as possible to reveal personal information which they may use to protect their online identities.

A sweetener was offered: those who took part were offered the chance to win chocolate Easter Eggs. But in amongst the harmless questions about Easter were questions which could unlock our online identities.

Think you would not be caught out?

Most people freely handed over whatever personal information was asked of them such as their mother's maiden name and the names of their pets without seeing any proof of who their interviewer was.

While names and addresses are obvious personal information, mother's maiden name and pets names are key pieces of identifying information used by many banks and utility companies.

And of course, you do not need to stop someone in the street to get hold of critical information. "Phishing" e-mails, pretending to be from banks or other agencies, are still a security nightmare.

To find out more we spoke to Graham Cluley, a security expert from Sophos.

Spencer: "Is giving away your mother's maiden name or your pet's name enough to allow your identity to be stolen online?"

Graham: "Yes, because many online banks, or an email account, may ask you to tell them your mother's maiden name or your pet's name in order to remind you of your password. So people need to be really careful who they give that information to.

"And maybe, next time you go to your online bank and it asks for your mother's maiden name, make one up rather than telling them the real one! That way it's harder for other people to work it out."

Spencer: "We've heard about a lot of different online threats throughout the years here on Click. One of the latest are not just 'phishing' e-mails - which are e-mails posing as your bank - but 'spear phishing' e-mails. What are they?"

Graham: "Spear phishing is a very targeted attack. The e-mail comes in perhaps pretending to be from your IT or Personnel dept, and it'll say 'can you confirm details about yourself, your national insurance number, your password'.

"It looks like an internal e-mail, and maybe it contains a link to a website and you think you're going to your company intranet, and it looks like that when you go to it, but in fact it's a site which hackers have set up to steal information about you."

Spencer: "Another of the threats that has appeared on our radar recently is the Root Kit. What are they?"

Graham: "Root Kits sound really scary. They've actually been around for some years. These are pieces of malicious code that hide at a very low level on your operating system on your computer.

"Basically it makes them act a little bit like a stealth fighter, they're invisible, it's like they're radar-proof. So it's very hard for anti-virus software to stop them and detect that they're on your computer."

Spencer: "So is anti-virus software no good anymore?"

Graham: "No, it can stop it when it comes in. It finds it harder to detect it once it's already in place, although there are tools to do that as well. But it is something we're beginning to see some hackers using as a form of camouflage."

Spencer: "What can I do if I have a Root Kit on my machine?"

Graham: "The best thing you can do is boot up from another device, maybe from your USB stick. So you boot up from that, then the Root Kit won't be in memory, won't be active, and your anti-virus software should be able to detect it on your drive."

Top Security Tips

  • It is possible to spoof where and who an e-mail has been sent from, so trust your instincts. If it includes words the sender would not normally use it may well be a spoof.
  • Banks do not ask for details in an email. So do not send any.
  • Only click on attachments or links in an e-mail if you are sure where they came from. Remember you can visit a link by typing the URL into the address bar rather than trusting where the link will take you.
  • If you are conducting a transaction look for the padlock symbol, it means you have a secure connection to a website.
  • Because anything - and we mean anything - on your computer screen can now be duped, so can padlocks. One clue is that if it does not appear where the real one would be it is fake.
  • Keep your anti-virus software up-to-date. Turn your firewall on, batten down the hatches, and make sure you have set your operating system to download all the latest patches.



SEE ALSO:
BBC used to entice cyber victims
31 Mar 06 |  Technology
Who does the net think you are?
20 Feb 06 |  Technology


RELATED BBC LINKS:

PRODUCTS & SERVICES

Americas Africa Europe Middle East South Asia Asia Pacific