News Old

While the UK struggles to make progress towards the digital transformation many experts say it needs to ensure a secure, prosperous future for its citizens, other countries around the world are proving more decisive. Adoption of “foreign” technology, as well as concerns over civil rights and liberties, have been cited as possible obstacles to progress in this area among different groups within the British polity.

Perhaps for reasons of culture and history, some nation states adapt to and adopt change more quickly than others. As a recent international conference has shown, in the field of online digital identity verification, four countries in particular are making great strides in embracing this technology; to the benefit, as their leaders see it, of their states, businesses and citizens.

International cooperation during the pandemic

October 2020 saw a Global Government Forum on digital ID. This was, of course, a webinar; apart from other logistics involved in organizing such a forum in person, the global Covid 19 pandemic made any possibility of this redundant. Nevertheless, the forum went ahead. It was a meeting between an IT provider and leading civil servants from the governments of Germany, Norway, Estonia and Singapore.

If this collection of countries seems rather unlikely, that is not surprising. The first three territories lie in northern Europe, the fourth in south east Asia. Germany is the world’s fourth richest country, Estonia the 21st. Norway has a population density of 15 people per square kilometre, Singapore 8,358. There are many other factors which divide this collection of nations and economies, but one which unites them; E-Government.

In fact, Estonia ranks in the top three of the UN’s E-Government survey. It, along with other countries including Singapore, is showing the way forward in incorporating digital transformation as a mainstream national economic strategy, post-pandemic and into the 21st century. Crucial to these strategies is the adoption of online digital ID verification.

Relative ease of implementation

Estonia and Singapore have advantages over other countries in terms of implementing national digital ID systems. In Estonia, for example, the collapse of the Soviet Union and the Eastern Bloc in the early 1990s meant that the national government was able to start from scratch in many ways. One of these was in using technology to develop the country’s economy as quickly as possible.

Singapore, meanwhile, is defined by its island geography, and is a self-contained nation state. With tight control over its borders, who is allowed to cross them, why and when, the establishment of a digital national ID system presents far fewer problems than in many nation states. Singapore is also a leading financial services provider, and an IT innovator in its own right.

Success stories

Both Estonia and Singapore have used digital ID as a means of making their citizens’ lives easier, government more efficient, and businesses more profitable. For its part, Norway is looking to streamline a national digital ID scheme with its banking system; this has already seen a 92% adoption rate among its citizens. The German government, meanwhile, is hurrying to adopt digital ID before businesses within its own borders do just that, at a huge profit.

Identity theft is the crime of obtaining the personal or financial information of another person to use their identity to commit fraud, such as making unauthorized transactions or purchases. Identity theft is committed in many different ways and the end result is that victims are typically left with damage to their credit, finances, and reputation.

Identity theft occurs when someone steals your personal information and credentials to commit fraud.

There are various forms of identity theft, but the most common is financial.

Identity theft protection is a growing industry that keeps track of people’s credit reports, financial activity, and Social Security number use.

Understanding Identity Theft

Identity theft occurs when someone steals your personal information—such as your Social Security number, bank account number, and credit card information. Identity theft is committed in many different ways. Some identity thieves sift through trash bins looking for bank account and credit card statements. Other more high-tech methods involve accessing corporate databases to steal lists of customer information. Once they have the information they are looking for, identity thieves can ruin a person’s credit rating and the standing of other personal information.

Identity thieves increasingly use computer technology to obtain other people’s personal information for identity fraud. To find such information, they may search the hard drives of stolen or discarded computers; hack into computers or computer networks; access computer-based public records; use information gathering malware to infect computers; browse social networking sites; or use deceptive emails or text messages.

Victims of identity theft often do not know their identity has been stolen until they begin receiving calls from creditors or are turned down for a loan because of a bad credit score.

Types of Identity Theft

There are several types of identity theft including:

Financial Identity Theft

In financial identity theft, someone uses another person’s identity or information to obtain credit, goods, services, or benefits. This is the most common form of identity theft.

Social Security Identity Theft

If identity thieves get a hold of your Social Security number they can use it to apply for credit cards and loans and then not pay outstanding balances. Fraudsters can also use your number to receive medical, disability, and other benefits.

Medical Identity Theft

In medical identity theft, someone poses as another person to obtain free medical care.

