In a whitepaper, entitled “What’s in a name?”, researchers claim that security systems in place to protect online accounts are inherently flawed, claiming that many passwords can often be guessed with just the simplest knowledge about the account holder.

The report specifically highlights “security questions” used to verify users who have forgotten passwords or login credentials, a system used by some of the world’s biggest online names including eBay, Google and Yahoo.

“Despite their ubiquity, personal knowledge questions have received relatively little attention from the security community until recently,” the paper said.

“User studies have demonstrated the ability of friends, family and acquaintances to guess answers correctly, while other research has found that some questions used have a tiny set of possible answers.

“Many common questions have also been shown to have answers readily available in public databases or online social networks.”

The researchers looked at the type of security questions asked using data from a range of online service providers, including banks and financial institutions, as well as webmail services such as Hotmail, Gmail and Yahoo Mail.

One in three asked for a person’s name, and one in five asked for a place name. The researchers said that, when faced with these questions and given three guesses, an attacker can compromise roughly one in 80 accounts. This was increased when names were used as security keys, given the popularity of certain names in particular parts of the world, such as Smith in the Western world or Kim in Korea.

“Given names are a matter of fashion and vary in several interesting dimensions. In the countries studied, female names seem to provide slightly higher resistance to guessing than male names,” said the paper.

“The diversity of forenames has been increasing slowly but steadily over the past six decades in the US. Curiously, pet names are slightly harder to guess than human names.”

Perhaps unsurprisingly there are those who will use the internet to the disadvantage of others. There are a number of scams and viruses that are used to try and lure you into parting with your hard earned cash and your personal information.

By being aware of the most common scams and having quality antivirus software installed on your computer, you will hopefully be able to avoid being caught up in one of them. We have put together a list of the ten most common scams to help you be aware of what to avoid while you’re online.

Phishing

This is a very common scam in which you are sent an email from a professional looking company such as a bank asking you to confirm your details and will give you a link to do so. If you click on the link you will be asked to enter personal information, from which the scammer can access your bank account or put you at risk of identity fraud.

Never click on a links you think may be suspicious. Remember to always contact your bank or the organisation that appears to have sent the email in order to confirm if they actually sent it. Your bank should never ask you to divulge your information via email.

A friend in need?

Scammers can hack into people’s personal accounts, including emails and social networking sites. A common scam is to log into an account and send emails to friends saying that they are abroad and have been mugged or lost their wallet and are in desperate need of some cash for the flight home etc. The email will often also say that the phone lines are out of services and so you cannot call them.

Never send money if you receive an email like this. You are not helping a friend and you will lose your money.

Trojan Horse
The Trojan horse virus is very common and you will likely have heard of it before. The virus is spread via email and will encourage you to click on a link to a ‘special offer’ or open an attachment.

Trojan horse viruses record your keystrokes, giving the scammer access to all your passwords, including your bank logon details.

Never open attachments or follow links in emails when you do not know who they are from. Keep your antivirus software up to date so that if you do accidentally download a Trojan Horse you will be able to catch it, hopefully before the Trojan horse has a chance to record any of your details.

The Nigerian/419 Scam
This scam involves receiving an email from a so-called businessman in Nigeria or African country. The businessman will say that he wants to move a large amount of money into your bank account, to get it out of the country. In order to compensate you for doing this, you will be able to keep a large percentage of that cash – as long as you cover the initial fees.

If you receive an email like this, delete it. You should never give out your bank details, especially to strangers. You will not make any money from agreeing to do this and you are more likely to end up losing all the money in your account.

The Lottery Scam
You receive an email telling you that you have won a large amount of money. Great news, apart from you haven’t entered in their lottery/competition/survey etc. When you call to claim your winnings however, you will be advised that you need to pay an administration fee first.

Predictably, you will lose your money and never see your supposed win.

Economy Related Scams

With the credit crunch still affecting the economy, this is likely to be a scam that is well spread.
If you’re struggling with debt, you may receive an email from a debt company claiming to be able to buy your debts from you and minimise your monthly repayments.

