This is a guest blog post from VeriSign UK, a Get Safe Online sponsor.

Passwords are not perfect when it comes to keeping your identity safe online. Too many people use the same password for different websites or choose weak passwords that hackers and their software can easily guess.

Choosing strong passwords is always a good idea but perhaps there is a better alternative. OpenID is, as the name suggests, an open standard for authentication. It replaces the traditional user name and password with a digital identity backed up by a choice systems to prove that you are who you say you.

It has several benefits. It’s easier to use. You don’t have to share your password with every Tom, Dick and Harry on the internet. And, it’s easier than keeping track of dozens of different password for different sites.

Millions of sites allow you to login using OpenID, including PayPal, eBay, Yahoo!, Google, Facebook, AOL and others.

Many companies provide OpenID credentials. One option is VeriSign Identity Protection (VIP). VeriSign lets you create your own OpenID digital identity and offers a range of different ways to identify yourself. These include a VIP Access Toolbar for your browser, free software for your smartphone that generates one-time passwords as well as advanced cryptographic tokens.

So, next time you struggle to remember a password, get frustrated at filling in another registration form or (if you are unlucky) fall victim to identity theft, why not try out OpenID instead?

This is a guest blog post from VeriSign UK, a Get Safe Online sponsor.

VeriSign’s new advert is a good reminder that we need to check things before we trust them. VeriSign’s new Trust™ Seal lets website owners confirm their identity and prove that their site is virus-free. When you see it, you know you can buy, browse and share with confidence. For more information see: Trust the Check.

The UK’s first national hunt for future cyber security professionals launches today in central London. The Cyber Security Challenge UK is a series of online and face-to-face competitions designed by leading security, education and government organisations as a response to the worryingly small numbers of skilled personnel in the cyber security and online crime prevention profession.

The Challenge will identify the most talented individuals in the country capable of becoming our first line of defence against cyber attacks and online crime now and in the future. It will excite and inspire participants to consider a career as a cyber security professional. The very latest technologies will be employed to test the mettle of everyone from teenagers to seasoned IT professionals.

Anyone interested in participating in the challenge can register online and have a chance to be crowned the UK’s Cyber Security Champion at http://cybersecuritychallenge.org.uk/site/Home

Guest blogger: Sharon Lemon OBE. Deputy Director e-Crime, Serious Organised Crime Agency (SOCA)

Years ago, when Internet dating started, it did have a reputation as being a bit seedy, but things have moved on and now there are a  number of reputable dating sites which advertise their success in putting couples together, many of whom get married. Needless to say though, there are some people who want to exploit this new form of relationship and romance fraud is a growing problem, and can leave its victims financially and emotionally devastated. Make sure you’re aware of the signs so that you don’t fall for Mr or Mrs Wrong and not Mr or Mrs Right – do not become a victim.

For example, when you sign up to a dating website be careful about giving out your private information, especially to people from a foreign country who contact you out of the blue and claim to care deeply for you after only one or two emails or conversations. Always stay on the website, and don’t take your conversations onto instant messaging or private email. Don’t trust anybody who won’t answer basic questions about where they are and what they do.

So far we have only seen this offence being committed against women. A common tactic is for a fraudster to claim that they are a soldier, maybe American, who is based in Iraq and wants to retire with their children to live with you. Once the relationship is established, you will be asked to speak to their friends in a completely different country, which is when you will be asked for money.

When a romance fraudster (actually probably a group of criminals posing as one person) manages to seduce somebody into an online relationship, often over weeks and months, eventually there will be a problem that only you can help with. Maybe they want to travel to see you, and want you to pay money towards a visa or airline tickets. Or maybe they or a family member falls ill, or even dies, and they need money for medical or funeral bills. There may be many different reasons, but with just one purpose – to get your money.

If you do pay, the fraudster will then give more reasons for you to send money, and you will never see any of the things they promise. If they say they are flying to see you, they won’t turn up but will have a problem at the airport requiring your money to sort out. If they say they have large amounts of cash or gold that only requires some customs charge or other fees before you can get a share, this is just another type of fraud designed to rip you off. You may even be asked to fly abroad, so that you can be exposed to these different types of fraud in person. If you do so there is a real risk of kidnap and extortion, meaning your life could be in danger.

To protect yourself, be wary of contact from these romance fraudsters. Never send money to anybody you don’t know or trust, particularly by a money transfer service instead of to a bank account. If something sounds too good to be true, it probably is. If you become a victim, you could end up losing a lot of money as a result – or worse.

If you think you’ve been a victim of romance fraud, or any other type of fraud, cease all contact straight away, don’t send any more money and get in touch with Action Fraud via their website, http://www.actionfraud.org.uk/  or call them on 0300 123 2040.

That’s all pretty serious, but remember – as in real life, most people in the virtual world are good, so enjoy your time in it.

This is a guest blog post from VeriSign UK, a Get Safe Online sponsor.

When you are looking at a website, here are ten signs that can help you decide whether a company is worth doing business with, or not.