Synthetic Identity Theft

Synthetic identity theft is a type of fraud in which a criminal combines real (usually stolen) and fake information to create a new identity, which is used to open fraudulent accounts and make fraudulent purchases. Synthetic identity theft allows the criminal to steal money from any credit card companies or lenders who extend credit based on the fake identity.

Child Identity Theft

In child identity theft, someone uses a child’s identity for various forms of personal gain. This is common, as children typically do not have information associated with them that could pose obstacles for the perpetrator, who may use the child’s name and Social Security number to obtain a residence, find employment, obtain loans or avoid arrest on outstanding warrants. Often, the victim is a family member, child of a friend or someone else close to the perpetrator. Some people even steal the personal information of deceased loves ones.

Tax Identity Theft

Tax identity theft occurs when someone uses your personal information, including your Social Security number, to file a bogus state or federal tax return in your name and collect a refund.

Criminal Identity Theft

In criminal identity theft, a criminal poses as another person during arrest to try to avoid a summons, prevent the discovery of a warrant issued in their real name, or avoid an arrest or conviction record.

The unprecedented events of 2020 have led to a number of developments in the United Kingdom, many of which will be with its citizens for years to come. Social distancing, remote working and self isolation have highlighted some of the benefits of digital transformation for individuals, businesses and the state. However, it is fair to say that the issue of technology and how people use it – and vice versa – is proving to be a thorny subject for the UK’s government.

For those who see online ID and documentation checking as a positive way forward for modern societies, some of the developing situations in Britain will make for disturbing reading. How successfully the government manages the digital economy and society in the coming months could be pivotal for many reasons.

IT’s high profile during lockdown

From the implementation of a national lockdown in the UK in March of 2020, the role of IT, the internet and telecommunications assumed an even greater significance than it had held already. With the closure of educational establishments, in particular, remote learning became the only way most students could receive any teaching. On top of this, the UK’s population were told to work from home wherever possible.

Zoom made its debut into the lives of millions of Britons. From parliament to virtual family get-togethers, this proprietorial piece of software and its boxes became a fixture of national life. As such, Zoom represented a positive contribution which IT could make to normal people’s lives.

At the same time, however, other promised IT-based developments had the opposite effect. In particular, the failure to initiate any kind of track and trace system, as successfully adopted early in other countries, became something of an issue. When the government then held a failed trial on the Isle of Wight, this blow to confidence in IT was compounded.

Concerns over data use

Whatever the perceived merits of IT among the British public, its merits are being promoted by the government. There have been announcements in the press about a desire to introduce a UK-wide digital identity system, to help both during and after the pandemic. With such a system, for example, it is argued that owners of pubs and restaurants will be able to instantly verify a customer’s age.

Civil liberties groups, however, are far from convinced that a national digital ID scheme is either desirable or practicable. They cite examples of abuses both in the UK and abroad. In 2019, the UK government was forced to apologize to EU citizens and its own Windrush subjects for data breaches. Elsewhere, a breach in India in 2018 led to the details of many millions of its citizens being leaked via an insecure ID card.

Careful management needed

There are many examples from across the world where secure, online digital ID verification makes a huge contribution to society and economies. This situation should be possible in the UK going forward, as the country has both the expertise and resources either in place or within reach. How the government negotiates its way through the end of lockdown restrictions and into a “new normal” could define how – or if – the UK is able to harness this technology.

Personal identity theft will almost certainly have a negative effect on your finances, but the other consequence from this criminal act is the impact it has on your mental health.

Online racketeering can leave you penniless, have you falsely arrested because of criminal identity theft or have bailiffs hammering on your door demanding payment for a loan taken out in your name.

As a result of this financial blow comes an impact on your mental health, an aspect of cybercrime which is often overlooked.

Financial

Financial complications caused by personal identity theft can last for months. If the cybercriminal has gained access to your personal details and has emptied your bank account, there is a chance your institution will not reimburse you.

So, never:

• provide your bank details to a caller or in an email from someone claiming to be from your bank or the police. If you willingly provide these details, your bank is unlikely to reimburse you.
• give a stranger your password or security codes to your accounts

And always:

• report any suspicious activity on your account to your bank’s fraud team
• freeze your account by calling the bank immediately once you realise your card has been stolen
• call your mobile phone provider and block your phone immediately if it has been stolen.

