Douglas Havard, who is serving a six year prison sentence at Ranby Prison in Nottinghamshire for his part in a £6.5m ($10.38m) hacking and phishing scam, was asked to take over a project to create an internal TV station using the jail’s computer network.

The 27-year-old was, according to the Sunday Mirror, left unattended by guards despite being afforded access to the prison’s network. He went on to reset a series of passwords that locked out anybody else that attempted to use the system.

Prison bosses were forced to call in computer security consultants in order to fix the problem, with Harvard being put into segregation as punishment for the incident.

The blunder emerged a week after the Sunday Mirror revealed how an inmate at the same jail managed to get a key cut that opened every door.

A Prison Service spokesman told the Sunday Mirror that the breach was being investigated, claiming: “Prisoners are not allowed unsupervised access to computers. The prisoner was not able to access records of any other prisoners.”

An outbreak of scam messages circulating on the website only last week left Facebook once again open to criticism as its estimated 60m users were potentially put at risk of identity fraud and malicious software.

It isn’t the first time that Facebook in particular has been used by cyber criminals. Back in December, a new variant of the Koobface virus emerged whilst various forms of the infamous “419 scam” continue to circulate, most of which go largely undetected.

Security scares on social networking sites, such as Facebook, MySpace and Bebo are far from new. Critics have long pointed to the privacy issues that are created as users make their personal details, such as addresses and contact numbers, public on a worldwide platform. Others have highlighted potential security flaws in site designs and functionalities which have put user’s PCs at risk. MSNBC once reported that MySpace in particular was a “hotbed” for spyware.

The changing nature of social media and ‘Web 2.0′ is one of the main reasons as to why the security risks are somewhat more prevalent. The sheer volume of activity that takes place on Facebook, Youtube and MySpace means that it’s very difficult for sites to actively monitor every link that is posted and message sent but nevertheless, it is still possible to keep yourself and your PC safe simply by using some tried and trusted security tips.

If you are concerned about privacy, the simple answer is to limit both how much information you divulge about yourself as well as how many people can actually read it. For some reason, many otherwise experienced internet users have a tendency to let their guard down on social networking sites and publish their entire life story. That might look like you are creating a great profile page but ask yourself; do you really want the rest of the world, never mind old school friends, knowing your date of birth, mobile phone number, work email address and entire employment history? Limit the information that you publish on your profile and you limit a would-be fraudster’s interest in you.

Be wary of any messages that you get from unexpected sources. Many spammers and scammers have unfortunately turned to online messaging as a means of bypassing many of the email filters and firewalls that come packaged in many antivirus software packages. The advice is simply to ignore and delete any messages that look even remotely suspicious.

Up-to-date antivirus software is also an essential tool for any Facebook, MySpace of Bebo user. The customisable nature of user profiles means that large parts of such sites don’t meet the technical standards that are required to prevent spyware, worms and trojans from spreading. Even sites such as Youtube are not immune, with some videos now being uploaded despite containing suspicious links.

The overriding message when using any form of online messaging or interaction service is the same; use caution and common sense. Keep your personal information safe, use a strong password to protect your account, never share information with unknown users and make sure that your antivirus software is on full alert for any errant files that may be circulating online.

The OFT, who compiled the report using research from the University of Exeter, claims that those who have a “better than average background knowledge” of investing, lotteries and finance are actually more likely to become the victim of a scam than less knowledgeable users.

The research concluded that those with knowledge of financial products demonstrated a degree of overconfidence in particular subject areas, making them more likely to respond to a scam email.

Those with background knowledge also had a tendency to “read up” on potential scam emails whereas those with “below average” knowledge simply ignored any apparently malicious approaches or used antivirus software to automatically delete so-called ‘phishing‘ emails.

The research, entitled “The psychology of scams: provoking and committing errors of judgement”, also that the typical scam victim was not necessarily a poor decision maker and that many came from successful business backgrounds.

Unsurprisingly, victims often hid their involvement from friends and family.

The most common forms of scam that internet users were faced with included the so-called “Nigerian 419” advance-fee fraud scam, fake foreign lotteries, holiday club and high-risk financial investments.

The OFT published the findings as part of a high-profile campaign against scams, believing that as many as 3.2 million people are being defrauded of about £3.5bn a year.

