News, tips and updates from the GetSafeOnline.org team

Guest Blog from Rik Ferguson Director Security Research & Communication EMEA. Trend Micro

In the run up to Christmas criminals are abusing the opportunity to prey on online shoppers with tired eyes and weary fingers. Many thousands of misspelled versions of popular retail destinations have been registered by criminals in the hope that the unwary consumer will land there by accident. Customers of popular online retailers such as John Lewis, Debenhams and Argos have all been targeted.

The criminal websites are often copies of the legitimate website, copies that aim to pass off counterfeit goods, redirect the visitor through money-spinning advertising links or to harvest personal and financial information if a “purchase” is made. In other instances the misspelled domain names can lead to objectionable content or even to websites loaded with exploits that aim to infect the victim machine with information stealing malware or to recruit it into a botnet, a network of compromised machines under the remote control of a criminal.

Typosquatting has been around almost as long as the world-wide web, in fact US legislation dating back to 1999, the Anticybersquatting
Consumer Protection Act, contains a specific clause (Section 3a) aimed at combating this phenomenon. In the past individual companies have been known to spend large amounts of money in bringing cybersquatters to justice. Lego, for example, have previously spent more than half a million US dollars pursuing cybersquatters through the Uniform Domain-Name Dispute-Resolution Policy (UDRP) going after such domain names as legoworskhop.com in and effort to protect their brand.

However in this most recent outbreak of typosquatting, we are not talking about domain names which simply include the names of well-known
brands, rather those that prey on our lack of attention to detail. In the rush to get the online Christmas shopping done, how sure can you really be that you were shopping at the legitimate debenhams.com rather than the typosquatted debanhams.com, or marksandspencer.com rather than marsandspencer.com or markandspencer.com.

This year and last, British law enforcement have been doing their best to crack down on dodgy online shopfronts, however efforts to suspend illegitimate domain names can only ever represent a game of whac-a-mole in the fight against evil online traders. Criminals can register vast reserves of domain names in advance and, when one gets shut down,  simply activate another as required. And that is the real issue, far too many DNS domains, including .co.uk and those of many other countries, are operated as “open” domains and in the words of Nominet:

“We do not impose restrictions on your status as applicant for the registration of a Domain Name in the following SLDs (“Open SLDs”):

 1. 4.4.1 .co.uk; or

2. 4.4.2 .org.uk.

 In the SLD Charter of the SLD Rules for the Open SLDs we do set out certain intentions regarding the class of applicant or use of registrations of the Domain Name which we assume you will comply with when applying for a registration of a Domain Name within an Open SLD. However, we do not forbid applications, and will take no action in respect of registrations that do not
comply with the SLD Charters“

Until regulation is tightened and international cooperation is improved then well-intentioned law-enforcement initiatives will only be treating the symptom not addressing the cause. In the meantime, be careful where you click and if you are planning on some serious online shopping sessions you may be wise to create yourself some bookmarks to popular online shopping sites rather than relying on your typing skills standing up to the Christmas rush.

{ 3 comments }

Recent research from Ofcom has shown that more than 50% of 65-74 year olds have a computer at home as do 29% of people over the age of 75.

When coupled with the information from the Age UK  that people over 65 were more likely than any other age group to have downloaded software such as virus detection programmes or games.

Our Rough Guide to the Internet is a great place for people new to cyberspace to access crucial information about their online safety.

Or take a look at our online knowledge base of articles. Here at Get Safe Online we want everyone to be able to explore this amazing online world – and be safe and secure whilst doing so.

For the 9 million people that have not yet had the opportunity to access the internet, then organisations like Race Online  aim to increase digital inclusion.

{ 1 comment }

This week is the seventh annual Get Safe Online Week.  A year further down the line, online security remains a huge issue as criminals are forever finding new ways to target internet users.

One area of online security we are investigating is online fraudsters who are using smart phones to access personal information – and money – by scamming users into downloading malware.  On Monday, we conducted a deeper dive into mobile malware at our annual Summit that took place in Portcullis House.  It’s clear that in addition to a refresh on online safety basics, we need to be ever more conscious of growing threats.

Finding your way around the Internet could be compared to exploring a new holiday destination. You want to see the fun and interesting places, but you also want to make sure you’re safe while you’re doing it.

