News Old

The unprecedented events of 2020 have led to a number of developments in the United Kingdom, many of which will be with its citizens for years to come. Social distancing, remote working and self isolation have highlighted some of the benefits of digital transformation for individuals, businesses and the state. However, it is fair to say that the issue of technology and how people use it – and vice versa – is proving to be a thorny subject for the UK’s government.

For those who see online ID and documentation checking as a positive way forward for modern societies, some of the developing situations in Britain will make for disturbing reading. How successfully the government manages the digital economy and society in the coming months could be pivotal for many reasons.

IT’s high profile during lockdown

From the implementation of a national lockdown in the UK in March of 2020, the role of IT, the internet and telecommunications assumed an even greater significance than it had held already. With the closure of educational establishments, in particular, remote learning became the only way most students could receive any teaching. On top of this, the UK’s population were told to work from home wherever possible.

Zoom made its debut into the lives of millions of Britons. From parliament to virtual family get-togethers, this proprietorial piece of software and its boxes became a fixture of national life. As such, Zoom represented a positive contribution which IT could make to normal people’s lives.

At the same time, however, other promised IT-based developments had the opposite effect. In particular, the failure to initiate any kind of track and trace system, as successfully adopted early in other countries, became something of an issue. When the government then held a failed trial on the Isle of Wight, this blow to confidence in IT was compounded.

Concerns over data use

Whatever the perceived merits of IT among the British public, its merits are being promoted by the government. There have been announcements in the press about a desire to introduce a UK-wide digital identity system, to help both during and after the pandemic. With such a system, for example, it is argued that owners of pubs and restaurants will be able to instantly verify a customer’s age.

Civil liberties groups, however, are far from convinced that a national digital ID scheme is either desirable or practicable. They cite examples of abuses both in the UK and abroad. In 2019, the UK government was forced to apologize to EU citizens and its own Windrush subjects for data breaches. Elsewhere, a breach in India in 2018 led to the details of many millions of its citizens being leaked via an insecure ID card.

Careful management needed

There are many examples from across the world where secure, online digital ID verification makes a huge contribution to society and economies. This situation should be possible in the UK going forward, as the country has both the expertise and resources either in place or within reach. How the government negotiates its way through the end of lockdown restrictions and into a “new normal” could define how – or if – the UK is able to harness this technology.

Personal identity theft will almost certainly have a negative effect on your finances, but the other consequence from this criminal act is the impact it has on your mental health.

Online racketeering can leave you penniless, have you falsely arrested because of criminal identity theft or have bailiffs hammering on your door demanding payment for a loan taken out in your name.

As a result of this financial blow comes an impact on your mental health, an aspect of cybercrime which is often overlooked.

Financial

Financial complications caused by personal identity theft can last for months. If the cybercriminal has gained access to your personal details and has emptied your bank account, there is a chance your institution will not reimburse you.

So, never:

• provide your bank details to a caller or in an email from someone claiming to be from your bank or the police. If you willingly provide these details, your bank is unlikely to reimburse you.
• give a stranger your password or security codes to your accounts

And always:

• report any suspicious activity on your account to your bank’s fraud team
• freeze your account by calling the bank immediately once you realise your card has been stolen
• call your mobile phone provider and block your phone immediately if it has been stolen.

A sound credit rating is important to all of us and if the thief has taken out loans in your name then it might take months to restore your good credit. This could have a huge financial impact on those of us who are planning to apply for a mortgage or need to take out a loan ourselves due to unforeseen circumstances.

Emotional

Financial loss is one thing, but with personal identity theft often comes an emotional consequence that can take years to overcome.

Cybercrime victims are almost always traumatised to some degree when not only have they been robbed, but a myriad of emotions ranging from annoyance and anger to depression and guilt.

The emotional impact on the victim depends on the level of cybercrime. Some people might feel initial shock or annoyance, followed by anger, while others take the invasion of privacy far more seriously and experience anxiety and depression.

Guilt is a common emotion following many a cyberattack. If the victim was duped into providing personal information that led to the crime, they will feel that they should have known better. If the crime has a financial impact not only on the invidual, but a family or an organisation, the victim will experience all the more guilt.

