Here are some facts to make you think ….

90% of users never check all their transactions on their bank or credit card statements. (ID Theft Protect, Aug 2007)

89% of users do not use a password manager to store their online and offline usernames and passwords. (ID Theft Protect, Sept 2007)

Identity theft is costing the British economy over £1.7 billion annually. (2006 – CIFAS)

Impersonation of the dead is growing at a rate of increase of 60% each year. (2004 – UK Home Office)

In 2004 most UK card fraud was committed via face-to-face transactions in shops. (2004 – Cardwatch)

These are just UK figures.

So what can you or should you do to help protect your ID in an ever increasingly connected and online world?

• Keep personal information secure.
• Keep all your plastic (credit / debit / identity) cards safe.
• Keep your documents safe.
• Keep your passwords and PINs safe.
• Use individual passwords for anything that requires online transactions – monetary or not.
• Protect the identity of deceased family members.
• Shred letters / documents that contain identifying information.

I will almost certainly expand on some of these in the weeks and months to come, but if you need any specific information or answers now then please do ask via the comments section or via my contact form or even by using the Skribit suggestions tab.

Protect Against ID Fraud is a post from: Church Techy

Then this post shows everything that is bad about people in this world …

from the too young child allowed seeming total freedom to do what she wants…

to the father that shouts abuse at a webcam from behind his daughters shoulder…

to the mother that stands off camera and mutters obscenities…

to sites like 4chan and Tumblr that have degraded the usefulness of the internets.

It’s a sad world that brings an 11yr old child to public tears on a youtube video.

The rest I’ll leave up to you to decide.

Nuff said.

Lessons in Hate is a post from: Church Techy

The conversation goes something like this:

Me: Hello

Them: Can I speak with Mr. Smith? (name changed, but it isn’t mine)

Me: I’m sorry Mr. Smith hasn’t lived here since 2003.

Them: Is that Windy Way? (also changed)

Me: I’m not prepared to confirm that ….

We then bat back and forth a bit where they are trying to get some details about my address confirmed and I just stick to my mantra of “Mr. Smith hasn’t lived here since 2003″ and / or “I’m not prepared to confirm that”. At which point they have always got nasty or downright rude and it always ends with me hanging up as they try every tactic they can to get me to confirm something. Typically a day or so goes past before I get another one.

This seemingly innocuous approach to getting details is the old ‘social engineering‘ approach – whereby you use a fact (whether true or not) to gather accurate details of your target. The end game being that your or your company’s security gets compromised in some way.

The whole saga reminded me to have another chat with my children.

I’ve covered online dangers many a time with my children but for some reason had overlooked the more obvious direct approach.

My end advice to them was ultimately very simple:

If you don’t know the person then tell them nothing.

And always refer them to mum or dad.

Turns out our regular caller is a debt collection agency based in Scotland and they are known for their rude strong arm tactics in trying to get information so that they can pin a debt on you.

Reminds me that all the dangers aren’t online and we do well to remember that.

• have you any simple safety advice?
• have you fallen foul of social engineering?
• if so, what was the outcome?

Social Engineering is a post from: Church Techy

Sadly I don’t get as much time as I’d like to contribute there but a recent discovery of mine is his Security Advice Wizard.

It’s a very simple, 4 page, multiple choice info gathering wizard.

Nothing complicated and I guarantee that once you’ve read the T&C’s it’ll take you less than a minute to complete (and if you include those then make it less than 2 minutes).

At the end of it you get appropriate and focused advice on what you should do and how you should protect your Windows based computer..

I say you all should go through it … now.

Security Wizard is a post from: Church Techy

Not because I don’t want to see their tweets but because I’m seeing them twice and sometimes three times.

You see, I use lists – probably not as extensively as some do but then TweetDeck does recommend you restrict the maximum number of open columns. So in an effort to improve the flow of my twitter world I’ve taken to trying to be more organised.

Some lists I’ve created myself:

ChurchIT – this one covers far more than just IT. The basic criteria is do you go to a church (I don’t care what denomination or faith) and are you involved in IT, Tech, Media, AV, or similar in some way. If so, and I’ve seen your name then you are likely on this list. Currently it has 197 members and 17 followers.

CCNA – this one loosely covers anyone that tweets about the Cisco Certified Network Associate certification. It’s work related so I feel duty bound but it only has 19 members and one follower.

Welsh Rugby – I think this one is fairly self explanatory but it is a list of folks that play or have played rugby for or in Wales. A passion of mine and has 32 members but no followers.

I also have a couple of private lists that include folks I know IRL (in real life) and the folks I’ve interacted with on the 31DBBB project. I’m open to bribes for making my 31DBBB one public though. Equally I have a few lists I follow that I didn’t create.

The trouble with my recent actions is that it could cause some folks to unfollow me – and I accept this as it is too much effort to tell them individually that I’m following them via a list so please don’t drop me. Instead I’ll accept that my sphere of influence will likely decrease.

That’s no bad thing – after all it’s not about me.

Anyway, to utilise lists requires that you have a twitter app that allows you to easily view them.

My software of choice is TweetDeck because for me and the way I use Twitter it just works – and there’s an iPhone app for it as well.

