EDITOR’S CHOICEdrh.img.digitalriver.com/DRHM/Storefront/Site/... · local language. For example, people visiting Abu Dhabi can download an app which provides useful local information

EDITOR’S CHOICE

THINK ABOUT IT. WE DO.THE KASPERSKY LAB TEAM

THINK SECURITY GUIDE

THINK SECURITY GUIDE / EDITOR’S CHOICE / CONTENTS

CONTENTS

SAFE TRAVELING

SAFE TRAVELLING



RECOGNIZING AND AVOIDING FAKE WEBSITESYOUR FAMILY

INSIDE THIS GUIDE TO SAFE SHOPPING ONLINE:NO MORE SHOP ‘TIL YOU DROP

SAFE ONLINE SHOPPING ANYTIME, ANYWHERE

SHOW ME THE MONEY

THAT’S A WRAP



MAINTAINING YOUR PRIVACY ONLINEYOUR IDENTITY

INSIDE THIS GUIDE TO MAINTAINING YOUR PRIVACY ONLINE:EXPOSED ONLINE... WHAT’S THE WORST THAT COULD HAPPEN?

DON’T LEAVE YOUR COMPUTER EXPOSED

WHAT GOES ONLINE, STAYS ONLINE

HELP PROTECT THE KIDS ONLINE



SAFE AND SOUND ONLINE PAYMENTSYOUR MONEY


INSIDE THIS GUIDE TO REPORTING ONLINE FRAUD:PREVENTING CYBERCRIME SCAMS

HOW TO STOP A CYBERCRIME ATTACK

WHO DO YOU TELL?

YOU ARE NOT ALONE


PASSWORD SECURITY

YOUR DIGITALVALUABLES

INSIDE THIS GUIDE TO STRONG PASSWORD SECURITY:DIGITAL PASSWORDS

WHAT IS THE DIFFERENCE BETWEEN MY PASSWORD AND MY USERNAME?

THE GOLDEN RULES OF PASSWORD SECURITY

CHOOSING A PASSWORD

WHAT DO I DO IF I FORGET MY PASSWORD?

TAKE CARE OF YOUR PASSWORDS AND THEY WILL TAKE CARE OF YOU...



AVOIDING IDENTITY THEFTYOUR IDENTITY

INSIDE THIS GUIDE TO SAFE ONLINE DATING:

BE AWARE OF WHAT YOU SHARE

PLAYING WITH DIGITAL FIRE

STEALING YOUR HEART AND YOUR IDENTITY

ALWAYS USE PROTECTION



3

15

19

22

25

29

SAFE TRAVELING



THINK SECURITY GUIDE / EDITOR’S CHOICE / SAFE TRAVELING

The digital elementEveryone gets nervous when they wave their loved ones off on a long trip. Whether it’s for business or pleasure, they are young or old, we all hope the same thing: that they get to and from their destination safely and securely.


“ Technology has made it easier for border control to check on those entering”

We may even feel the same if it’s our own journey. Thankfully, smartphones now make it easier than ever to stay in touch; a simple text when the plane has landed or a quick phone call once through customs/border control.

Mobile communications and Internet access is one of the biggest trends in tourism right now, with new apps popping up to help the intrepid traveler. Even before you set off for your vacation there are travel apps such as TripIt or TripAdvisor for you to look or swipe through from the comfort of your sofa. TripAdvisor shares reviews or the best deals on taxi services, hotels and restaurants, while TripIt organizes your whole itinerary and syncs with your digital calendar. And it’s changing the way we navigate the world when we are on the move too. There are apps that can help us find our way around a new city in a taxicab or understand the local language. For example, people visiting Abu Dhabi can download an app which provides useful local information and a series of services in nine languages.

As people are now able to look at hotels, resorts and even aircraft seats themselves, the need to consult a travel expert is becoming less important. And the use of mobile technology to do this is growing. Mobile travel sales in the US are forecast to grow 247 percent from $16 billion in 2013 to $55.5 billion in 2017, according to eMarketer.

We are going mobile at all stages of the travel process, not just to research our travel options, make our booking or find our way around while we are traveling. We also provide feedback and reviews when we return home. Not to mention the texts, emails and phone calls to keep connected with those at home when we are apart from them.

Before setting off though it’s important to research your destination and its potential dangers. Consider how you will be able to connect safely to the Internet while you are abroad. Your government will provide comprehensive and up-to-date travel advisory and warning services you can subscribe to. You will then be sent email and social media notifications each time travel advice for your destination is updated.

Travel advisories will include details of civil unrest, dangerous conditions, terrorist activity and any short-term conditions that could pose a risk to you and affect your travel plans. They will also offer advice about entry and exit requirements, safety and security, and practical tips on health, local laws and local customs. For example, the US Department of State has a well-developed advisory site called www.osac.gov.

Your passport has also gone digital and is recorded on Interpol’s database, which contains 42 million records from 167 countries. The system is used to check whether or not a passport is stolen to prevent and spot terrorist movements. The database, established in 2005, is used more than 230 million times in the United States, more than 140 million times in the United Kingdom and more than 29 million times by Singapore.