A good place to start, when you’re looking at somewhere new, is to read a reliable travel guide.  With this in mind we’ve teamed up with Rough Guides to produce a guide to help you get the most out of the World Wide Web, whilst staying safe and secure.

Partnering with well informed and influential agencies is what Get Safe Online is all about.  We’ve collaborated with Trading Standards, SOCA and the Association of Chief Police Officers on the content of the booklet too.

The new guide covers topics such as:

Securing your home computer
Protecting your business
Avoiding scams
Physical security for computers
Mobile and other online devices
What to do if the worst happens

It’s designed to be a handy reference and guide that gives you the highlights of staying safe and secure online, with plenty of ideas as to where to get more in depth information if you need it.

To download your copy of the Get Safe Online Rough Guide to Online Safety click here to visit our site .  And, to see the Get Safe Online 2011 Report, please visit The Get Safe Online Website.

{ 1 comment }

At Get Safe Online we work hard to raise awareness about internet safety issues and risks. Our information is based on real security threats, and to make sure we’re providing the best information possible, we need your help.  We are keen to hear from anyone who has, or knows someone who has, been a victim of online crime.  Your examples will contribute to our awareness campaign and could include:

• Online banking fraud
• Online shopping fraud
• ID theft
• Mobile phone scams
• Holiday scams
• Online dating scams
• Anti Virus (malware) scams

Your stories will help us to build a better picture of the type of scams that are being employed by fraudsters, and will assist in our fight against them. No matter how big or small your story, please do get in touch with us at the following email address or phone number.

E: press@getsafeonline.org
T: +44 (0)20 3047 2561

Thank you for your support, and thanks for helping us fight online crime!

{ 6 comments }

A guest blog from – Philip J Reed, Westwood College.

There is absolutely no denying that the internet has opened countless doors for our technology hungry society. We can learn, teach, explore, rally, rant, or simply connect with people around the world with the touch of a button. It’s changed how we do business, how we interact with one another and who we are able to interact with. It’s also given people to ability to gather en mass, whether online or in person, which has resulted in everything from flash mob dancing to the recent uprising in Egypt. The internet has given power to the people in an unprecedented way, but with that power comes risk. New technology and our affinity for the web have spawned a whole new breed of criminals and crime. The rising popularity of young people going to school to obtain a cyber security degree is evidence of this rise in criminal activity and the need for safeguards.

A few of these new security issues that we didn’t have to worry about even just a handful of years ago are:

1) Identity Theft
No longer confined to stealing mail and forging signatures, identity theft has morphed into a multibillion dollar business online. With so much personal information about each of us floating around in cyber space, criminals have a nearly limitless pool of people to pick from. This means that safe guarding your online information and limiting that which people have access to is now vitally important.

2) Virus Dissemination
While it’d be a stretch to call any virus “benign,” there are at least many examples of viruses that seek to do nothing other than advertise themselves. They can serve as a mission statement for the coder’s political or moral philosophies, for example, and the virus might simply make those opinions known to a wide audience. The rest of the time, however, a virus can steal your personal information, reduce your computer to an inoperable mess, or attack everybody in your address book or social network with malignant code. The virus is a many-headed beast, but all the heads have one thing in common: you don’t want to be bitten by them.

3) Misrepresentation
As we move further from face to face contact, misrepresentation online has blossomed into a malignant force that has many different manifestations. The luring of a child to an in person meeting with a “friend”, the emergency email requesting money from a “relative”, and all the way up to the embezzlement of millions of dollars from company accounts or public pockets, misrepresentation has found its perfect host in the internet.

4) Cyber Bullying
Bullying is nothing new, but the inseparability of people today from their computers and personal electronic devices means that the bullying, potentially, could happen at any time of the day or night, regardless of physical distance from one’s tormentors. Harassing text messages or social network posts can flood the victim indefinitely, and if personal information about the person is posted to the internet, it’s quite likely that it will never be effectively removed, leading to continuous bullying from others into the indefinite future. And while several high-profile cases of cyber bullying (with tragic conclusions) were directed at youths, adults are just as vulnerable.