If personal slurs have been put about on social media under your name, then this type of personal identity theft can have a devastating effect on your mental health. This type of acrimonious activity could be aimed at ruining your reputation and clearing your name is going to take time.

If you are a victim of a cybercrime of any sort the UK’s Cyber Helpline can offer a range of advise and support to help you through your dilemma.

From breaking into our bank accounts to bypassing our passwords, we are becoming increasingly familiar with the unpleasant effects of identity theft.

In the USA alone, losses of about $1 billion are registered every year relating to identity theft.

There are ways of keeping on top of your personal online security and it is important to keep up to date with the latest in cybercrime.

Enticing offers

Think twice about clicking on an advertisement pop-up or even filling out a form without reading the terms and conditions carefully. Even normal browsing activities like clicking on an enticing ad or filling out a form for downloadable content can lead to online identity theft when users don’t know what to look for. Keyloggers can be overlaid on seemingly legitimate banking or investment apps and intrusive tracking procedures can be signed off on by users who fail to read terms and conditions notices carefully.

Downloading files

Check that the site you are downloading from is secure before downloading any files. The main files to avoid are ones with extensions ending in exe, scr, bat, com or pif. Double extensions such as a file ending in exe.gif are dangerous too, so don’t download a file ending in either of these.

You can also validate a file’s digital signature by clicking on the publisher link in the security dialogue box when you first download a file.

Clicking on pop-ups

Pop-ups are small windows that appear over the top of web pages in your internet browser and although not all are bad, some can be devastating, delving into your data and wreaking havoc with your personal details.

Pop-ups that are up to no good often include a button that prompts you to close or cancel it, but this doesn’t mean it is going to dismiss the pop-up. Instead, it could trigger another pop-up or even download a virus. Most of us have the facility to block pop-ups on our computers and we should check that this is in place if we keep getting pesky and suspicious alerts.

Some don’t come from websites but from malware or a Trojan Horse that has been secretly installed on our systems. If you discover this and you use the computer for banking and online shopping, then change all your passwords immediately and have the computer thoroughly cleaned by using good security software.

Opening email attachments

Email attachments can carry potential dangers, especially if the email that arrives in your inbox is one you don’t recognise. Don’t be tricked into opening up an attachment even if it is marked “urgent”. In the click of a button your personal online identity could be compromised.

Using information taken from an initial email, cybercriminals can combine seemingly innocent pieces of data like an IP address and the software version you are using to send a more convincing email in the hopes that it’ll grab your attention. This is known as bait mail.

Your spam mail monitor should be reducing the risk of you opening a phishing email, but if by chance one escapes the net and lands in your box, then don’t open it or any of the attachments that come with it.

Posing as someone else is so much easier in this age of high technology with computers and mobile devices used to intimidate or dupe victims.

This is known as cyberbullying and while adults have their fair share, children are the ones who are most likely to feel the brunt of this harmful hectoring.

It is estimated that a staggering 75 percent of our teenagers have little or even no parental supervision while they are online. It is this lack of control that has made cyberbullying a type of abuse that can have catastrophic results such as teen suicide.

It is unrealistic for adults to be expected to be there at the computer or every time our children use their mobiles. There are ways, however, we can play our part in identifying and educating our youngsters when it comes to cyberbullying.

Spread the word

The best way to out cyberbullies is to share examples of their behaviour. Teachers often use role playing as an effective way of getting the message across. They encourage their pupils to come up with examples of what they perceive cyberbullying to be and then the class is expected to come up with solutions to this.

If your child has become a victim of online bullying, don’t hesitate to let the school know. Schools take bullying in any shape or form very seriously and will have tools in place to deal with this. Teachers, likewise, should alert parents and the headteacher if they come across this type of abuse.

Make regular checks

As we mentioned, we can’t be all places at all times and that there will be periods where your child will have unsupervised access to a computer or a mobile phone. This doesn’t mean to say you don’t implement any sort of controls. You can be aware of what they are doing online by keeping the computer screen where you can see it. Having a laptop, tablet or computer in a teen’s bedroom is not ideal. If possible, create a specific area for them to study.