Governments have wanted better control over their borders for a long time and technology has made it easier for border control to check on those entering. It is therefore getting tougher from some travelers to cross borders due to their digital trail. As immigration policies tighten, travelers can find they are prevented from entering a country due to a past arrest or conviction: even a public admission of illegal activity.

More than 1.2 billion passengers flew internationally in 2013 according to Interpol. Traveling is exciting, fun and adventurous, but


can also carry some digital risks. Whether you are traveling for business or pleasure, there are many things you can do to ensure your safety and to improve the experience. Proper preparation and backup will help you to keep safe and know where to get help if something does go wrong.

BOOKING YOUR TRAVELEven before you leave your sofa you could be in digital danger. As you dream of blue skies and golden sandy beaches you could be walking into a scam. You must ensure your vacation or travel booking is genuine.

Bogus vacation fraud is a scam which sells you vacations at very low prices. They involve fraudulent travel companies which advertise flights and hotel bookings on the Internet. The ad may refer you to a telephone number and you may receive fake documents with travel and accommodation details. Sadly, if it’s a scam your vacation won’t exist or you will only get part of what you paid for. The fraudster has taken the rest of your money for themselves. Sometimes they will only ask for a deposit, which you pay and never see again. There are also fake competition scams that defraud you out of a fee to secure your entrance into a vacation prize draw.

Remember, paying with a credit card can provide additional financial protection, but check with your card provider for their terms and conditions surrounding this. Please note some vacation or travel companies do add an additional charge for this service.

There are other ways you can protect yourself from travel fraudsters.

Check the travel company’s full details on the Internet and research them; look for other reviews. Ensure they are a member of the recognized travel authority, which will offer financial protection or complaints services. If you are not sure their registration ‘stamp’ or website is genuine call the travel authority to find out. If they are fraudsters you will be helping by reporting them.

Do not reply to unsolicited emails from companies you do not recognize. If you are renting an apartment or villa, call the owner or agent directly to ensure it is legitimate. Check reviews on TripAdvisor or similar sites. Get the full address of the property and check its location on Google Maps.

Before making any payment, make sure you have a contract setting out the terms and conditions of the rental, deposit, and payment terms. You must also make sure the digital connection is safe before making any type of payment.

Keep hold of all your receipts for online vacation or travel bookings and payments. Check your credit card and bank statements carefully after booking to make sure the correct amount has been debited and no fraud has taken place.

Be aware that fake travel ads do exist. Travelers are being urged to beware of travel scams. In the UK, they cost holidaymakers £7million in 2013, with more than 4,500 holiday booking frauds reported to the police. One couple from the UK spent £1000 on a Valentine’s weekend away through a professional-looking website. The fraudsters had stolen photos of the accommodation from a legitimate site. The couple turned up at the destination to find they had no booking.

If you end up booking tickets or reservations from one of these fake deals, you could send your credit card and personal information to a fraudster. Or, you could simply click on a dangerous link in an ad, email or search result and accidentally download malware onto your machine.

There should be a padlock symbol in the browser window frame, which appears when you attempt to log in or register. Be sure that the padlock is not on the page itself ... this will probably indicate a fraudulent site.

The web address should begin with ‘https://’. The ‘s’ stands for ‘secure’.


YOUR VALUABLESOnce you have booked your tickets, make sure you protect any of the gadgets that you may be taking with you. Secure your mobile gadget with strong passwords or pin codes. Install the latest anti-virus software and firewall. Back up all your data and disable any file or printer sharing. Check whether you can lock, locate, or wipe your gadget of information remotely.

Under ‘settings’, disable Bluetooth for pairing devices. Smart cybercriminals can use this linking or pairing with your mobile gadget to gain secret entry. Make sure this path is blocked to them. If you have lost your gadget you may not be able to find it through search functions like Find My iPhone or similar apps for Android. A cybercriminal can put the gadget into ‘airplane mode’ to prevent ‘find me’ tools from working. If your cell phone is lost or stolen call your mobile service provider who can disable your service. Make sure you have an inventory of the data you are traveling with if your gadget is lost or stolen.

If you don’t need it, don’t take it. Any gadgets that are not absolutely necessary should be left behind. Do not save sensitive or personal information, such as credit card numbers, passport information or social security numbers, on your gadget.

Before you leave, notify your bank and credit card companies that you are going overseas. Organize a variety of ways of accessing money overseas, such as debit and credit cards, travelers’ checks and some cash in easily convertible currencies.

While on your travels, avoid carrying cash; use major credit cards instead, but make sure they are accepted at your destination before departing on your trip. Never show large amounts of money when paying a bill. Use a bank or your hotel to change money, never use a street trader, money exchange, or shop.


KEEPING YOUR HOME SECURE WHILE AWAYBefore you post details of your travel dates on social networking or travel-tracking sites, ensure that the correct privacy settings are in place. Even better, try to be ambiguous and do not give away exact dates and times. All the information you post on Facebook or Twitter can make you an easy target for burglars. Checking in at an airport on social media is a great way to let friends and family know you are going on vacation but it lets people know that your home is empty and an easy target. The best and safest way to share this is once you are back home.