Be aware that it is impossible for any company to buy a debt, without the lenders permission. You may think that your debt has been bought, but you will still owe money to your original lender as well as paying out to the fake debt company. If you fail to keep up repayments with your lender this could put you in a worsened situation and affect your credit rating as you default on payments.
Fake websites selling fake items

Many websites will be set up to look as though they are based in the UK. However, it is possible to buy a co.uk domain for very little and so the sites may be based outside the UK.

You may end up buying not only fake, but sometimes unsafe goods such as electrical items that have not been properly tested.

Don’t judge your decision on buying an item on the domain name alone, you may think that it is a UK site but this doesn’t mean that it is and therefore you may not be buying goods that are up to a safe standard.

The Online Dating Scam

The internet is a fickle place. It’s very easy for scammers to set up an attractive profile on a dating site and then try to lure you into parting with your personal details.

A common variation of this scam is to pretend that they are from the UK but working abroad, or that they live abroad. After forging a friendship with a user, the scammer will say that they really want to come to the UK to meet you, but they can’t afford the flight, hotel costs etc. Or perhaps he/she has been mugged or beaten up and cannot afford the medical costs.

Either way, you will be asked to help and to give your bank details. Never give these out to a stranger, even if you feel that you may have forged a relationship with them just remember that you have never met them and if this sounds familiar then it is likely to be a scam.

Natural Disaster Relief Fund

In the wake of a natural disaster it is likely that charities will ask for people to help and donate. However, be wary of receiving an email which will send you a link to a site where you can donate.
Charities are unlikely to ask for your bank details in an email. You can verify whether a charity site is real by visiting http://www.charity-commission.gov.uk/ which has a list of all registered charities.
Auction Site fraud

If you are looking to buy something online, you might consider using an auction or marketplace site such as eBay or Amazon.

Scammers will often auction an item on one of these sites and make it look as they reside in the UK. However, the scammer will then contact the winner of the auction and say that they are currently out of the country and ask if is it possible to wire the money by MoneyGram, Western Union or bank transfer.
By using these services, it is usually very difficult to trace the money and so it will be unrecoverable in the case of a scam. You will end up losing your money for the item and you will never receive the item itself.

Up there with some of the world’s top annoyances, pop-up advertisements (on the face of it at least) did exactly as their name suggested. They could ‘pop up’ unexpectedly whenever your PC was connected to the internet. And most of them were seen as just that, an annoyance, a fact of an online life in which advertising was the norm. But what were rarely contemplated by the average computer user were the more sinister aspects of the pop-up ad.

Being regularly bombarded by pop-up advertisements was almost always an indication that adware had made its way onto your PC, with software persistently serving advertisements based on either your browsing habits or on what the adware creators are keen to sell.

Aside from the obvious annoyance and the privacy implications of adware, pop-ups also have a major detrimental effect on PC performance, crippling resources and slowing the computers that they infect to a near standstill, particularly back when computer hardware and 56k modems were necessarily designed to cope with the constant stream of JavaScript messages.

Today, whilst they haven’t completely gone away, pop-ups are less of an issue than they once were, thanks largely to advancements in antivirus software, internet browsers, operating systems, firewall software and adware blockers.

Most forms of antivirus software come packaged with pop-up and adware blockers whilst pop-up blockers have been largely incorporated into web browsers since the turn of the new millennium, although Internet Explorer, the last of the major browsers to include such a feature, didn’t have pop-up blocking capabilities until the release of Windows XP SP2 in 2004. Users of open-source browsers, such as Mozilla Firefox, also have the option of downloading various anti-ad ‘plugins’ for added layers of protection.

The more determined ad pushers will always find ways to circumvent both automated and human layers of protection, with some of the more devious pop-ups disguising “close” or “cancel” buttons in an attempt to capitalise on human pessimism of pop-ups and making it even more important to keep updated antivirus software. The pop-up might be less of a headline grabber, but the threats are still there.

