Online Security

How do they do it?

What are the common forms of cyber threat?

• Phishing: an email asking for your passwords or personal information such as your address, telephone number, or other data.
• Vishing: fraudulent phone calls impersonating real companies to steal device, login or account information including remote access.
• Hijacking: hacker enters your computer and accesses your files, locking you out of them.
• Camfecting: where hackers take over your webcam and spy on you.
• Hacking: business’s files or servers hacked for information.
• Screenshot Hijacking: where hackers enter your computer and take screenshots of your display.
• Keylogging: hackers record your keystrokes gaining passwords or personal info.
• Ad Clicking: a link (email, or webpage) opens malware or collects data.
• DDOS Attacks: Digital Denial of Services attacks are usually a business threat where services or web pages can’t be accessed.

Each site you land on will have some record of who you are – or at least the device you were using (using cookies for example).

Put simply, ‘cookies’ are temporary files which are stored by your computer to make your experience better – say the shopping basket, wish-lists and information before you have an account. They tailor your experience and more! If you’re not sure about how ‘cookies’ work, you can read the section in our privacy notice.

Whatever you do, think about your security online – be careful and take some basic precautions. You need to help yourself to stay safe and secure and to ‘manage’ your online activities.

This page gives you some important security tips.

Two – Passwords

It’s a nightmare, every-one expects you to use an online username and password. But, it is vital to your security online that you don’t use only one and you don’t use the same password with important websites – ones like retail or banking sites.

If you do use one common, or even a few easy to remember passwords, you increase your risk to online attacks as your password becomes the key to all your data, photos, bank accounts, everything. So, it is important to use different and strong passwords.

A strong password is one that the criminal’s computer or algorithms can’t easily find or decode. In practice, you have to balance password strength with being able to remember the password!

Here are some tips to build your own password. Remember:

• Using ordinary words and phrases that make “sense” – usually result in a weak password;
• If you use birthdays, relative’s names, your football teams – that’s both a weak password and it can be linked to you (see Identity theft below).

Strong Passwords

A strong password is one that uses keys from the whole keypad. Instead of 26 letters you have over 40 keys – the odds of breaking your password is very much smaller. Here is a suggestion of how to construct a strong password:

1. Try three unconnected words (at least 6 letters) that you’ll remember say – jam, silver and coat,
2. Include capitals in the string – “JamSilverCoat”;
3. Add a year “19JamSiverCoat68”:
4. Tack on one or two squiggles “!19JamSilverCoat68?”.

While not recommended, it might be better to write down your passwords and keep them safe in your house than use weak passwords as you have less chance of being burgled than getting phished.

Use a Password Keeper

Rather than write down passwords, you can use password keepers on your computer which are encrypted or specialist ‘safes’ from the Apple or Microsoft stores. They only need one strong password to access, generate and remember strong passwords and autofill forms. Read more here.

Use Two-factor verification

Two factor verification (or authentication) is particularly good for your security online. Critical web access protection using two-factor systems is becoming a commonplace option with social media. Many banks and other financial services require it as part of the login process.

Two-factor verification requires you to enter a special security code each time you login (typically sent to your phone or generated by an application).

Remember: No password is unbreakable so change them every now and again!

Three – Mobile Surfing and your home broadband and WiFi.

Public Wi-Fi

It is great to get something for free and public Wi-Fi in coffee shops really make things better: but “there is no such thing as a free lunch”. The registration on the free Wi-Fi and acceptance of the Terms and conditions normally comes with you allowing them to capture your details – for marketing and sales purposes.

Criminals too can use these public airwaves to latch on to your device and hack into you. Better for your security online to only use your usual provider’s secure site or use your phone as a personal hotspot. Your phone company will provide details on how to set up your phone as a hotspot and any data restrictions which may apply in your contract.

Remember: Turn off the connection details for public wifi when you leave the venue!

Home Broadband and IP Addresses.

You should always ensure your browser settings have security protection to help block out criminal sites. Then:

1. Watch for the security clearance or the ‘lock code’ that your browser may apply in the address window:
2. Type HTTPS:// before the web address. What is HTTPS: A site that returns HTTPS is a secure site as defined by SSL (Secure Socket Layer is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral.)

For your home broadband you should think about your modem set up and static and dynamic IP addresses, virtual private networks (VPN) and private windows:

• Static IPs: an IP that doesn’t change can be used to track your online behaviour over time.
• Dynamic IPs: changing your IP every so often can make it harder to track you. This can often be achieved by restarting your internet router.
• VPN – Using a VPN your traffic comes through from a third party’s IP address making it much harder to track you online. Read more about VPNs.
• Private browsing windows – What is private browsing and why should I use it?

Four – Safety Online – Social Networking.

Privacy settings

1. Learn how to use and set up your social media channel profile properly;
2. Use their privacy features to restrict strangers’ access to your profile;
3. Here are some channel Specific Security Advice links.
   • Facebook
   • Twitter
   • LinkedIn
4. If in any doubt always choose the most restricted setting – you can then in the future loosen the strings as you become more comfortable with the site.

Some sites are simply fraudster fronts and can be very good copies of the legitimate site or email – this often applies to HMRC, banks and other financial businesses.

With any link, even in a social media posting you trust never just click – try resting your cursor over the link for a few seconds to see that the site link is what you are expecting.