Vacation postings on Facebook often generate larger responses, meaning the number of people able to see the update via their home pages increases. Also be careful using Twitter if it includes your real name. One idea is to ‘reverse stalk’ yourself. Evaluate what information you share on social media accounts and whether or not you can find where you live or where and when you have traveled.

In the US, more than 75 percent of convicted burglars believe other burglars use social media to find targets. Google Streetview is one of the most used tools by thieves to check out likely-looking homes to burgle while in complete safety. They can even see who is checking into airport lounges on Foursquare. Social media platforms are increasingly showing where the user has posted from by tagging where the post was made with their GPS coordinates.

Typically, burglars will attempt to get in and out of a house in 10 minutes. If they know nobody is coming home, they will spend longer in the property and steal goods of a higher value. So, avoid social media when on vacation, however tempting. Share your vacation photos after your trip. Do not automatically share location information on your social media services and avoid sharing information with ‘friends of friends’.

Now that you have taken care of the digital side, it is time to take a look at some physical deterrents. Take steps to keep your home secure while you are away by making sure it looks occupied. Cancel any regular deliveries. Ask a neighbor to collect your mail, open and close the curtains, and even switch lights on and off. If you cannot arrange this, consider using automatic time switches on your lights. Keep valuable items out of sight and mark them with post/zip codes. If your property is stolen this will help the police identify any recovered items.

Ensure that you have up-to-date house and contents insurance coverage; some policies have restrictions about how long you can be away without loss of cover so check this, too. Most burglars reported that the biggest deterrent was the presence of a visible security system. Test your burglar alarm to ensure that it is working.

Don’t leave specific information about being away on your voicemail or out-of-office email replies, and don’t have your home address visible on your luggage when traveling.


AIR TRAVEL PRECAUTIONSWhen you are traveling by air, especially on long journeys, it is important that you are comfortable, safe and at ease. The following suggestions will help to ensure your journey goes without incident:

Book non-stop flights, if you have a choice. Avoiding intermediate stops improves flight security and reduces the risk of delay, loss of luggage or criminal attack.

Travel anonymously by not openly displaying identifying labels or logos on your luggage.

Pack your own luggage and keep it with you at all times until you check it in. Keep your computer, mobile telephone and other valuable equipment under your personal control and supervision at all times.

Make sure you know exactly what is in any package that you carry. Under no circumstances should you carry anything through check-in or customs that has been given to you by someone else, even if you know them.

Attach two identification labels to each piece of your luggage – one to the handle with a fastened flap over the front to preserve your anonymity, the other attached to the inside of the suitcase lid in case the handle tag becomes detached and the suitcase lost. Write down your name and destination address on the labels, but only your home postcode/zipcode (this will be enough information for the airline to return the item to you if it gets lost).

Once you have completed the check-in formalities, spend as little time as possible in public areas. Move through the security and immigration checks into the departure zone. This is a restricted area and is therefore less prone to pickpockets and other forms of criminal attack.

If you have connecting flights, know which terminals the connecting flights depart from and the time it may take to transfer to terminals or gates. Luggage is usually transferred automatically between flights but confirm this with the airline at check-in.

Although air travel is still recognized as the safest possible mode of travel, always listen to the safety briefing at the start of the flight. Keep a low profile. Dress casually, and blend in with your fellow travelers. Avoid wearing expensive jewelry and wrist watches. Avoid having to work during a flight, especially if it involves sensitive papers or the use of a laptop computer. Do not discuss political or religious matters with fellow passengers, particularly in more volatile areas of the world.

3

3

3

3

3

3

3

3


SMARTPHONES AND OTHER MOBILE DEVICESEnsure that your mobile electronic devices will operate in your destination country. Do this well in advance of your departure date as it can take some time to lift international calling restrictions and you cannot do this from another country. Pre-program into your cell phone the telephone numbers of the nearest embassies or consulates and hotels where you are intending to stay. Remember to take a charger and the appropriate adapter. Be wary of phone chargers provided in hotel rooms and public places as they may upload malicious software onto your device.

Mobile gadgets are extremely popular targets for criminals as they are easy to sell, so make sure you keep yours with you at all times. Activate the PIN protection codes. Note the serial numbers of your devices and the telephone number(s) of your operators. Then, if your mobile gadget is stolen you will be able to contact the network operator and ask them to block the service.

If your mobile gadget automatically enters passwords and login information into websites you visit frequently, turn this feature off. It may be convenient but can also be a privacy issue.

Watch out for roaming charges while abroad, they can be very expensive and quickly mount up without you realizing. If you don’t want to do this, it can be tempting to use free Wi-Fi connections. But did you know that password-protected networks can put you at risk? Including those found in cafés, airports and hotels?

The main risks of using a Wi-Fi hotspot is someone tracking your movements online. You can be tricked into logging on to a ‘fake’ hotspot, which mimics a real one or offers a free service. Either way, a cybercriminal will be able to see your passwords, email or social networks once they get in.