Research by price comparison site moneysupermarket.com revealed that 24% of British PC users have been the victim of a computer security breach despite 95% of those surveyed claiming to have antivirus software already installed on their PC.

Of those who have suffered an attack, 39% described the assault as causing a “major disruption” to their system whilst a further 10% described their attack as “deadly”, rendering their computer unusable.

One in twenty claimed that personal information had been stolen as a result of a malicious attack.

The type of content being viewed by users also appeared to have an effect, with almost one in 10 of those surveyed believing that the attack occurred after accessing an “adult” website.

A fifth of people believed that their virus attack came from general surfing and one in eight from opening unknown files or attachments.

Young males were the most likely group to be victim to a malicious attack, with 38% of those under 20 and 30% of under-20s admitting to experiencing virus problems on their computers.

“People need to be more aware of security threats than ever before,” said James Parker, manager of broadband at moneysupermarket.com.

“Most people use some of their personal details online – whether through internet banking or online shopping – and it’s vital that people take appropriate steps to protect this information and themselves.”

The company recommended that users take greater care over their personal details and email attachments, as well as ensuring that their antivirus software is kept up-to-date.

The new Emue Card is being trialled by 500 employees of the accounting firm Deliotte until the end of the year and is the latest weapon in battle against online fraud.

Whilst a number of innovations have been generally successful in reducing traditional examples of credit card fraud, such as the introduction of Chip & Pin terminals in parts of Europe, the level of “card holder not present” fraud, which relates to transactions occurring online, by post or by phone, has increased in recent years to the point where it makes up 50% of all fraudulent credit card activity.

The new card features an embedded keypad and numeric display. To make a purchase, the user enters their PIN into the card which then generates a unique security code which is then entered into the payment screen. This code is then used by the merchant verify the purchase.

To access the security code, a would-be fraudster must have both the card and the PIN number to be able to make a purchase online.

Sandra Alzetta, head of innovation at Visa, told the BBC that the card was bringing the principles of chip and pin technology to the online world.

“The card needs to be globally compatible: that means embossed characters for mechanical swipes, a magnetic strip for systems that require a signature, the fixed three digit security code and now the unique four figure code.

“You have to remember that our cards work across the world and not every country or retailer has access to the level of technology we might be used to,” she said.

According to figures released by Apacs, the UK payments association, earlier this year, £328.4m was lost to “cardholder not present” fraud in 2008.

Under the new directive, all ISPs in the European Union will have to store records of emails, online voice calls and web browsing for up to twelve months, similar to the way in which telecoms firms are required to hold on to telephone records for the same period.

The data stored will not include the content of any particular message or communication but will be used to determine whether particular individuals, notably terror suspects, have established any form of network communication. Authorities will be able to access this data with a warrant from the courts.

Governments across the EU have written this new directive into their own national legislation although some countries have opposed the ruling.

Germany is currently challenging the ruling through the courts whilst Sweden has ignored the directive completely.

In the UK, the directive will be carried out under the controversial Regulation of Investigatory Powers Act (RIPA).

Some ISP’s previously stored such information voluntarily to help them prevent spam and monitor their own networks. From this week, storing such data will be mandatory.

The directive has been widely criticised however, with both privacy groups and ISP’s themselves arguing against the act.

The Open Rights Group branded the directive as a “serious erosion of our fundamental human right to privacy” that was “incompatible” with human rights legislation.

ISP’s have raised concerns over the cost of collating, storing and maintaining such data although the government has since agreed to reimburse ISP’s for these costs.

The latest form of the virus, which has infected an estimated 15 million users worldwide, contains an instruction to perform a particular action on April 1, although nobody is yet sure as to what, if anything, that action is.

There are also suggestions that, given the hype over the worm, we could be about to witness the internet’s biggest ever April Fool’s Day joke.

The Conficker virus, also known as Downadup or Kido, has gained notoriety in recent months due to the rate at which it has spread as well as the number of high-profile organisations that have fallen prey to it. To date, several government, military and health systems are known to have been affected by the worm including the British Houses of Parliament IT system.