A sound credit rating is important to all of us and if the thief has taken out loans in your name then it might take months to restore your good credit. This could have a huge financial impact on those of us who are planning to apply for a mortgage or need to take out a loan ourselves due to unforeseen circumstances.

Emotional

Financial loss is one thing, but with personal identity theft often comes an emotional consequence that can take years to overcome.

Cybercrime victims are almost always traumatised to some degree when not only have they been robbed, but a myriad of emotions ranging from annoyance and anger to depression and guilt.

The emotional impact on the victim depends on the level of cybercrime. Some people might feel initial shock or annoyance, followed by anger, while others take the invasion of privacy far more seriously and experience anxiety and depression.

Guilt is a common emotion following many a cyberattack. If the victim was duped into providing personal information that led to the crime, they will feel that they should have known better. If the crime has a financial impact not only on the invidual, but a family or an organisation, the victim will experience all the more guilt.

If personal slurs have been put about on social media under your name, then this type of personal identity theft can have a devastating effect on your mental health. This type of acrimonious activity could be aimed at ruining your reputation and clearing your name is going to take time.

If you are a victim of a cybercrime of any sort the UK’s Cyber Helpline can offer a range of advise and support to help you through your dilemma.

From breaking into our bank accounts to bypassing our passwords, we are becoming increasingly familiar with the unpleasant effects of identity theft.

In the USA alone, losses of about $1 billion are registered every year relating to identity theft.

There are ways of keeping on top of your personal online security and it is important to keep up to date with the latest in cybercrime.

Enticing offers

Think twice about clicking on an advertisement pop-up or even filling out a form without reading the terms and conditions carefully. Even normal browsing activities like clicking on an enticing ad or filling out a form for downloadable content can lead to online identity theft when users don’t know what to look for. Keyloggers can be overlaid on seemingly legitimate banking or investment apps and intrusive tracking procedures can be signed off on by users who fail to read terms and conditions notices carefully.

Downloading files

Check that the site you are downloading from is secure before downloading any files. The main files to avoid are ones with extensions ending in exe, scr, bat, com or pif. Double extensions such as a file ending in exe.gif are dangerous too, so don’t download a file ending in either of these.

You can also validate a file’s digital signature by clicking on the publisher link in the security dialogue box when you first download a file.

Clicking on pop-ups

Pop-ups are small windows that appear over the top of web pages in your internet browser and although not all are bad, some can be devastating, delving into your data and wreaking havoc with your personal details.

Pop-ups that are up to no good often include a button that prompts you to close or cancel it, but this doesn’t mean it is going to dismiss the pop-up. Instead, it could trigger another pop-up or even download a virus. Most of us have the facility to block pop-ups on our computers and we should check that this is in place if we keep getting pesky and suspicious alerts.

Some don’t come from websites but from malware or a Trojan Horse that has been secretly installed on our systems. If you discover this and you use the computer for banking and online shopping, then change all your passwords immediately and have the computer thoroughly cleaned by using good security software.

Opening email attachments

Email attachments can carry potential dangers, especially if the email that arrives in your inbox is one you don’t recognise. Don’t be tricked into opening up an attachment even if it is marked “urgent”. In the click of a button your personal online identity could be compromised.

Using information taken from an initial email, cybercriminals can combine seemingly innocent pieces of data like an IP address and the software version you are using to send a more convincing email in the hopes that it’ll grab your attention. This is known as bait mail.

Your spam mail monitor should be reducing the risk of you opening a phishing email, but if by chance one escapes the net and lands in your box, then don’t open it or any of the attachments that come with it.

Posing as someone else is so much easier in this age of high technology with computers and mobile devices used to intimidate or dupe victims.

This is known as cyberbullying and while adults have their fair share, children are the ones who are most likely to feel the brunt of this harmful hectoring.

It is estimated that a staggering 75 percent of our teenagers have little or even no parental supervision while they are online. It is this lack of control that has made cyberbullying a type of abuse that can have catastrophic results such as teen suicide.

It is unrealistic for adults to be expected to be there at the computer or every time our children use their mobiles. There are ways, however, we can play our part in identifying and educating our youngsters when it comes to cyberbullying.