To avoid this, make sure you have set up your mobile gadget’s security and switch off the wireless connection when you are not using it. Don’t forget that Android is vulnerable to malicious software. Kaspersky offers effective mobile security apps for smartphones.

Make sure the network you are considering is legitimate and encrypted. Don’t make the assumption it is real. If you are at a hotel or café, ask the manager to confirm the name of the network and whether or not it is encrypted, locked, and password protected. Use encrypted channels, while using the Internet, with the website prefix https and use a virtual private network (VPN) to ensure absolute privacy. If in any doubt you could always buy a data plan – network service providers are now offering global data roaming packages, giving you a certain amount of megabytes per month.

If you don’t have your own mobile gadget, avoid using a public computer, such as those found in libraries or hotels. You have no way of knowing if someone before you has infected the machine with spyware, malware or ‘key logger’ software to capture your key strokes.


TRAVELING ON BUSINESSThe world can be a hostile place. Journeying puts us all at increased risk, but business travelers are especially vulnerable to fraud, cybercrime, and the theft of sensitive corporate information. Criminals and others may use a range of sophisticated techniques, such as phishing and social engineering, against them. Some countries reserve the right to inspect and impound mobile devices and their contents at their borders. In the US, border agents are allowed to search through files on laptops, smartphones or any other digital devices when you enter the country. They can also copy and share data with other agencies.

Companies should consider whether their critical information and technology should be made available to all staff working overseas, particularly

if this information is of great commercial or strategic value to a competitor. They should also assess the damage that could occur to relationships with their clients if sensitive customer information was stolen. During their travels, business travelers will encounter cultures, attitudes, and laws far different from those they are used to. They need to be briefed carefully in advance on all relevant considerations and company policies, and then develop a sense of local awareness on arrival. Before traveling, all laptops, smartphones, and tablets should be stripped of unnecessary sensitive data and any remaining data should be backed-up. Anti-virus and other security software must be up-to-date and strong passwords should be used for all devices and applications.

Individuals working on computers, and other portable devices, while away from their company premises should:

Use their company’s Virtual Private Network (VPN) when accessing a hotel’s Internet or Wi-Fi connection, and disable wireless services and network connections when not connected to the VPN to prevent unauthorized access. They should avoid using webmail services such as Hotmail or Gmail for official business and steer clear of connecting to corporate networks via free Wi-Fi services in public places. They should never use a non-company computer or other mobile device to log in to their corporate networks.

Remember to back up their work carefully – unless they are remotely connected to their company’s network this will not be done automatically.

Store any printouts and media containing sensitive information securely when they are not in use. Laptops, smartphones and tablets taken abroad must be equipped with full disc encryption, and only contain the minimum essential data required for the trip.

Avoid working in public areas (trains, hotel lobbies, business centers, and airports) where they can be overlooked or overheard. This will prevent ‘shoulder surfing’.

Be wary of chargers provided in hotel rooms and public places as they may upload malicious software onto your device.

Never insert unknown USB devices, discs, and other media into their computer as they may contain hidden malicious software.

Report back at once to their companies about any unusual events or activity during foreign travel, including foreign customs activity relating to their laptops, smartphones and tablets or their contents.


Some countries present an extra risk for carrying laptops and IT equipment, especially devices holding sensitive data. Such countries may have lax security or law enforcement; heightened terrorist, criminal, or military activity; limited intellectual property laws; unfriendly or antagonistic feelings towards the traveler’s country of origin; or corrupt border officials who demand payment of a ‘tax’ for equipment entering or leaving the

country. Corporate laptops, smartphones, and tablets should only be taken to high-risk destinations if they have been authorized by line management, have whole disc encryption, and contain no sensitive data on their storage. Portable media devices must not contain any sensitive data, and all deleted data must be securely erased.


HOME SWEET HOMEYou have arrived home after the most amazing trip and now is the right time for you to share it with others. You can share your photos on your social media sites safe in the knowledge that you are in your property, which puts off any burglars.

But you should also make the time to check your bills, bank statements, and any other accounts for unusual activity. If you had your mobile gadget stolen, now is the time to make sure you catch any unauthorized transactions.

Review all your gadgets, media, and USB sticks for malware, unauthorized access or corruption. Do not connect them to a trusted network until you have run this test. If you do find it has a virus, reformat it and rebuild from trusted sources. You can use your backups before the trip to restore the data.

After checking all your gadgets are secure, run through all your accounts and change the passwords.

PUSHING THE DIGITAL BOUNDARIESDigital travel has allowed us to become more independent from the travel agent and this is only set to increase. By using ‘digital travel buddies’ like local travel apps, we can order an espresso in several different languages and point directions to the nearest museum. Soon these travel apps will be supported by wearable Artificial Intelligence (AI) like Google Glass. Advancements in virtual reality could mean ‘visiting’ without leaving your sofa for a ‘try before you buy’. For example, a potential booker could take a dive into the Great Barrier Reef before deciding whether to book a vacation. All these technologies are advancing to the stage where they could fit onto a contact lens.