Get in the know

Make it your busines to know what social networks your child subscribes to. If they are on Facebook, for example, make sure you show them how to block a user, report any abuse and set their own privacy controls. Warn them not to “friend” anyone they don’t know. Also, make them aware that others can create a Facebook page stealing their identity therefore putting the blame of cyberbullying squarely on their shoulders.

As much as they will protest, you should know their passwords to all of their social networking sites. It is either this or no computer or mobile time at all. It is important to establish clear guidelines of what you expect from them.

Examples of cyberbullying:

• Assuming someone else’s identity with a malicious intent to play pranks on them and others
• Spreading lies or rumours about someone via text messages, emails or messages via social media. This includes forwarding messages from others
• Tricking someone into revealing personal information or sending images
• Threats to physically harm someone or their family

There is a telephone version of email scams or phishing as it is called and this one is vising, the art of tricking someone to reveal personal information by thieves who can use it for their own gain.

Personal identity theft has found its way onto the internet and is a cybercrime, but criminals have found other ways of stealing your personal data and vishing is one of them.

A vishing crook typically pretends to be an official from a legitimate institute such as your bank. They have worked hard at honing their convincing skills and these calls are designed to generate fear and an immediate response from you. There is snap vishing, which are short, sharp calls to convince to you to provide your card details and then there is a longer, more coaxing method that entice you to part with most of your money.

How to be vishing vigilant:

They phone you

Be suspicious if you receive an unsolicited call. Organisations like banks or your chosen utility company won’t phone you out of the blue asking you to confirm information they already have for you. They won’t ask for passwords or security codes. Don’t provide the caller with any information, hang up, and call the organisation they say they are representing to report the incident.

An unknown number

A vishing call will be from a telephone number that is not in your contacts. You won’t have seen this number before. The number is not going to match the official contact details of any legitimate organisation or company.

Sense of urgency

A vishing caller will impart a sense of urgency. They aim to alarm you by saying that suspicious activity has been noted on your bank account. The only suspicious activity is the telephone call you are having with someone who is not who they claim to be.

Trust your gut

If your instincts tell you that something is not quite right, then it probably isn’t. You don’t have to be rude to the person on the other end, but don’t give in to them and hand over your details. This will almost certainly be a personal identity thief, who will cause you a great deal of anxiety and stress in the long run.

What to do if you have been “vished”

Becoming a victim of vishing can happen to the best of us, so don’t feel ashamed It is easy to fall for a vishing scam, especially if you are caught off-guard. The key focus is to act swiftly once you realise you have become a victim of vishing.

• Contact the organisation that was being imitated. The sooner you do this so that your cards can be cancelled and your account frozen, the better.
• Chang any shared information. If you provided the criminal caller with a password or a security code, then this should be changed immediately.
• If needs be, contact your local police or Action Fraud. If you have been robbed remotely, then call 101 or log on to the Action Fraud website. While it isn’t an emergency, it is a crime that needs to be reported. Get an incident number, just in case you need it for insurance purposes.

Cybercrime, in the form of high-profile ransomware campaigns, have grown significantly in the last year, according to The National Crime Agency UK (NCA).

The NCA says this type of online crime continues to rise in complexity and scales, affecting essential services, businesses and individuals. This is costing the UK billions of pounds every year, causing damage and even posing a threat to national security.

Cybercrime continues to rise in scale and complexity, affecting essential services, businesses and private individuals alike. Cybercrime costs the UK billions of pounds, causes untold damage, and threatens national security.

Increase in teen cybercrime

More young people, the NCA reports, are getting involved with cybercrime as they use their computer literacy to develop ways of committing personal identity theft. Gone are the days when teenagers committed petty crime like stealing sweets from the corner store. The NCA appeals to parents to have a conversation with our children to help them make the right choices. It says that although young cybercrime is often driven by peer pressure than financial reward.

The NCA’s recent #CyberChoices campaign encouraged parents of young people with cyber skills to talk to them about their ambitions and the opportunities to use their skills positively.