Spread the word

The best way to out cyberbullies is to share examples of their behaviour. Teachers often use role playing as an effective way of getting the message across. They encourage their pupils to come up with examples of what they perceive cyberbullying to be and then the class is expected to come up with solutions to this.

If your child has become a victim of online bullying, don’t hesitate to let the school know. Schools take bullying in any shape or form very seriously and will have tools in place to deal with this. Teachers, likewise, should alert parents and the headteacher if they come across this type of abuse.

Make regular checks

As we mentioned, we can’t be all places at all times and that there will be periods where your child will have unsupervised access to a computer or a mobile phone. This doesn’t mean to say you don’t implement any sort of controls. You can be aware of what they are doing online by keeping the computer screen where you can see it. Having a laptop, tablet or computer in a teen’s bedroom is not ideal. If possible, create a specific area for them to study.

Get in the know

Make it your busines to know what social networks your child subscribes to. If they are on Facebook, for example, make sure you show them how to block a user, report any abuse and set their own privacy controls. Warn them not to “friend” anyone they don’t know. Also, make them aware that others can create a Facebook page stealing their identity therefore putting the blame of cyberbullying squarely on their shoulders.

As much as they will protest, you should know their passwords to all of their social networking sites. It is either this or no computer or mobile time at all. It is important to establish clear guidelines of what you expect from them.

Examples of cyberbullying:

• Assuming someone else’s identity with a malicious intent to play pranks on them and others
• Spreading lies or rumours about someone via text messages, emails or messages via social media. This includes forwarding messages from others
• Tricking someone into revealing personal information or sending images
• Threats to physically harm someone or their family

There is a telephone version of email scams or phishing as it is called and this one is vising, the art of tricking someone to reveal personal information by thieves who can use it for their own gain.

Personal identity theft has found its way onto the internet and is a cybercrime, but criminals have found other ways of stealing your personal data and vishing is one of them.

A vishing crook typically pretends to be an official from a legitimate institute such as your bank. They have worked hard at honing their convincing skills and these calls are designed to generate fear and an immediate response from you. There is snap vishing, which are short, sharp calls to convince to you to provide your card details and then there is a longer, more coaxing method that entice you to part with most of your money.

How to be vishing vigilant:

They phone you

Be suspicious if you receive an unsolicited call. Organisations like banks or your chosen utility company won’t phone you out of the blue asking you to confirm information they already have for you. They won’t ask for passwords or security codes. Don’t provide the caller with any information, hang up, and call the organisation they say they are representing to report the incident.

An unknown number

A vishing call will be from a telephone number that is not in your contacts. You won’t have seen this number before. The number is not going to match the official contact details of any legitimate organisation or company.

Sense of urgency

A vishing caller will impart a sense of urgency. They aim to alarm you by saying that suspicious activity has been noted on your bank account. The only suspicious activity is the telephone call you are having with someone who is not who they claim to be.

Trust your gut

If your instincts tell you that something is not quite right, then it probably isn’t. You don’t have to be rude to the person on the other end, but don’t give in to them and hand over your details. This will almost certainly be a personal identity thief, who will cause you a great deal of anxiety and stress in the long run.

What to do if you have been “vished”

Becoming a victim of vishing can happen to the best of us, so don’t feel ashamed It is easy to fall for a vishing scam, especially if you are caught off-guard. The key focus is to act swiftly once you realise you have become a victim of vishing.

• Contact the organisation that was being imitated. The sooner you do this so that your cards can be cancelled and your account frozen, the better.
• Chang any shared information. If you provided the criminal caller with a password or a security code, then this should be changed immediately.
• If needs be, contact your local police or Action Fraud. If you have been robbed remotely, then call 101 or log on to the Action Fraud website. While it isn’t an emergency, it is a crime that needs to be reported. Get an incident number, just in case you need it for insurance purposes.

Cybercrime, in the form of high-profile ransomware campaigns, have grown significantly in the last year, according to The National Crime Agency UK (NCA).

The NCA says this type of online crime continues to rise in complexity and scales, affecting essential services, businesses and individuals. This is costing the UK billions of pounds every year, causing damage and even posing a threat to national security.

Cybercrime continues to rise in scale and complexity, affecting essential services, businesses and private individuals alike. Cybercrime costs the UK billions of pounds, causes untold damage, and threatens national security.