It is thought that by 2024 facial coding algorithms could power our search engines. Meaning our search results could be affected by our reaction through our facial expressions. Digital travel is here to stay and is constantly evolving. Rather than ignoring that this is now part of our journey, make sure you embrace the best of what it has to offer, with the right security tools in place.

With good preparation, some digital precautions while you are away and recognition of the cyber dangers you can face, it is still possible to visit most places in the world for that trip of a lifetime.

YOUR FAMILY

INSIDE THIS GUIDE TO RECOGNIZING AND AVOIDING FAKE WEBSITES:

WHAT IS A FAKE WEBSITE?

HOW TO SPOT A FAKE WEBSITE

STARTING POINT

ASK YOURSELF

THINK BEFORE YOU CLICK



THINK SECURITY GUIDE / YOUR FAMILY ONLINE / RECOGNIZING AND AVOIDING FAKE WEBSITES

There are thousands of fake websites up and running right now, trying to trick you into revealing your personal information for criminal purposes. They are designed to look like legitimate websites of real organizations, like banks, shops, or government departments. They use the same graphics, layout, and similar site addresses, making them extremely realistic and convincing. It is vital to always check that any website you are looking at is real, especially before you disclose any personal information, such as passwords and account numbers.

The Internet is not regulated, and it is often referred to as the modern-day ‘Wild West’. It is still a dangerous place for the unsuspecting user to go wandering unawares, with one of the most prevalent dangers being the fake, or ‘spoof’ website.

WHAT IS A FAKE WEBSITE?

Recognizing and avoiding fake websites

Is the URL correct? Look carefully at the exact web address of any site you visit. Many fake websites use common misspellings of company names, fooling visitors into putting in personal information without realizing they are being deceived. Just one wrong letter or number is enough to land you on a suspicious website, which of course will look exactly like the real one.

Do links work? Many fake websites are not complete replicas: they are often only skin deep. But they will carry enough information on their front page to at least trick you into entering your password. As a quick check, try any of the links shown – usually they will not work, or lead you to a blank page. At that point, run for it.

Can you contact them? Does the site have a real-world presence (e.g. a valid address, telephone number and contact link) so that you can get in touch with them? If not, switch off.

Are they asking for personal information? No legitimate organization will ask you to provide confidential information such as passwords, credit card or bank account details via email.

ASK YOURSELF:


HOW TO SPOT A FAKE WEBSITEUse your judgement and common sense – if something looks too good to be true then it probably is. Here are a few things to look out for when trying to spot a malicious, criminal, or inappropriate website.

STARTING POINTMost online scams begin with an email containing a link to a fake website. It could claim to come from your bank or another organization you recognize. It will insist for a variety of convincing and/or frightening reasons – there is some sort of problem with your account, that you face suspension, or that you simply need to verify your information – that you must click on the link and go to the website.

Already you are in trouble; simply by opening the email, you may have infected your computer. But don’t make things worse – never click on a link inside. If you are worried, go directly to the legitimate website (by typing the URL in the browser window) and log in. You could also contact them by phone to check that everything is OK.


Once you have decided that the website is legitimate, ensure that the site is secure before entering any of your private information, including passwords or credit card numbers:

• There should be a padlock symbol in the browser window frame that appears when you attempt to log in or register. Be sure that the padlock is not on the page itself; if it is, this probably indicates a fraudulent site.

• The web address should begin with ‘https://’. The ‘s’ stands for ‘secure’.

Good security software on any of your gadgets will help protect you against malicious programs or attacks. Ensure that your PC is protected with Kaspersky Internet security software.

THINK BEFORE YOU CLICKAlways check where the email has come from before you open it. Do you know who sent it? If it is a private email address or free account it is certainly not from your bank. Even if it is someone you recognize, ask yourself why they would be writing – it could be that their email account has been hijacked. If in doubt give them a phone call or send them an email to be sure.

Use the Internet to help. Google the website, along with the words: ‘scam’, ‘fraud’, rip-off’, and see what pops up. You can also identify fraudulent websites with an online URL checker. (Kaspersky Internet Security comes with a URL scanner.)

???

??? ?

??

YOUR IDENTITY

INSIDE THIS GUIDE TO AVOIDING IDENTITY THEFT:WHAT IS IDENTITY THEFT?

WHAT SHOULD I DO TO PROTECT MYSELF?

WHAT DOES IT LOOK LIKE?

HOW IS IT DONE?

WHAT SHOULD I DO IF I THINK I’M A VICTIM?



THINK SECURITY GUIDE / YOUR IDENTITY / AVOIDING IDENTITY THEFT

Avoiding identity theft

WHAT IS IDENTITY THEFT?The unauthorized use of a victim’s personal information to steal from the victim, commit fraud, or carry out other crimes in the name of the victim all fall under the umbrella term identity fraud. This term encompasses all types of crime in which someone wrongfully obtains and uses another person’s personal data in some way that involves fraud or deception. In essence, someone pretends to be you.