Threat from cybercrime

Data breaches are on a “massive scale”, the NCA says, creating thousands of UK victims of personal identity theft. These breaches aren’t fraud-exclusive, they can put lives at risk and damage services.

It uses the WannaCry ransomware that struck the NHS as an example. It targeted 16 NHS trusts one by one, encrypting crucial data on infected computers, demanding a ransom paid by Bitcoin to re-instate user-access. It was the largest cyberattack the NHS had ever experienced, resulting in doctors being locked out of patient records and forcing emergency rooms to send patients to other hospitals.

The NCA warns that although many cybercrimes threatening UK interests come from abroad, “homegrown” cyber offences are increasing.

NCA names top cyberthreats

• Hacking. This is common through social media and hacking into computers through obtaining email passwords.
• Phishing. This is the name for email scams asking for security information like the three-digit number on the back of debit and credit cards and other sensitive personal data to plunder bank accounts or go on an online buying spree, using your details. bogus emails asking for security information and personal details
• Malicious software. This includes ransomware through which criminals hijack files and hold them to ransom until payment is received
• Distributed denial of service (DDOS) attacks against websites. WannaCry is an example of this type of cyber extortion.

Under-reporting of cybercrime

Cyber-attacks are financially devastating and disrupting and upsetting to businesses and individuals alike, but just a small percentage is reported to the relevant authorities, according to the NCA. It is thought that companies fear reporting a crime because it might disrupt their business even further as the incident undergoes investigation.

The NCA urges businesses and individuals to seek advice and support from Cyber Aware, Get Safe Online or the National Cyber Security Centre. If you are a victim of cybercrime report it to Action Fraud, the UK’s fraud and cybercrime reporting centre.

Fake virus alerts are especially nasty forms of adware because they play on our fears and by exploiting these fears, put us at greater risk of what we were worried about in the first place.

Fake virus alerts are paid for by cybercriminals who hope you will take the bait and download their malware onto your computer.

Where you can encounter fake virus alerts

They usually come in the form of pop-windows that appear when you visit certain websites. The best way to avoid these pop-ups s not to visit these websites again. Websites to avoid are sites offering free access to a service you would normally have to pay for. These sites include those offering streaming versions of the latest episodes of television series or current movies.

These usually appear as pop-up messages on your computer screen or any mobile device including your phone. This pop-up pretends to be an antivirus cybersecurity product that has detected malware infections on your computer.

Unfortunately, there is not why of gauging the risks before you visit a site. Fake virus alert removals can only be carried out by those who own the website’s domain name.

Use common sense

Through years of online experience most of us can identify risky sites before we click on a link to them. If you see a site may be risky or you receive an alert from your browser warning that it might be unsecured, don’t click on the link.

If you have an anti-virus programme on your device, you should never receive a virus alert and if so, you must come to the conclusion immediately that this is a fake notification and should be ignored at all costs.

Reasons not to click the bogus link

There is a chance your system has already been comprised if you have clicked on the link. This means these message have found a a way to lock your browser disabling your ability to leave the fake message unless you restart your browser. If you can’t close the browser tab and can’t select another tab you will have to force quit your browser and then open it without reloading all the tabs open from the previous session.

You might be able to close the tab and restart the browser and the bogus alert will disappear. Sadly, this is rarely the case and you will have to uninstall and install your browser all over again.

In the worst-case scenario, the malware compromising your system calls for a total system reset. This is why it is essential to back up your files on a USB stick or save them to the Cloud.

How to spot a fake alert

• Fake-sounding product names that you have never heard of before
• Vague promises such as commitments to keeping your computer virus free if you cough up the sizable fee
• High frequency of alerts. If you are receiving these alerts more than once daily, then the alert is likely to be fake
• Poor English and spelling mistakes. Reputable companies very rarely publicly send out messages that are riddled with errors.

If you play a popular online game, keep your wits about you because you could be fair game for fraudsters who take advantage of the fact that this cyber sector is a money mecca ripe for the picking.

When your online gaming account is compromised it is critical that you act fast. If you suspect that all’s not right, don’t wait until it is too late and you can’t get back into your game or, worse still, you can’t even turn on your device.

