Warning about online fraud as information theft rises

 
A selection of security devices provided by banks Since banks brought in "two-factor" authentication, fraud has fallen significantly

Related Stories

Fraudsters traded 12 million pieces of personal information online between January and April this year, according to research.

The figure represents a threefold increase on 2010.

Credit-checking company Experian, which produced the figures, said the increase was partly due to consumers having a growing number of online accounts.

Consumers now have an average of 26 separate online logins but just five different passwords.

Experian said many people were unaware their identity had been stolen until they were refused credit cards or mobile phone contracts.

It advised people to change their passwords regularly and make them more complicated so they are harder for fraudsters to crack.

WHAT MAKES A GOOD PASSWORD?

  • Use a password checker, such as this one, from Microsoft, to see whether your password is strong or weak
  • Strong passwords contain a mixture of letters and numbers, the more random the better
  • Users worried about remembering obscure passwords can use random password generators
  • Online random password generators should not be used for secure services such as bank accounts
  • Using first letters of a speech from Shakespeare or a favourite poem offers one way to keep it obscure but memorable
  • It is OK to write passwords down as long as the paper copy is kept safe
  • Avoid dictionary words, words spelt backwards, sequences or repeated characters
  • Never use personal information such as date of birth

Two thirds of people have accounts they no longer use but have not closed down, leaving them vulnerable, the research found.

This was borne out last week when hackers broke into Yahoo's servers and stole 450,000 passwords, many from defunct accounts.

Those who had been victims of the growing issue of identity fraud suffered:

  • refusal of loans or credit cards (14%)
  • debts being run up in their name (9%)
  • refusal of mobile phone contracts (7%)
  • being chased by debt collectors for money they did not owe (7%)

Every week brings fresh headlines about stolen IDs. Last week, alongside the Yahoo hack, it was revealed that one million user IDs had been stolen from the Android forum and graphics hardware maker Nvidia said 400,000 passwords had been stolen from its forums.

This led Microsoft to reveal that 20% of Microsoft account logins are found on lists of compromised credentials as a result of hacks into other websites.

Writing on the Microsoft blog, Eric Doer said "These attacks shine a spotlight on the core issue - people reuse passwords between different websites."

 

More on This Story

Related Stories

Comments

This entry is now closed for comments

Jump to comments pagination
 
  • Comment number 25.

    This comment was removed because the moderators found it broke the house rules. Explain.

  • rate this
    +2

    Comment number 24.

    After a site informed me their password list (albeit still encrypted) had been stolen, I went round about 15 sites that use that email address/pswd combo.

    Only the Dwell site caused problems: it had my home address & no mechanism of changing/invalidating pswd or just deleting account. They gave no helpful feedback & has ignored my request to delete the account. Time for a stiff letter I think!

  • rate this
    +3

    Comment number 23.

    It appears that banks do not need to be online to commit fraud.

  • rate this
    +2

    Comment number 22.

    If you have email-accounts older than 5-10 years then change your account passwords now (and any others) I'm quite sure your not the only person who knows the passwords to your accounts because of the recent spate of attacks, they will use those accounts to send out spam, thousands of old redundant email accounts are waiting for attention or re-activation by those who have stolen passwords.

  • rate this
    +2

    Comment number 21.

    @15

    Indeed,my wife succumb to that sham.Why not give it free with no bank/credit card details for 30 days?

  • rate this
    +1

    Comment number 20.

    Limit the number of cards you use. If you feel you have to write down passwords or PINS don't do it conventionally, last two digits first followed by reversed first two. You will know but nobody else will. I'm 63 and I don't have to write down any of my PINS, I can remember them no problem. Site passwords I tend to keep the same and in my head.

  • rate this
    0

    Comment number 19.

    Like (14. HishMaj) , use a Password Safe
    Another nice one is KeePass, but use the 1.18 Version. This is standalone and the database & Program can be held on a memory stick. If you want to be safer, create a Truecrypt encrypted volume so you need to open the volume before accessing, then put the USB stick in a safe.. and so on, passwords are safe but it takes hours to get to them!!

  • rate this
    +2

    Comment number 18.

    Am I posting as me?
    Or has someone hacked my HYS account?
    Hmmmmmm.

    Seriously folks, I do feel that we can all use a little more care with online security - I often wonder how many people take no precautions and then are surprised to get caught out.

    On a slight tangent, I read recently that something close to 50% of internet users have no firewall or malware protection!!

  • rate this
    +1

    Comment number 17.

    The webcomic XKCD had an excellent strip covering this: http://xkcd.com/936/

  • rate this
    +2

    Comment number 16.

    So what are our legislators doing about this?

    Yachting?

  • rate this
    +5

    Comment number 15.

    Experian is better
    in this matter
    if you don't cancel in 30 day
    you have a lots to pay

  • rate this
    +3

    Comment number 14.

    @Tamar

    Use password managers like LastPass or 1Password. They generate strong passwords and saves it. All you need to remember is a master password.

  • rate this
    +3

    Comment number 13.

    The current vision of 'service' is for the customer to REMEMBER. not write down, a DIFFERENT password with an increasingly complex structure for each and every website you use
    Impractical
    They need to come up with something smarter than this, rather than blaming their customers

  • rate this
    +3

    Comment number 12.

    So, as usual, its our fault. Not the fault of the sotware designers and not the fault of the companies that demand the information and then lose it or abuse it or sell it in to other companies without our permission.

  • rate this
    +2

    Comment number 11.

    It's probably best not to have login account that stores your bank or card details. It makes things a bit more awkward when buying anything but it's a lot safer.

  • rate this
    -2

    Comment number 10.

    Fraud is intentional deception. There seems to be a lot of it about. Just look at the constant 'unconfirmed reports' coming out of Syria and shown on the main stream news channels including the BBC.
    This is propaganda not news.

  • rate this
    +9

    Comment number 9.

    CONSUMERS? Is that our lot in life now - mere fodder to keep the economy growing?

    We used to be called "customers".

    A sign of the times, I suppose.

  • rate this
    +1

    Comment number 8.

    Probably the least bad thing is to write down your passwords, if you live in a reasonably secure household (eg not a shared student house). But if you are burgled it's quite possible a burglar will read your list. I suppose you could have a home safe for that list. If you go that far don't let people know.

  • rate this
    0

    Comment number 7.

    @1 Tamar

    You could use a password manager that substitutes a single password for others listed, or a one stop service that links everything together. Security on the internet in general isn't very good though. Even with a strong password you could easily find yourself the victim of a flaw at the service providers end. Basically you can do your best, but you're taking chances regardless.

  • rate this
    +3

    Comment number 6.

    As a newcomer to the electronic age (sad at 51) even following recommendations for passwords to include case sensitive, numbers, non-consecutive etc won't prevent fraud if the sites so insecure it can be hacked.

 

Page 5 of 6

 

More Technology stories

RSS

Features

BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.