Anyone is a potential target. Identity theft and fraud have already affected millions of individuals and cost countless billions of dollars. ‘Identity theft is a widespread problem in the modern digital world, and in many countries is the fastest-growing crime’, says Simon Dukes, Chief Executive of CIFAS (the UK’s Fraud Prevention Service). ‘Even if you think it can’t or won’t happen to you, it is almost certain that someone you know has become a victim. Identity theft turns lives upside down, and victims often spend years clearing their names.’

WHAT DOES IT LOOK LIKE?Imagine if, for no obvious reason, your bank withdraws your overdraft or you are suddenly denied credit. Your regular bank or credit-card statements stop arriving in the post, but credit cards that you have not applied for are sent to you. Entries appear on your bank or credit card statement for goods and services you did not order. You get bills for things you haven’t bought, and complaints about things you haven’t sold. Your friends start calling you, saying they’re receiving strange emails from you asking them to send you money. Your concern turns to confusion and then to anxiety.

Yes, your identity has been stolen…

HOW IS IT DONE? Unsuspecting individuals are tricked into giving out their personal information over the Internet to fake websites or over insecure connections. But identity theft is not restricted to cyberspace; it can also be committed in the real world.

Identity thieves just love to get hold of your passwords, PINs, old bank statements, letters, bills, credit card statements, credit applications, and any other routine correspondence. They can do this online by email scams and phishing. But they can also access your data in less sophisticated ways, such as by digging through your rubbish, intercepting your post, or stealing your handbag or wallet.


WHAT SHOULD I DO TO PROTECT MYSELF?

The best sources of defence against identity theft lie in your own hands:

Make sure your computer has an up-to-date firewall and is protected by anti-virus and anti-spyware programs.

DO look after all your personal paperwork (bank and credit card statements, utility bills, tax returns, passports, driving licences). Shred all documents – even junk mail – before you throw them away, or burn them.

DON’T divulge any personal information (online or on the telephone) unless you are absolutely sure of the identity of the person or organization asking for it and you know why they want it. Even then, disclose as little as possible and over a secure Internet connection. If in any doubt, don’t!

DO regularly check your bank and credit-card statements.

DON’T ever share your passwords or PIN numbers. Neither your bank nor any other legitimate organization will ever ask you for these – they are only for you to know. Make sure no one is looking over your shoulder when you are entering your passwords or PINs into card machines or ATMs.

DO be careful who you take into your confidence, in the real world and online. Be especially careful on social networking sites. Be doubly careful on dating websites.

DON’T let your credit and debit cards out of your sight.

DO use all the handset security features on your smartphones and tablets, and remember to lock all devices when you’re not using them.

✗

✗

✗

✓

✓

✓

✓

WHAT SHOULD I DO IF I THINK I’M A VICTIM?Identity fraud involving your credit and debit cards, online banking or checks must be reported as soon as possible to your bank, building society or credit-card company who will investigate and report any criminal activity to the police. Most will refund the full amount providing you were not negligent in some way.

Other types of identity fraud should be reported to the relevant organization. Depending on their advice you should then alert your local police force.

Let the relevant issuing authorities and organizations know about lost or stolen

documents such as passports, driving licences, credit and debit cards. Cancel lost or stolen credit and debit cards at once. If you can, log in and change your password immediately on any affected websites. Check your personal information, especially your address, to make sure it hasn’t been changed. Check for other suspicious transactions and cancel them.

‘If you do fall victim, don’t panic,’ says Simon. ‘Help is available. But you must act quickly in order to limit any damage done, and report the matter at once to the relevant organizations.’


Harmful breaches of people’s online privacy are reported daily in our newspapers and on the TV. The erosion of our privacy online is clear. Let’s face it. On a daily basis, our private information is being accessed, analyzed and used by many organizations to create a profile on each of us and our online activity.

EXPOSED ONLINE... WHAT’S THE WORST THAT COULD HAPPEN?

THINK SECURITY GUIDE / YOUR IDENTITY / MAINTAINING YOUR PRIVACY ONLINE

Maintaining your privacy online

As in the real world, there is no way to be completely safe on the Internet. But it is possible to cover up our online tracks, and by taking a few basic steps we can protect our online privacy.

WHAT GOES ONLINE STAYS ONLINE

Some people seem to leave their common sense behind when they go online. They do and say things they would never dream of doing or saying in the real world.

The consequences can be harmful to reputations and careers. Make sure you don’t undermine yours. Limit the information you share. The less personal information you post on the Internet, the better. Browse the Internet with care. In the same way that you move around your city – you know where is safe and where is not – browse with the same caution.

Don’t mix business with pleasure – try to keep your work life and your playtime apart online. Have one set of social media accounts reserved for your vacation pictures and those unconsidered tweets from the nightclub, and where you perhaps do not use your real name. You can then have separate accounts for your professional persona. Just be careful not to mix them up. At the very least, do not use your work email address for personal use.

Keep separate, private email accounts for your private life.

Do a web search for yourself, and see yourself as others do. Use any popular search engine to search your own name and you’ll be surprised how much information about you pops up. Remove any information that you want hidden, and close unused accounts on old sites. There are services available that will block companies from tracking your browsing and which will remove your profile from leading data sites; consider subscribing to these if you are worried about your online presence.

