We spent €2.96 billion shopping online last year – that means lots of people keying lots of personal information and creates a bonanza for online thieves, writes CONOR POPE
WE DON’T WANT to be alarmist but there are some very bad people lurking in the shadows right now, waiting for you to make a mistake which will allow them to steal everything you own. While you’re sleeping tonight, they’re going to empty your bank account, destroy your computer and, for the laugh, update your Facebook profile with rude messages.
Okay, so we are being totally alarmist and there is almost certainly no need to worry about your online security right now – unless, that is, you’re about to transfer money via Western Union to the blood-diamond rich widow of a recently deceased sub-Saharan dictator who e-mailed you out of the blue with an amazing proposition. If you are, send us your e-mail address, we have a couple of business ideas we’d like to run by you.
Since the web entered public consciousness 15 years ago, there has been so much talk about the dangers of using it, it’s a wonder any of us trust it with our name, never mind our credit card details. And while many of us have grown savvy about what we reveal and don’t reveal online, the scammers have also been updating their skills and the number of threats now appears to be almost limitless.
According to security firm Symantec, online dangers and cyber-attacks, including malicious software distributed via spam e-mails, rose to more than 286 million in 2010, with a “dramatic” increase in frequency and sophistication.
As normal non-techie people we can’t possibly worry about all 286 million of these dangers. We tend to focus only on those things we can get our heads around: the dangers of having our credit cards or bank accounts compromised and the scam artists who use dodgy e-mails to extract information and/or cash from the gullible.
We trust companies we submit our credit card details to and we hope they will handle them with care. This, sadly, is not always the case and the ability of some of the biggest technology companies in the world to stop precious information falling into the hands of cybercriminals has been called into question in recent weeks.
The most high-profile company to fall foul of hackers this year has been Sony. Earlier this month, the Japanese technology giant announced that it had unwittingly allowed personal details, including the e-mail addresses, usernames and passwords of nearly 80 million account holders on its Playstation network, to fall into the hands of hackers.
Days later, the company’s most senior executives held a press conference during which they apologised for the security breach, claimed to have fixed the problem and effectively promised not to be so careless in the future.
No sooner had Sony said that, however, than it confirmed that an arguably more serious breach had taken place in which the credit card and bank details of thousands of users of a different gaming service from the company – including dozens living in Ireland – had also been stolen.
Then there was Epsilon. Chances are you will not have heard of Epsilon, but it provides marketing services to about 2,500 businesses, many of which are household names. In what was described as one of the largest security breaches in US history, the names and e-mail addresses collected by 50 companies, including Marks Spencer, the Ritz Carlton group and JP Morgan, were accessed in the attack.
This wave of online breaches damaged the reputation of some of the world’s biggest technology companies, but how concerned should we really be? After all, what could a scammer do if they only have your e-mail address and password for a games site.
Quite a lot, according to internet security consultant, Brian Honan. “Your name and even very general personal details have real value to spammers and fraudsters. The spammer industry, for want of a better phrase, is trading in live e-mail addresses and 10 million of them will sell for $100. Obviously the more details they have, then the more they will be able to sell that information for.”
He says criminals who have live e-mail addresses can target their scams and if they have passwords it will, in all likelihood, give them access to other sites and services, as people tend to use the same password across multiple platforms.
“Despite all the warnings and the alerts about the importance of not clicking links contained in e-mails from unusual sources there are still a small number of people who will be conned into downloading malicious applications,” he says.
Honan says people should only ever give out the bare minimum of personal details and never fill in any fields which are not mandatory and “only give information to reputable companies”. He also stresses the importance of keeping computers up-to-date with anti-virus software. But this costs money, right? It doesn’t have to.
“There is plenty of free software out there such as Microsoft Essentials, AVG and for Mac users, Sophos. It is also essential that people make sure their browsers – Explorer, Firefox, Chrome or Safari – are updated regularly.”
It is not only consumers who are targeted by criminals and while we have protection and can get refunds from our credit card companies, businesses are more vulnerable and have less comeback.
Lee Mohan runs geekstore.ie, an online shop from his Co Mayo home. In the run up to Christmas, someone tried to buy from his site using compromised cards. One of the would-be transactions involved 30 multimedia players. The fact that so many items, which have a high resale value, were being purchased at the same time, set off alarm bells in his head and he stopped the transaction. He was sufficiently vigilant to stop six others which is just as well as they were all from cloned cards.
One transaction did go through. “The person who owned the compromised card was given a refund from their credit card company which then took the money back from me. But I had already sent the goods so I was down both the goods and the money,” he says.
Despite the dangers, confidence in the web is growing and according to a study published last week, the fear of becoming the victim of a cyber-attack is not deterring Irish people from shopping online.
Collectively we spent €2.96 billion online last year, up 39 per cent on 2009.
On average we spent a fairly hefty €1,550 online last year with flights, holidays, concert tickets and books being the most popular purchases. Clothes and shoes are gaining momentum, thanks, we suspect, to sites such as Asos.com. Men spent an average of €1,650 while women spent €1,470.
The survey, which was published by Visa Europe – a not entirely disinterested party – found that bargains and convenience were the main reasons people took their business online with half of all respondents saying they had saved between 11 and 30 per cent through online shopping.
From our own experience, it’s a wonder the savings weren’t higher.
Stay safe online - if in doubt, doubt some more
KEEP INFORMATION PERSONALAny e-mail request for personal information should always be taken with a pinch of salt. Never follow the links embedded in such e-mails. If you are inputting personal details, make sure the web address starts with https (the "s" stands for secure) as opposed to http.
DON'T GET ATTACHEDNever open attachments from people you don't know. Don't accept random friend requests on Facebook and never grant access to your information for apps with which you are not familiar.
THEY DON'T NEED YOUR HELPWe all love getting e-mails from our mates, right? But when you get one from your pal Marty which says he's just been mugged in Barcelona and needs €500 to get home, you're obviously concerned. Don't be. Marty's fine. His e-mail account isn't and almost certainly has been compromised, allowing scammers to send begging e-mails.
IT COULDN'T BE YOUYou've won the Spanish Lottery? Without buying a ticket? Unbelievable. Completely. Lottery scams are very sophisticated but always ask yourself: "How the hell can I win a lottery without buying a ticket?" You can't.
GO, PHISHINGThis scam seems so obvious when you know about it but it's still insidious and dangerous. Typically, an e-mail arrives from your bank, the Revenue, eBay or PayPal, asking for some details, such as your password or bank account number, so they can update your account with enhanced security features or similar. You do and next thing you know your account is emptied and your bank doesn't want to know. Unsolicited e-mails from any business asking for personal details are always a lie.