• Do you use lists – if so tell me a list or lists you follow?
• What software do you use to manage your lists?
• How do you find your lists?
• Would you find a lists 101 helpful?
• Are you on any lists?
• Do you have a twitter plan of action?

Twitter Lists is a post from: Church Techy

I’ve referred you good readers to them before as a place of independence.

But today, IMO, they’ve blown that trust.

In their words:

At the end of every year, AV-Comparatives releases a summary report to comment on the various Anti-Virus products tested over the year, and to determine the winners in the various tests.

All sounds good so far – but last year, 2009, they awarded “AV Product of the year” to Symantec.

What?

How on earth can the widely recognised bloat that is Symantec beat the likes of Kaspersky (2nd) or Nod32 (3rd) as two examples I do trust? OK, so no one company will get it right 100% of the time for 100% of the people, but day in day out Symantec AV software has shown to be problematical, slow and notoriously unfriendly to systems. And woe betide you if you want to remove it.

Take a look at the summary report on which they base their award. On the surface and just looking at the chart you’d be inclined to agree – and let’s face it; not many of us dig into the meat of reports like this. But I do and I did and it makes for far more revealing reading than the headline – AV Product of the Year. After all, will Symantec care that in the details they state “being recognised as “Best Product of 2009″ does not mean that a product is the “best” (underline emphasis mine) – ah right, so now the truth comes out.

So, explain it to me. How can you on the one hand award a best of and then on the other say it isn’t necessarily the best?

Either it is or isn’t.

As I said, Symantec won’t care as they’ll just use the headline.

Oh and you get all this at twice the price of the other two I mention. Go figure.

• Do you agree with me on trust?
• What about in this particular instance – should I just shrug my shoulders?
• Has any security company lost yoru trust?

Loss of Trust is a post from: Church Techy

I list them purely for your edification in the hopes that you don’t get caught out by them

- or that you can use this as either a quick reference

- or as a pointer for friends that may need some advice.

So, without further ado and in no particular order:

1. Nigerian scam – aka 419.

This almost always appears as an email from someone that is the “relative of the late [insert grand title]“ – in short they utilise emotion to try and get you to part with smaller sums of money in return for a decent %age of a much larger sum. One of the best sites out there for advice and fighting back is 419 Eater.

2. Lottery scams.

Similar to the 419 scam this one typically asks for an up-front payment to release the funds you’ve won. See FraudAid for some great advice.

3. Advance Loan Fees.

These, like the previous two, will ask for an up-front fee typically referred to as an admin or processing fee. They will normally ‘guarantee’ the loan – but ask yourself this: Why, when a conventional bank or credit card company will add the charge to any loan, do I need to pay an up-front fee? Short and to the point advice from Fraud.org.

4. Holiday scams.

These almost always take the approach that you’ve won a greatly reduced cost cruise or holiday but you never get to hear the ‘catch’ until you’ve signed up and paid what you believe is the total cost. Then the hidden clauses come out. ExpertLaw.com appears to have the best coverage of these types of ‘deal’.

5. Phishing scams.

I’ve talked about these before – see my full advice here.

6. Disaster relief scams.

I trust I don’t need to spell this one out? Instead I will simply say – go direct to the homepage of your favourite disaster relief charity and donate there. And if you don’t know any then check out CharityNavigator.

7. Chain eMails.

This is the modern equivalent of a chain letter and you are asked  to forward a small (typically) amount of money to a name & address and add your own to the bottom. More advice and fun at some of the emails out there from BreakTheChain.org.

8. Overpayment scam.

Best way to describe this is with an example. You want to sell item A for £100. Scammer B offers £500 in the form of a cheque (or similar) for goods they’ve sold in your country and for you to forward on the remainder. In this example £400. Then the cheque bounces and not only are you without item A but you’ve also sent B £400. Much more info on this type of scam at Scambusters.org.

9. Computer money making machine scam.

In return for some money, yes up-front, you are asked to install a program on your computer that opens lots of popups / adverts. Each of these effectively generate a click for that advert and ths income for the scammer. You are highly unlikely to see any return on this other then seriously impaired computer response. Avoid.

10. Employment scam.

The only reason this scam exists is to gather information – yours. Oh, and possibly your money too. The end result is likely to be fraud of some kind, either your ID is stolen or money from your bank (knowingly or not) and far from earning you money will always cost. Job-hunt.org has some great advice on this type of scam.

• Have I missed any obvious scams?
• Have you any great links to share that provide advice on avoiding scams?

10 Internet Scams is a post from: Church Techy

The links will show you that I’m far from the only site talking about internet safety but I do try to make my approach cover all aspects and not just children.

• PRNewswire is a web based press release centre – here’s one of their recent releases.
• i-Safe is a US based non-profit promoting education in internet safety.
• Internet Safety with Professor Garfield – everybodies favourite cat teaches internet safety.
• 180 TechTips does more than just general Tech Tips, they also have a specific section on the internet – 5 min lessons on tech, good stuff.

That’s all for now – enough to keep you going but this section will probably become a regular within my ISS series.

ISS Links is a post from: Church Techy