Icesave, the British savings branch of Reykjavik based Landsbanki, ceased trading in October following the collapse of the Icelandic economy, with an estimated 200,000 customers unable to access around £3bn ($4.8bn) of savings.

The UK Financial Services Compensation Scheme (FSCS) is responsible for coordinating refunds for customers of the bank and is preparing to send out two emails detailing how customers can claim back their savings and requesting that they complete a “short online process” to initiate refunds via Bacs transfer.

The emails will not request that customers disclose any personal information or account details.

The move however has raised concerns that Icesave customers could be subjected to an increased risk of phishing email scams and already, some ISP’s have blocked emails Icesave from the FSCS as an anti-spam and security measure.

It’s believed that by disclosing the company’s standard email layout, phishers will find it easier to replicate the company’s image in rouge emails and websites.

The FSCS said that all Icesave customers should have received emails by last Friday which gave further details of how customers can transfer their money automatically to a linked bank account. Those that have not received this communication are being asked to contact the FSCS on 0845 7300 131.

A second email, due to be sent to all Icesave depositors later this week, will provide instructions on how they can log on to their existing Icesave accounts to complete an electronic transfer allowing them to access their money again.

Unfortunately, the world of online banking has opened the door for fraudsters looking to procure our most personal details.

One of the biggest concerns since the advent of online banking has been the emergence of a scam known as “phishing”.

Imagine the scene. A man walks up to you in the street and claims to be from your local bank. He doesn’t know your name but he does know that he needs to confirm your address details, account number and PIN. Would you trust him?

Whilst it sounds completely absurd, that’s exactly what happens with a phishing attack. The difference being that the man asking for your details doesn’t approach you in the street, he approaches your email inbox.

The scam works when a fraudster distributes emails which are designed to look like it has been sent from a major bank or building society (although the scam can be applied to any online business) claiming that you need to update or confirm your account information. The email will be designed will look like the bank’s website, the email address will appear to have come from the bank and there will be a link included in the text which, when clicked, will take you to a website which will also look distinctly like your bank’s official site.

That is where the scam develops. The link you have clicked on may look like it takes you to your bank’s official site, but it is in fact just an imitation.

You will be told once again that your details need to be confirmed and so you fill in the relevant information. It is at this point where the fraudster obtains your information and is free to do with it what he wants, which usually involves emptying your account.

Whilst the whole process sounds incredibly complex, there are various ways in which you can protect yourself from such scams; some obvious, some more discreet.

Let’s start with the obvious.

Firstly, make sure that you install internet security software or antivirus software which includes an email scanner. This will prevent many phishing attacks from reaching your inbox in the first place.

If however, a phishing email manages to get though, ask yourself a few questions.

• Why is the bank emailing you?
• What has changed in your account to make them doubt your personal details?
• If they normally contact you by post, why have they used email this time?

If the answers to these questions don’t seem to stack up, it’s highly likely that it’s a scam.

It is worth remembering that banks will rarely contact you by email. Most banks now have a messaging system integrated in their online banking service which will be their primary source of electronic communication.

Stop Press: UK customers of the now defunct savings bank Icesave may be receiving an official email from the bank and/or the FSA regarding your account. Be extra vigilant when acting on these and follow the best practice steps in this guide.

Also remember that a bank will never ask you to confirm PINs, account numbers, national insurance, social security number or CVV number in an email.

If you are genuinely unsure as to your account details, do not click the link. Instead, open up your browser and manually type in the URL of your online banking service. If there are any concerns, your bank will have left a message for you.

Those are the obvious things to look for but there are other, less overt, tell-tale signs that an email may not be what it seems.

Firstly, your bank knows who you are so why would they refer to you as “Dear Customer“? Unless the email refers to you by name, delete it.

Secondly, check the address and URL. Whilst it might appear to be from your bank, be suspicious if either does not match exactly with what you would normally type into your browser. Whilst your bank’s official URL may be yourbank.com, scammers often use variations such as your-bank.com, yourbank-uk.com, or even just subtle misspellings – all a tell-tale sign that the email hasn’t come from where it’s claiming to have come from.

If you do feel that you have been the victim of an attack, contact your bank immediately. There are systems in place to deal with these and you should be compensated for any losses from your account.