HELP PROTECT THE KIDS ONLINE

Cyberspace is often a place far more familiar to children than their parents, and one where they roam unsupervised far and wide. Parents should set clear guidelines for their children about when and how they may safely reveal personal information, and explain to them the dangers the cyberworld can pose to them.

THINK SECURITY GUIDE / YOUR IDENTITY / MAINTAINING YOUR PRIVACY ONLINE

DON’T LEAVE YOUR COMPUTER EXPOSED:

DO. Choose strong passwords. Use different passwords for different accounts and change them regularly. To try out our password checker click here.

DON’T. Disclose your privacy settings. Most social networks will allow you to customize your privacy settings, which in turn dictate how others can search for and see you. So select the highest level of privacy settings available.

DO. Most web-browsing packages create histories, but these can be deleted (look for ‘Tools’, ‘Options’ and ‘Delete history’). Be aware however, that your Internet Service Provider will still have a record of where you’ve been online.

DON’T. Turn on auto-complete. Never leave yourself logged on to sites, and never set your computer to remember passwords.

DO. Be careful downloading apps; there is a risk of rogue apps stealing your data. Even legitimate apps usually ask for far more access to your personal data than they need.

DON’T forget, if you do use a social network, or browse online, you have already compromised some of your privacy even if you never post or buy anything. Even if all of your settings are set to ‘private’, these companies will still use your information to attempt to sell you things.

✗

✗

✓

✓

✓

✗

YOUR MONEY


INSIDE THIS GUIDE TO SAFE AND SOUND ONLINE PAYMENTS:MAKING PAYMENTS ONLINE - HOW TO PLAY THE GAME AND WIN

THE GOLDEN RULES TO SUCCESS

BAFFLED BY BITCOIN?


MAKING PAYMENTS ONLINE – HOW TO PLAY THE GAME AND WINIf you have ever used the Internet to make utility, phone, credit card, or insurance payments then you will know how much time and effort you can save by doing these everyday jobs online.

But with any online payments you need to take care. The last thing you want is for the online jobs that make life easier spiralling into a cybercrime nightmare.

THINK SECURITY GUIDE / YOUR MONEY ONLINE / SAFE AND SOUND ONLINE PAYMENTS

Safe and sound online payments

Online payments are normally arranged with a company or organization that you recognize and trust. Cybercriminals are shrewd and will use techniques to take advantage of your trust. It is possible to outwit them though. Play the game and follow our golden rules to making safe online payments.

THE GOLDEN RULES TO SUCCESSRule one – Do not talk about your details. Never respond to cold phone calls or emails asking for personal information. Do not give too much away on networking websites. Shred documents that contain personal information before throwing them away and never write down or share account details, personal identification numbers (PINs) or passwords.

Rule two – Do you sense fraud? Make sure you are on a genuine website. Fraudsters try their best to create pages that mimic the websites of genuine companies. Before you know it you have typed in your personal details, clicked ‘submit’ and the cybercriminal now has your information to use as they please.

Rule three – Put up barriers. Set up passwords, PINs, firewalls, update your software and install an Internet security solution such as Kaspersky Internet Security – Multi-Device. This will make it more difficult for cybercriminals to get their hands on your information. Do this on all the gadgets you might use to make payments – including your computers, phones and tablets. Never use the names of your children, favorite sports team or pets for passwords, and don’t use birthdays or anniversaries – they are easy to guess.

Rule four – Stay secure. Paying a bill online during a spare moment is a great use of time, but is your network secure? Public Wi-Fi networks are often a haven for cybercriminals, who can easily delve into your details. It’s a good idea to wait until you are connected securely instead. The web address you use should also begin with ‘https://’ – ‘s’ stands for secure.

Rule five – Check your tracks. Read all bank and card statements to check for strange transactions that you do not recognize. If you spot any – report them. Also report card or document theft as soon as possible. Monitor your post regularly too, and check your credit report to spot any spending that has nothing to do with you.


1

2

3

4

5


BAFFLED BY BITCOIN?Credit cards, debits cards, checks – they were all in use before we even began to make payments online. They were developed for face-to-face transactions, not virtual ones, and are covered with numbers, names and details that make them vulnerable to cyber-scammers.

But things have started to change. You may have heard about people making payments online using a new kind of virtual currency, called bitcoin. Bitcoins are virtual tokens that have value because enough people believe they do.

The digital currency operates with no central authority, unlike banks, and there are a limited number of them in circulation.

They allow you to make instant payments to anyone, anywhere in the world. Payments are fast, cost very little and can be made easily through the Internet without having to trust a third party.

But the value of the currency is quite unstable. As a result of high-profile hacks and government comment on its future legal status, the currency has surged and crashed in the past 12 months, peaking at more than $1000 and dipping as low as $421.

Bitcoin’s reputation has also been tainted through its association with money laundering scandals and anonymous online drug purchases.

Public use of bitcoin, illicit or otherwise, is currently very small. It’s still relatively misunderstood, but the fact that bitcoin allows one person to make a payment to another person securely, with no intermediary such as a bank, is very innovative.