5) Global or Domestic Terrorism
Inasmuch as the internet has given the average Joe the ability to communicate with people around the world, so too is it available to those wishing to cause harm on a mass scale. The gate of global communication swings both ways and has therefore offered terrorists a less detectable method with which to gather information, plan, and implement their directives.

Times, just as technology, have changed. The demand for professionals in online safety or a cyber security degree are helping to dam the flow of information getting to the wrong people however, we as the users have a responsibility as well. Protect yourself and your information and don’t let the anonymity of the internet lull you into a false sense of security.
For more information on internet security visit www.getsafeonline.org.

{ 0 comments }

Young professionals give their time to help children get safe online.
Members of YPN Global have been working with schoolchildren as mentors and guides. Cyber Champions understand that the Internet is an integral part of modern life and that teaching responsible habits at an early age is vital. Because young professionals have grown up with the Cyber world at their fingertips the support and advice they give is more easily understood – and accepted – by the next generation. Young people appear to take advice more freely when it’s given other young people.

At the launch even held in the Houses of Parliament over 100 Cyber Champions, partners and supporters including Get Safe Online came together. The message from all involved was very clear, children need advice early on in their cyber career. Parliamentary host Alun Michael MP described the Cyber Champions scheme as: “a superb example of the importance of older children acting as role models for the next younger generation”.

Another role of Cyber Champions is to become a key influencer so that children are mindful of the digital ‘trail’ that they leave while interacting online Andrew Fitzmaurice of security firm Templar Executives explains “It is our role to ensure the digital footprint of young people is a positive one and that they are aware of not only the great power of technology, but also how to use it safely.”

Encouraging responsible and safe online behaviour in the youngest generation is a vital role. When that encouragement is given by people that are credible to the recipients, the greater the probability that the message will be listened to and taken on board.

If you’d like more information about the Cyber Champions scheme then get in touch with YPN Global: contact@ypnglobal.com

{ 0 comments }

A Guest Blog from James Clancey, Detective Inspector, Economic Crime, City of London Police.

I am writing this in-between radio interviews for the latest Get Safe Online awareness campaign on online ticketing scams. It’s been a busy day so far but we are really pleased to be getting advice out far and wide to consumers. The City of London Police and Get Safe Online have been working in partnership to help raise awareness of these scams, which involve criminal cyber gangs ripping off unsuspecting internet users with non-existent gig tickets. With 1 in 10 people, or someone they know, falling victim to this type of scam it’s vital that we alert the general public to the risks. The issue is wide spread; every time a new music event is announce the web will be inundated with fake websites set up with the soul purpose of attracting victims. These websites are very professional, and spotting the difference between a genuine site and a fraudulent one is very tricky. Tickets to the best acts sell out extremely quickly, often within minutes, and fans can become desperate to see their favourite band or artist live. The fraudsters play on this anxiety and tempt consumers to their expert looking sites to encourage them to buy tickets which simply don’t exist.

Send your friends and family this new advice video from Get Safe Online to ensure they are aware of the risks of buying fake tickets on the internet:
http://www.getsafeonline.org/nqcontent.cfm?a_name=videos_1

{ 1 comment }

Reports of the personal data theft of millions of PlayStation Network users has been all over the news today. While the media focuses on the scale of the incident, gamers will be left with concerns about how their details may be exploited. If this is you, read our advice here at the Getsafeonline.org PlayStation page.

Most of the guidance Get Safe Online gives focuses on what to do protect your information and prevent it falling into the wrong hands in the first place. However, what do you if it’s already happened?

The fact is, today, identity theft is a common occurrence. Our data is valuable, and as the IT sector develops new ways to keep intruders out, they will come up with clever new ways to get in. We have not seen the last of this type of incident, I’m afraid. There are things you can do if your information gets into the wrong hands.

What this means for PSN users is that they need to do what all internet users need to do all of the time – know and keep watch out for the warning signs: unusual transactions on your bank statement, receiving credit cards you didn’t apply for and so on.

Knowing the signs means you can jump on the problem and prevent it getting out of hand. Banks have now become very adept at handling fraud, so all is not lost if your details are compromised.

So, if you’re the kind of person that doesn’t open those credit card bills because you are scared of what they might say, don’t be! Someone else could be making that big number bigger than it should be.

Getsafeonline.org PlayStation page.

{ 1 comment }