Increase in teen cybercrime

More young people, the NCA reports, are getting involved with cybercrime as they use their computer literacy to develop ways of committing personal identity theft. Gone are the days when teenagers committed petty crime like stealing sweets from the corner store. The NCA appeals to parents to have a conversation with our children to help them make the right choices. It says that although young cybercrime is often driven by peer pressure than financial reward.

The NCA’s recent #CyberChoices campaign encouraged parents of young people with cyber skills to talk to them about their ambitions and the opportunities to use their skills positively.

Threat from cybercrime

Data breaches are on a “massive scale”, the NCA says, creating thousands of UK victims of personal identity theft. These breaches aren’t fraud-exclusive, they can put lives at risk and damage services.

It uses the WannaCry ransomware that struck the NHS as an example. It targeted 16 NHS trusts one by one, encrypting crucial data on infected computers, demanding a ransom paid by Bitcoin to re-instate user-access. It was the largest cyberattack the NHS had ever experienced, resulting in doctors being locked out of patient records and forcing emergency rooms to send patients to other hospitals.

The NCA warns that although many cybercrimes threatening UK interests come from abroad, “homegrown” cyber offences are increasing.

NCA names top cyberthreats

• Hacking. This is common through social media and hacking into computers through obtaining email passwords.
• Phishing. This is the name for email scams asking for security information like the three-digit number on the back of debit and credit cards and other sensitive personal data to plunder bank accounts or go on an online buying spree, using your details. bogus emails asking for security information and personal details
• Malicious software. This includes ransomware through which criminals hijack files and hold them to ransom until payment is received
• Distributed denial of service (DDOS) attacks against websites. WannaCry is an example of this type of cyber extortion.

Under-reporting of cybercrime

Cyber-attacks are financially devastating and disrupting and upsetting to businesses and individuals alike, but just a small percentage is reported to the relevant authorities, according to the NCA. It is thought that companies fear reporting a crime because it might disrupt their business even further as the incident undergoes investigation.

The NCA urges businesses and individuals to seek advice and support from Cyber Aware, Get Safe Online or the National Cyber Security Centre. If you are a victim of cybercrime report it to Action Fraud, the UK’s fraud and cybercrime reporting centre.

Fake virus alerts are especially nasty forms of adware because they play on our fears and by exploiting these fears, put us at greater risk of what we were worried about in the first place.

Fake virus alerts are paid for by cybercriminals who hope you will take the bait and download their malware onto your computer.

Where you can encounter fake virus alerts

They usually come in the form of pop-windows that appear when you visit certain websites. The best way to avoid these pop-ups s not to visit these websites again. Websites to avoid are sites offering free access to a service you would normally have to pay for. These sites include those offering streaming versions of the latest episodes of television series or current movies.

These usually appear as pop-up messages on your computer screen or any mobile device including your phone. This pop-up pretends to be an antivirus cybersecurity product that has detected malware infections on your computer.

Unfortunately, there is not why of gauging the risks before you visit a site. Fake virus alert removals can only be carried out by those who own the website’s domain name.

Use common sense

Through years of online experience most of us can identify risky sites before we click on a link to them. If you see a site may be risky or you receive an alert from your browser warning that it might be unsecured, don’t click on the link.

If you have an anti-virus programme on your device, you should never receive a virus alert and if so, you must come to the conclusion immediately that this is a fake notification and should be ignored at all costs.

Reasons not to click the bogus link

There is a chance your system has already been comprised if you have clicked on the link. This means these message have found a a way to lock your browser disabling your ability to leave the fake message unless you restart your browser. If you can’t close the browser tab and can’t select another tab you will have to force quit your browser and then open it without reloading all the tabs open from the previous session.

You might be able to close the tab and restart the browser and the bogus alert will disappear. Sadly, this is rarely the case and you will have to uninstall and install your browser all over again.

In the worst-case scenario, the malware compromising your system calls for a total system reset. This is why it is essential to back up your files on a USB stick or save them to the Cloud.

How to spot a fake alert

• Fake-sounding product names that you have never heard of before
• Vague promises such as commitments to keeping your computer virus free if you cough up the sizable fee
• High frequency of alerts. If you are receiving these alerts more than once daily, then the alert is likely to be fake
• Poor English and spelling mistakes. Reputable companies very rarely publicly send out messages that are riddled with errors.