Change your password

If you can still log into your account, then go to the game’s settings and change your password immediately. Don’t make it one you have used before and even one that has similarities to your old one. This password should be strong, making it difficult for the cybercriminals to infiltrate your device.

Turn on two-factor authentication

Most online gaming account provide this option for the very reason that cyber crooks are lurking on every turn. A lot of us avoid the two-factor authentication because it is a bit of a schlepp, but it is worth getting used to because it will protect you against the fraudsters.

Change all log in details

If you have any online accounts with similar log in details as your gaming account, these need to be changed too. Cybercriminals aim to be one step of the game and will probably be checking other popular sites as soon as they gain access to your gaming portal.

Tell the gaming provider

As soon as you have secured your end, it is crucial for you to let your game provider know that your account has been compromised. Reputable providers will have an evidence gathering procedure in place. This report by you is essential, especially if you need it in a legal case further down the line.

Check your security settings

Once you have altered your password and the two-factor authentication is in place you need to check the gaming account’s security settings. You will have to go into the security settings part of your account. See what devices and applications are connected and if there is any you don’t recognise, then disconnect them. Also, check recent log-in activity and if you are suspicious, then screenshot the info of these unwelcome guests. You should then have the time, date, IP address, browser and device type on an image, which you can send over to the gaming provider.

While on your settings, check your account activity to get a clearer picture of how the cyber thief managed to gain access to your account. Purchase and download history could provide some clues.

Check for malware

There are a number of ways the cyber crook might have gain access to your log in details. They may have taken advantage of a past data breach on the site, have guessed it or seen you type it in. If they have been able to have installed malware on your device, then this will give them access to all your data and you could become a victim of personal identity theft.

HMRC (Her Majesty’s Revenue and Customs) warns tax payers to stay vigilant when it comes to fake emails and phone texts claiming that you are in receipt of a refund.

This type of crime surges at the end of the tax year when the HMRC is actually processing tax refunds. Fraudsters will take advantage of this and will compose fake correspondence designed to trick you into believing you have received a tax rebate and convincing you to part with your bank account and personal details.

Don’t be Fooled

These HMRC hoaxes often take the form of an email and have pulled the wool over thousands of people’s eyes. The email will carry a realistic HMRC logo at the top and most of the time the wording will be professional. The email might contain information like your NI number that will make you think that it is for real.

The Real Rebate Process

HMRC will only inform you of a tax refund via a letter sent directly to the address they hold for you or they will pay you directly through your employer. They will never send you an email, text or voice mail messages. If you receive this type of notification it is imperative you don’t click on the links that usually accompany this correspondence.

Remember that the tax year is from April to April and calculations will be formulated at the end of each tax year and any rebates will be ready for recipients between June and October. Real rebates generally won’t be ready in the months before June and won’t be processed after October.

Sound the Alarm

If you receive either an email, text or automated message be vigilant. HMRC only informs you about tax refunds through the post or through your pay via your employer. All emails, text messages, or voicemail messages saying you have a tax refund are a scam. Do not click on any links or, better still, don’t open the email or message. HMRC advises you forward it to: [email protected] and then delete it.

How HMRC Handles Hoaxes

HMRC is constantly taking action to protect the public from scams, including:

• Taking down malicious websites claiming to be HMRC-related. In 2018 the HMRC took down nearly 15,000 of these sites by reporting them to the relevant authorities.
• Recording and removing almost 800,000 phishing email or text message referrals.
• Implements the latest firewalling for text messages. The HMRC continually works with firewall experts to reduce this type of text message abuse and, as a result, there was a 90 per cent decrease in reports of abuse of protected HMRC SMS tags.

Here is what the HMRC advises

• recognise the signs – HMRC will never contact you to ask for your PIN, password or bank details
• stay safe – if you receive an email or text that you were not expecting don’t reply, download attachments or click on links.
• take action – forward suspicious emails claiming to be from HMRC to [email protected] and texts to 60599, or contact Action Fraud on 0300 123 2040 to report any suspicious calls. You can also report it on the online fraud report tool: www.actionfraud.police.uk.