Using bitcoin may or may not be right for you, but no matter how you pay, remember the golden rules to beating the cybercriminals at their own game.

YOUR DIGITALVALUABLES

INSIDE THIS GUIDE TO STRONG PASSWORD SECURITY:DIGITAL PASSWORDS

WHAT IS THE DIFFERENCE BETWEEN MY PASSWORD AND MY USERNAME?

THE GOLDEN RULES OF PASSWORD SECURITY

CHOOSING A PASSWORD

WHAT DO I DO IF I FORGET MY PASSWORD?

TAKE CARE OF YOUR PASSWORDS AND THEY WILL TAKE CARE OF YOU...



THINK SECURITY GUIDE / YOUR DIGITAL VALUABLES / PASSWORD SECURITY

The secrets to strong password security

Did you know stolen Twitter passwords are now worth more to cybercriminals than credit card details? This is due to social media accounts often being used as an entry point by the cybercriminal to launch attacks on that person’s accounts on a number of other sites. People often forget about their password security and use the same username and password on several different sites, giving the cybercriminal easy access to their bank or ecommerce accounts.

DIGITAL PASSWORDSThe password in one form or another has been around for centuries. Most people understand what ‘Open Sesame’ means no matter what their nationality: if you provide the correct ‘password’ you will be granted passage. A computer password is simply the modern day version with the same value as Ali Baba’s treasure.

Think of your password as the key to the front door of your house and all its contents, except it opens your gadget and all the information in it. So, it’s important we look after it like we do our door key. We all have more than one key: for our cars or offices. In the same way, we need multiple passwords to access our social media, email, or cell phones, so we don’t provide the cybercriminal with an open door into our digital lives.

WHAT IS THE DIFFERENCE BETWEEN MY PASSWORD AND MY USERNAME?Your password and your username are not the same thing. Your username identifies you to your gadget, your password (which should be known only by you) then proves to the gadget that you are who you say you are. Although not quite as valuable as passwords, usernames are often overlooked when thinking about online security. Since your password must have a valid username linked to it to work, you must not let your computer automatically remember your username for sensitive functions like online banking or email.

Passwords are sometimes also known as passphrases (formed of multiple words) or passcodes formed of numbers, such as your PIN number for the ATM machine or for your smartphone.

THE GOLDEN RULES OF PASSWORD SECURITYChoose your computer passwords carefully and keep them safe from prying eyes. Don’t share your password or use the same password for everything – pick strong passwords that are different for each of your important accounts like email and online banking. Change your passwords at least every three months, and straight away if you suspect

they may have been compromised in any way. Don’t re-use a password for at least a year and don’t recycle passwords (e.g Smith1, Smith2, Smith3).

Choose a password that’s easy to remember, but difficult for someone else to guess. There is nothing wrong with writing down your computer passwords in order to remember them, then store this record somewhere very safe known only to you and if possible in code. Always keep records of your username and password in different places.

Be careful when you are using your password – someone may be looking over your shoulder. If it should fall into the wrong hands then someone will be able to impersonate you when they are online.

Finally, remember that computer passwords are personal and sensitive. No bank or other legitimate organization will ever ask you for your password in an unsolicited phone call or email. Do not respond to any request for your password as it will almost certainly be a scam.

CHOOSING A PASSWORDAn ideal password is at least eight characters long and consists of a mixture of letters, numbers and symbols from the entire keyboard:

Don’t just use real words, even from a foreign language or written backwards; there are tools on the Internet that will crack these in seconds.

Don’t choose an obvious password such as your name or date of birth – this is as bad as leaving your house key under the doormat.

The most common passwords are patterns on the keyboard (‘qwerty’, ‘123456’), users’ first names, the F-word and ‘Password’ – these are as bad as just leaving your front door open!

If you want, use a passphrase made up of a series of words or symbols – ‘Iliveat10HighStreet’ – or something silly but fun – ‘HFUNEX?NoIFN10EX’ (‘Have you any eggs? No, I haven’t any eggs’).



WHAT DO I DO IF I FORGET MY PASSWORD?We all forget our passwords or PIN numbers from time to time, and when we do we need to be able to get back into our various accounts.

Many services will send us an email to a recovery email address that we have nominated so we must ensure firstly that this address is still active and secondly that we can still access it (i.e. it’s not protected by the same password as the one we’ve forgotten)! We can also receive re-set messages to our mobile phones. For more sensitive accounts we may be asked a security question, the answer

to which we will have provided when we originally opened the account. Make sure this answer is something only you would know and which hasn’t previously been shared publicly or posted online.

TAKE CARE OF YOUR PASSWORDS AND THEY WILL TAKE CARE OF YOU...Our passwords are our first lines of defense when it comes to protecting ourselves from cybercriminals and other nasty characters. Make your passwords complex, do not reuse them on different sites, change them regularly and they won’t let you down.

EDITOR’S CHOICEdrh.img.digitalriver.com/DRHM/Storefront/Site/... · local language. For example, people visiting Abu Dhabi can download an app which provides useful local information

Documents