1. A well-designed site. If companies don’t take the time to design a website that is easy to use, accessible for people with disabilities, simple to navigate and quick to load, then the chances are they won’t take the time to provide good services or proper privacy.
2. Useful information. Look for a company that provides advice, recommendations and help. In particular, look for information about security – it shows they’re thinking about it.
3. A good reputation. A well-known brand can be a reassurance but a small firm with a good reputation can also be trustworthy. Look for customer endorsements and third party reviews online.
4. Real-world contact details. Look for a phone number, email contact and real-world address. If you feel nervous, call them up and see who answers and how helpful they are.
5. SSL Encryption. Every site should use SSL encryption to protect your confidential information when you enter it or when you checkout during a purchase.
6. Extended Validation SSL certificates. This gives you extra reassurance that the site is genuine and that the company behind it really exists.
7. SSL Certificate matches company details. Click on the golden padlock and crosscheck the company details there with the details on the site. Sometimes, you have to look in the site’s terms and conditions to find the company’s trading name and registered address.
8. Trust marks. Trusted third party signs, such as the VeriSign Secured Seal let you check that a site is safe. Click on the symbol to confirm the ownership of the site.
   
9. Clear policies. Ecommerce sites should offer clear, non-nonsense returns and postage policies. If you don’t understand the deal you’re getting, don’t do it.
10. Support for Get Safe Online. Well, not everybody supports Get Safe Online, but it’s a good sign if they do!

Get Safe Online is pleased to introduce our latest guest blogger:

Rik Ferguson from Trend Micro

You might have noticed in the news today, Facebook have agreed to make the ClickCEOP app available to their users. This app, often referred to in the media as a “Panic Button” gives concerned Facebook users a place where they can go to get help and advice related to many aspects of online safety.
 
CEOP (the Child Exploitation and Online Protection Centre) encourages Facebook users aged between 13 and 18 to add a ClickCEOP tab to their profile, the tab contains a link through to the CEOP Abuse Reporting site. This site is aimed at providing direct links to report or get advice on cyber bullying, hacking (by this they mean account takeover), viruses, mobile problems, harmful content or inappropriate or unwanted sexual behaviour.
 
While the ClickCEOP app will not be installed by default into every teenager’s profile, Facebook have stated in this interview that they will support the app with a site-wide awareness campaign aimed at their younger users and the app itself is clearly designed to spread by word of mouth and recommendation.
 
It is great to see Facebook taking the safety of their more vulnerable users more seriously. Education and awareness are powerful tools against online threats, hopefully as people notice their friends adding this app to their profile pages it will rapidly become almost a default installation.
 
The reason why predators are so successful on social networks and online in general, is because they work diligently to allay any suspicions or fears that their victim my feel. They use stolen photographs, misappropriated identities and outright lies to appear to be something they are not. For some commentators, this is the reason the Panic Button may not be as effective as could be hoped. But surely something is better than nothing at all?
 
One argument that says that the simple presence of the button will help to raise awareness and help to raise the suspicion level of the more vulnerable. It could also be the case that repeat offending will be uncovered more rapidly if even one potential victim sounds the alarm.
 
Unfortunately an alternative outcome is that this functionality could drive bullies and predators into more devious tactics, for example the creation of “use once and destroy” alter-egos making finding and stopping them all the more complicated.
 
At the very least for the younger or more vulnerable there should be no more confusion about where to go or what to do when they feel somehow targeted. One of the aggravating factors when it comes to online crime is the absence of any central reporting facility. For Facebook users this small part of the problem, at least, is now solved.

High expectations come with those one or two weeks away that we all look forward to the whole year. But imagine if you not only lost all the money you’ve been putting away for that dream holiday, but you turned up in sunny Spain to find that not only does your holiday not exist, but that you had nowhere to stay and three young children screaming in the back seat of your rather hot hire car at the end of a long day?

Unfortunately, this has been the case for a few unlucky holiday makers caught out fraudsters.

Scams targeting tourists are not new – from bogus local ‘policemen’ to passport theft, fraudsters have long been aware of what easy targets holidaymakers make. However, with many of us now turning to the variety and convenience of the web to find our perfect holiday, the fraudsters are of course following. The anonymity of the web makes it much easier for criminals to pull the wool over our eyes and to target significant numbers of people at any one time – they only need one to respond to make it worth their while.

Of course, most of us are lucky enough to book our holidays online with no problems at all. However, it’s easy to get caught out, and for those that do, the effects can be devastating. Not only can you lose fairly substantial sums of money, the upset of having to turn around and go back home can put a real dampener on your summer.
 
Worryingly, the research we released today  reveals that over two-thirds of UK web users have never heard of the most common scams, and that around 1 in 3 are putting themselves at increased risk by not following basic anti-fraud measures, such as checking whether the operator is a member of a recognised travel authority, doing background checks and looking out for signs of a secure website.

If you’re about to book that last minute getaway, check out our new Travel Essentials Checklist on the Getsafeonline.org website first. We’ve put this together with ABTA to help make holidays the relaxing experience they should be!

This is a guest blog post from VeriSign UK, a Get Safe Online sponsor.

