Printer Friendly

E-BUSINESS : Beware of the online criminals.

Byline: By Steve Pain

More than 40 per cent of shoppers in Birmingham will be going online for their Christmas presents - unwittingly putting themselves at risk from sophisticated internet criminals.

The figure comes from a new Government-backed campaign called Get Safe Online - getsafeonline.org - which also showed that 48 per cent of those questioned admitted to having very little or no knowledge of safe computing practices.

As threats from organised internet criminals grow, research from Get Safe Online also found that 84 per cent of people in the West Midlands would like more information about how to protect themselves online.

Some 29 per cent will not even attempt to shop online this Christmas because of fears about online security.

However, to help combat the threat the campaign has come up with five tips for safe online Christmas shopping: n Be informed - check the track record of any retailer unfamiliar to you. Don't reply to unsolicited bogus emails from retailers you don't recognise. Legitimate companies will never send an information request via a pop up. If you don't recognise the sender don't reply.

n Check the small print - be aware of details that may catch you out. Make sure you know how long delivery time is, whether there is a service charge and what the seller's cancellation and privacy policies are.

n Recognise signs of security - learn to look for the signs on your computer that tell you if your site is secure. The beginning of a web address should change from http to shttp or https. Your browser may also show that site is secure by a displaying a symbol such as a locked padlock.

n Keep your receipts - keep records of all your online orders. Print off any confirmation pages and emails and keep them in case you are charged incorrectly or the product does not arrive.

n Monitor your payment details - check your credit card and bank statements carefully and notify the bank as soon as you notice anything is wrong.

The campaign is a joint initiative between the Government, the National Hi-Tech Crime Unit, part of the National Crime Squad, and private sector sponsors from the worlds of technology, retail and finance, including BT, Dell, eBay, HSBC, Lloyds TSB, Microsoft, MessageLabs, securetrading.com and Yell.com.

"Increasingly we are seeing organised criminals turning to the internet as a vehicle for their criminality and this is even more critical around the busy Christmas shopping period," said Sharon Lemon, head of the National Hi-Tech Crime Unit.

" As more people in Birmingham connect to the Internet to shop, bank and communicate, we need to make sure that this is done as safely as possible, so they are not put at risk over the festive period. Get Safe Online gives the public the information they need to protect themselves."

Paul Henry, a security expert from specialist firm CyberGuard Corporation, also warns that organised criminal gangs are targeting online consumers with ever more sophisticated blended phishing attacks, some of which even find out details of their interests and use them to generate phishing emails tailored to tempt them into giving away their identities.

"In our day-to-day lives, both at home and at work, we are spending a great deal more of our time on our computers and on the internet," he said"This familiarity with technology can regrettably make people more susceptible, or worse yet - more gullible.

"Today consumers seem to trust technology more then they do individuals.

"This level of blind trust in technology, combined perhaps with our less cautious nature around the holidays, can provide a target-rich environment for cyber criminals."

He added: "Last holiday season, phishers were relying on fairly basic socially engineered emails (albeit with very poor grammar and spelling) enticing consumers to 'click here' on an embedded link within the email directing the recipient to an illegitimate 'copycat' website that looked identical to the real thing.

"Many internet users were unknowingly divulging their most personal financial information - PINs, credit card numbers, usernames and passwords to cyber criminals.

"As awareness has grown about phishing within the Internet community, the tactics used by phishers have evolved since the last holiday season to make it more difficult for the consumer to realise they are being duped."

According to Mr Henry automated URL obfuscation tools are more commonly being used now by phishers in their efforts to deceive would-be victims"With a freely downloadable tool from the internet, the phisher simply enters the URL of the legitimate website and then enters the address of the fake malicious website, with the tool automatically crafting a new "socially engineered" URL that includes the text from the legitimate URL as well as special characters that actually cause the URL to direct the browser to the fake malicious website.

"To the untrained eye this specially-crafted URL looks like the real thing."

The use of embedded Java script and Active X applets is also becoming more common in phishing emails.

"These scripts and applets can automatically place a graphic image of the expected legitimate URL on top of the address bar within the browser to hide the actual address that the browser is really being directed to," Mr Henry explained.

"Simply put, it has become a necessity to validate the authenticity of any website you are visiting before the submission any personal information.

"Right clicking on a web page within the browser will reveal a properties dialog box that provides the actual URL of the underlying webpage.

"You can quickly verify that the information being shown in the address bar within the browser matches the information shown on the properties dialog," he added.

If phishing isn't bad enough, this year, pharming will become an even bigger threat.

Pharming is the technological evolution of phishing, and while it requires a more sophisticated and technically savvy cyber criminal, it is growing rapidly.

"Rather then a reliance on social engineering and simple browser tricks to steal your personal financial information, pharmers rely more upon their technical skills.

"A skilful pharmer will take advantage of unpatched and vulnerable software using worms and viruses to compromise internet DNS servers or host files on personal computers to transparently redirect consumers to illegitimate websites to their harvest personal financial information.

"Pharming eliminates any of the telltale signs that you have been directed to an illegitimate fake website."

Mr Henry has also come up with a list of tips for safe onlineshopping. He advises: n Be certain your PC's operating system is up-to-date with the latest security patches as well as your antivirus and firewall software. n No matter how official it looks never click on an embedded URL contained in any email. Manually enter the URL in your browser address bar for your banking and credit card websites.

n Do not fill in forms contained within email, your personal financial information should never be sent by email. Only send your personal financial information via a secure website - verify that the URL contains https:// and that the closed lock appears on the lower right hand side of the browser for a secure website connection.

n Never click on an email attachment unless you know the sender and you were in fact expecting to receive the attachment.

n Use an online credit monitoring service that offers alerts when there are any changes to your credit report i.e. new accounts and purchases.

n Register with a credit card security system that requires a password to authorise transactions, such as Verified by Visa or MasterCard SecureCode.

n Do not use the auto fill facility on websites for credit card and other personal details.

n Use alternative secure online payment systems such as PayPal.

n Finally, common sense is your best defence - if it looks too good to be true then it probably is

CAPTION(S):

Online shopping can be a risky business without taking proper precautions
COPYRIGHT 2005 Birmingham Post & Mail Ltd
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2005 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Title Annotation:Business
Publication:The Birmingham Post (England)
Date:Dec 20, 2005
Words:1310
Previous Article:E-BUSINESS : A year of the good, the bad and the downright ugly frog.
Next Article:E-BUSINESS : You are carrying pounds 1,000 worth of gadgets now.


Related Articles
E-commerce law changes.
The Word is out on business cyber-crooks.

Terms of use | Privacy policy | Copyright © 2019 Farlex, Inc. | Feedback | For webmasters