The virus buries itself deep inside the Windows operating system where it can then be used to steal users’ passwords and personal information, including bank details. It sets up files and starts downloading information from a controlling server, creating a “botnet” of infected PCs.

Many security experts believe that from midnight on April 1, the Conficker program will start scanning thousands of websites for a new set of instructions telling it what to do next.

Microsoft, which has released several security updates and urged customers to update their antivirus software, has offered a $250,000 reward for information that leads to the capture and conviction of the authors of the virus.

If you feel that you have been infected by the worm, download the free Conficker removal tool.

The event, taking place across all EU states, has this year placed a heavy focus on the dangers of using social networking sites, such as Facebook, MySpace or Bebo as well encouraging parents to closely monitor the online habits of their children.

Around 256m users have accounts with Facebook and MySpace combined, which allow users to connect with friends and relatives online, share photographs and personal details.

There are however concerns that many users of such sites may be unaware as to the risks posed by using such sites. The Safer Internet Day 2009 campaign has highlighted the case of American teenager Megan Meier, who committed suicide in 2006 following a series of abusive messages sent to her from a fake user account on MySpace

The campaign coincides with a report by MSN which revealed that 51% of 14-19 year-olds in Europe enjoy unrestricted access to the internet at home, free from any form of supervision or content filtering software

British parents were the most likely, 77%, to use filtering software whilst 87% regularly talk to their children about what they do online.

The MSN research also found that 29% of the teenagers it quizzed have suffered bullying while using the web. That finding supports the findings of a report from the Internet Safety Technical Task Force released in December 2008 that claimed that “Bullying and harassment, most often by peers, are the most frequent threats that minors face, both online and offline.”

To mark the day, 17 social networking services have pledged to do more to prevent online bullying on their networks; these include Google / YouTube, Yahoo Europe, Microsoft Europe, Facebook, Bebo and MySpace. It is thought that this will see a number of measures introduced in the near future, such as a “report abuse” function.

For more information on Safer Internet Day, visit http://www.saferinternet.org.

The Trojan, which poses as a plug-in for the popular internet browser, sits hidden within the Firefox extensions file and is designed to monitor data exchange between a PC and a number of pre-defined websites – many of which are those of banking institutions in the UK, US and Europe.

The ChromeInject-A Trojan is typically downloaded onto Windows systems that have already been infected by some form of malware.

According to security experts, sensitive data exchanges are intercepted by the program, harvested and then send discreetly to a server based in Russia.

It is the second known Trojan to specifically target users of the Mozilla Firefox browser, which has grown to become the second most-used browser online with a 20% market share. Internet Explorer is the most popular with a 69.8% market share.

The browser is arguably the most successful form of “open source” software to have been released on a mass scale. As an open source program, unlike other browsers such as Internet Explorer and Opera, copies of Firefox are distributed free of charge with the software’s source code openly available to users, allowing them to customise the software and develop plugins and applications for it.

Whilst virus threats are rare, questions do remain over the security and reliability of many open source applications, making an up-to-date antivirus software program essential for any PC running open source applications.

Research conducted by North Carolina State University found that participants clicked on a ‘fake’ pop-up advertisement 63% of the time with the majority of users clicking ‘OK’ without reading the message itself.

The study highlights the vulnerability of even experienced users to the threats posed by pop-up advertisements, given that pop-ups are one of the most common methods for malicious software to access a PC system.

Adware and Spyware are particularly common forms of malware which are transmitted using pop-up technology.

Research co-author Michael Wogalter, professor of psychology at North Carolina State University, warned users to read all pop-ups before acting.

“This study demonstrates how easy it is to fool people on the web,” he said.

“Be suspicious when things pop up. Don’t click OK – close the box instead.”

Tony Neate, managing director of the UK’s Get Safe Online campaign advised users to install a pop-up blocker and antivirus system.

“Browsers and most anti-virus software offers them. Pop-ups are either downloading something malicious or trying to sell me something so I just don’t want them there at all,” he said.