VeriSign is delighted to sponsor Get Safe Online and to contribute a few guest posts to the blog here. We have number of bloggers ourselves. Check them out:

• Notes from the Cyber Trenches. Rick Howard runs our iDefence Operations centre. His blog is an interesting insight into the biggest threats and most serious internet security issues such as a recent post about cyber espionage.
• Tim Callan’s SSL Blog. Keep up with the latest developments in the world of SSL and ecommerce encryption.
• Blue Ocean: Innovation at VeriSign. Nico Popp’s blog shows where online verification and encryption is heading, for example, his recent post about ‘cloud identity’.
• The VeriSign Infrablog. For IT professionals, this blog is a commentary on infrastructure.
• Online Identity and Trust. This blog deals with consumer identity protection. Written by four people from the VeriSign Identity Protection team, it covers topics such as fraudulent cashpoint access and the security risks of smart meters.
• Web User Experience Blog. Reshma Kumar is the User Experience Design Manager for VeriSign’s websites. Her April 14^th post shows how far website design has come since 1997, when VeriSign launched its first site.
• Bob Angus: The Ecommerce Evangelist. Bog’s blog is a great resource for anyone involved in ecommerce.

“Microsoft have issued an advisory notice to its customers that a vulnerability exists in the Microsoft Windows Help and Support Center (HSC) application.  This vulnerability affects Windows XP and Windows 2003 and could allow hackers remote access to your computer. 

To stay safe you should not to open suspect file attached to emails from people you do not know or visit any suspicious websites.  You should update your anti-virus and firewall settings and regularly check the Microsoft security website for any security updates and patching information.

Keeping your operating system and all your application software up to date is crucial and cannot be emphasised too strongly.  It is strongly advised that you set up automatic security updates for firewalls and secure wireless connections.”

This is a guest blog post from VeriSign UK, a Get Safe Online sponsor.

One of the biggest problems people have is spotting the difference between legitimate websites and fake sites that look real but which are fronts for online criminals.

SSL Certificates – the technology that protects your private data when you buy online – are helpful and the latest Extended Validation SSL Certificates also provide reassurance about the owners of the site as well as the strength of their encryption.

However, most web pages are not protected by SSL; only the checkout or registration pages where you enter personal information. So we have developed the VeriSign Trust™ Seal, which website owners can display on any web page to prove that their site is legitimate.

When you see this sign, you know that VeriSign has verified the ownership of the site and checked that the site is free of malware.

This is a guest blog post from VeriSign UK, a Get Safe Online sponsor.

In the last three months of 2009, criminals hijacked 356 well-known brands to create phishing sites, according to AWPG. These sites are designed to trick people into giving away their personal information, such as credit card numbers. It’s identity fraud on a massive scale.

Sometimes, these fake sites are very difficult to detect, even for an expert. But here are a few things to watch out for:

• Pressure. Sites and emails that create a false sense of urgency (‘your account has been suspended’, for example) are a common tactic.
• Promises. Alternatively, you get an offer that sounds too good to be true (such as ‘sign up now and get a free MP3 player’).
• Pretending. Check the website address in the browser bar. If it doesn’t look right, be on your guard. For example, weird variations or misspellings of the company name.
• Poor spelling. Criminals who don’t speak English as their first language are prone to make tell-tale spelling errors.
• Padlock. When you are entering personal information, you should check for the golden padlock in the browser address bar. If it’s not there, beware.

However, sometimes, criminals can create a perfect copy of a real website and so you need some extra help to detect the fakes. This is where Extended Validation SSL certificates come in.

The SSL bit produces the golden padlock and it means that your data is encrypted before it is sent to the website owner. The Extended Validation bit is new and it shows that the identity of the website owner has been checked and that this is really their site and not a fake. It displays a green background and the name of the site owner in the address bar – this is your sign that you’re safe.

Test your skills in spotting fake sites with VeriSign’s Phish or No Phish online quiz. Check out Get Safe Online’s tips on avoiding criminal websites.

It is only two days until the 2010 FIFA World Cup Finals kick off on 11th June. Judging by the flags on cars there is a great deal of excitement and this tournament promises to be a fantastic festival of football. The 2010 World Cup has been described as the first of the ‘social media age’. In 2006 when Germany hosted the finals, Facebook was still a closed network and Twitter was only three months old!

http://www.getsafeonline.org/nqcontent.cfm?a_id=1179

With the buzz of anticipation, people are already using every aspect of social media to share the experience together. There are all manner of ‘apps’, and complex spreadsheets calculating the permutations of the group stages and the draw for subsequent rounds, and imported e-calendars with all the fixtures right up to the final. There are websites where you can play 2010 fantasy football and have your very own World Cup dream team.

As always though, there are opportunistic criminals who want to cash in on the World Cup. They see the event not as a sporting extravaganza but simply a means of ripping-off honest football supporters. To avoid scoring an own-goal and becoming a victim of cyber crime, take some simple but effective steps to protect yourself online by viewing our Beginner’s Guide at:

Everyone at Get Safe Online wishes you all a very enjoyable World Cup, and don’t let the criminals ruin your fun!