Here are some tips to help:

• It’s best to go to the website directly by typing the address into your browser. You’ll also want to make sure you’re only entering this type of information during secure browsing sessions;
• Emails with unsubscribe links – if you get an unsolicited email form a site with an unsubscribe link then do not just click on the link – delete the email;
• If the email comes again, then type the site address, from the email, into your browser and check that the site exists;
• It is probably legitimate if the parent site exists and you may have agreed with a similar site/provider to share your details.
• When you are confident, then check the unsubscribe link and click or continue to delete the emails until they stop (in most email programs, you can put unwanted emails automatically into junk and then they’ll get deleted after 30 days).

Routine management.

Here are some tips to help your security online using social media:

• Be guarded about who you let join your network – make sure you know them or they have a legitimate reason for joining your network;
• When responding to “friends” requests do be careful; even on professional networking sites like LinkedIn;
• Scan the “mutual friends” you have with the person requesting to link up: consider if you really know them;
• People who are accepted by you will see more of your personal information, your movements and access with credibility your real friends.

Posts and Tweets.

Here are some thoughts about your personal posts and Tweets and the wider security implications:

• It is easy to forget what might be said in a joking friendly way under your breath, or blurted out because you are furious will be permanently recorded in cold letters;
• “I didn’t mean it to sound like that” doesn’t cut it; Think carefully even when you are in the middle of funny banter with a group of friends in chat rooms;
• What you write may be forwarded on to others and then into to the widest media community- you’ve seen it in the papers and don’t think it can’t happen to you;
• Offensive and obscene remarks even if intended to just be funny can end up in public maliciously or by accident;
• Pictures of you having wild fun or jokes about your work place – if not strictly controlled by your privacy settings could easily haunt you…

Five – Identity Theft.

Where are the risks:

• Disclosure of private information by either yourself or friends/contacts:
• Phishing emails allegedly from social networking sites, can actually encourage you to visit fraudulent or inappropriate websites:
• Friends’, other people’s and companies’ posts encouraging you to link to fraudulent or inappropriate websites:
• People hacking into or hijacking your account or page;
• Viruses or spyware contained within a message attachment or even an image;

NEVER share your personal information, such as government issued ID numbers, birthdate, credit card or bank account numbers on social media and think twice about it on private emails.

Bear in mind criminals will be prepared to wait months and spend time building up a profile about you. They will try to collect:

• Pictures, stories, comments about birthdays, trips, favourite things family members everything can be pieced together by computers;
• All images can be analysed to pick up details in the back ground that giveaway much more than you think;
• If they can see you are on holiday – great easy pickings if they have already found out where you live.

Six – How can I Safeguard myself?

Here are just some bullet points for you to consider and to help protect your security online:

• Don’t bow to peer pressure to post or retweet something you are not comfortable with. Think about how even a funny line might look in the cold light of day;
• Try your best never say or do anything on social media when you are under the influence:
• Keep your profile closed and allow only your friends to view you – don’t let the world into your life;
• What goes online stays online and can be dug up again years later;
• Sounds prudish – but don’t use obscene language or offensive terms – you may think it’s just with your mates…;
• Be aware of what friends post about you, or reply to your posts, particularly about your personal details and activities;
• Think before you retweet a friend’s post or comment – first, it may get him or her into trouble and, by re posting or tweeting, you are easily presented as adopting any remarks that could come back to bite you.

Remember that many companies routinely view current or prospective employees’ social networking pages, so be careful about what you say, what pictures you post and your profile. The key is to regularly look at your social media presence and accounts with an “outsider’s critical eye” it might help you see something hiding “in plain sight”.

Finally, always read a social media channels privacy policy. Ideally, you should read all websites ‘privacy policy’ to see what they say about holding and using your data and how they use cookies. Many sites nowadays include lots of permissions in a cookie which allow them to share your data with third parties and marketing agencies – read their privacy policies. Our privacy policy is an example of one that doesn’t share data for marketing.

Seven – How to see if you’ve been hacked.

Our blog on email hacking gives a good sense of indicators and these can apply across the board of all social media platforms. Good indicators include:

• Have you noticed unexpected activity from and on your account?
• Remember to monitor if you find you are following, unfollowing, or blocking without your knowledge:
• Have you received a notification stating that your account information has changed, and you didn’t change it?
• Noticed your password is no longer working and you are being prompted to reset it?

You should also take extra care if your friends say they have received emails from you which you didn’t send. If that happens, you should look on the internet for solutions as there are many different approaches to resolve an address book hack.

If you are a victim of fraud or theft – or a threat of blackmail – contact the police every authority has a cyber-crime division – you are not alone!

Action Fraud

Action Fraud is the UK’s national reporting centre for fraud and cybercrime. It is where you should report fraud if you have been scammed, defrauded or experienced cyber-crime in England, Wales and Northern Ireland. You can report fraud or cybercrime to Action Fraud any time of the day or night using their online reporting tool. Reporting online is quick and easy. You can also report to them by calling 0300 123 2040 Monday to Friday 8am – 8pm.

If your report relates to any of the below, please follow the links to report it to the correct organisation:

• Suspicious online behaviour with or towards a child.
• Online hate or bullying crime, material or messages:
• Counterfeit medicine or medical devices available to purchase online;

Remember, if you suffer a breach or data loss from a criminal, report it to the police – if the breach or loss is through a legitimate business then report it to the Information Commissioners Office.