Protect your computer from fraudsters
So many of us rely on the internet – yet many people are still frightened of online fraud from phishing emails and online scams.
In October, Moneywise held a webchat with Garreth Griffith, head of risk management at PayPal, to find out the latest ways you can stay safe from fraudsters online. Here are some of the best questions and the answers.
Q: Each time I am asked for my card number expiry date and the security number on the back I get very nervous. What more can I do?
Garreth Griffith (GG): Before you make any payments online, there are a few simple rules to follow:
1. Use reasonable judgment to make sure that the website is genuine and safe. For example, look for the padlock symbol in the browser and make sure the URL starts with ‘https’.
2. Be aware of the protections that would be in place to cover you, should anything go wrong.
Q: Is it safe to store details – such as my address and payment details - on sites like Amazon to make shopping faster the next time?
GG: I think it's a case of using your reasonable judgment. As you would do when you are on the high street – ask what you know about the brand and the company. And always have the latest security software installed, and set to automatic update.
Q: I get a lot of emails that claim to be from PayPal - how do I know when it's a genuine one?
GG: PayPal emails will always address you by name (not by ‘Dear member’ or ‘PayPal user’). We will never ask you for any personal details or include a link directly to the log-in page.
If you receive an email from PayPal asking you to verify some information, or to take action about your account, we recommend you open a new browser window and go to the PayPal website directly. If you have any doubt at all, you can forward the email to firstname.lastname@example.org and we will let you know quickly whether it is genuine.
Q: I read an interesting story about people hijacking your wi-fi and leaving you with hefty bills for exceeding download limits. How can I protect my wireless router from strangers?
GG: You need to set your wi-fi security settings to the maximum. Check your router instructions on how to set to maximum security. At the very least, set up a password.
Q: I'm using several anti-virus and anti-spy products across two PCs - some say that the PCs are completely clean while others find varying amounts of viruses and other vulnerabilities.
For example, the full commercial version of Kaspersky AVG and Malwarebytes rarely find anything, while Stopzilla frequently does. How do I know which to believe, and how worried should I be about this?
GG: This may reflect how regularly you update your anti-virus software and which version you have.
Always set your software to automatically update, check the settings because you may have your software set to look for absolutely everything on one PC, but not on the other; be aware of what each program is designed to look for.
Q: I use the same password for all my online accounts - how do I avoid that and remember several different passwords?
GG: We would definitely advise you not to use the same passwords for all sites. Make sure your passwords are strong ones. What I find easiest is to create a memorable phrase relevant to the website. For example if you were on a shoes site, your password could be 'I love red shoes' .
Also, never use personal details in the password or use 'password' as your password!
Q: Why don't the credit and debit card providers give their customers the real-time device that changes every 20 seconds (or so) the numbers you put in as either the card number or password during online transactions? That way you never have the same number twice.
GG: This is about striking a balance between convenience and security. You’re referring to something called second factor authentication, which requires you to provide something you know (password etc) and something you have (the code which the device will generate).
All major bank and card providers do have a whole host of anti-fraud measures behind the scenes as additional security. Many are also moving to offering additional measures of second factor security, for example PayPal offers a security key either as a fob or text message as this extra layer of security.
Q: Why should we pay for fraud protection? Shouldn't the onus be on the product providers just as it is with retail products?
GG: All banks and most retailers are doing a lot of the protection for you at no extra charge. There is a lot of good free anti-spy and antivirus softwares out there - but many of us like the assurance that comes from investing in your security.
Personally, I think the extra cost is good value for money to give me extra peace of mind.
Q: Am I reasonably safe with an Apple Mac from scams?
GG: It’s true that for many years Macs have been reassuringly free of a lot of the viruses that have been aimed at PCs. But fraudsters are always looking for new targets and there have been viruses aimed at the Mac, so we strongly recommend that Mac users look into anti-virus software for their computers.
Q: Has anyone ever really been caught out by the Nigerian email scam?
GG: Yes, people have been caught out, and continue to be caught out. The Nigerian email scam has evolved and can be almost plausible. Always use reasonable judgment - if something sounds too good to be true, it almost always is.
Q: I actually use my real name as my email for my PayPal account. Should I use a fake email name for the account when buyers are putting money into the account, or should I use a fake email address name?
GG: It’s fine to use your real name for your email address, but do make sure you follow the usual anti-phishing rules.
Q: Dodgy emails were sent from my son's email address to everyone in his address book. How could this happen and is it enough for him to just change his password?
GG: Unfortunately it sounds like your son must either have clicked into a phishing email or has a virus on his computer, so I’d recommend that you get it checked out by an expert or run anti-virus software. After that has been done he should change his password.
Q: Is it safe to leave my broadband connected permanently - with AVG virus check and Ad-Aware plus Soybot working - or should I disconnect while away from the PC?
GG: The good news Richard is that you’re obviously taking measures to keep safe online. The other point is to make sure that your protection software is updating automatically. Personally, I log off when I’m not using broadband, but then I’m a cautious guy!
Q: You can ‘charge back’ a credit card if the transaction falls over, but how do you reverse PayPal payments?
GG: PayPal has buyer and seller protection programmes. We do have an online disputer resolution process and ' get involved' if buyer and seller are unable to resolve the issue.
Q: Why have my credit card details been stolen when I have bought Kaspersky security? Also why do you think I keep getting fraudulent emails?
GG: It will depend on your specific situation, but you should check that you have the software set to automatically update and that you have the latest browsers, for example Internet Explorer 8, that include the latest anti-phishing measures.
To stop receiving fraudulent emails you should ensure your email spam filter is turned on.
Q: What should you do if you are a victim of identity fraud?
GG: Go to your local police station firstly. And go to the relevant institutions where the fraud has occurred. For example, if someone has stolen your banks details, go to the bank to report it immediately.
Phishing scams are typically fraudulent email messages from seemingly legitimate sources (your internet service provider, mobile phone provider, bank etc). These messages usually direct you to a counterfeit website or ask you to divulge private information (password, PIN, credit card numbers, or other account updates), which is then used to commit identity theft.
Issued by a bank as part of a current account and, in a nutshell, serves as electronic cash. Unlike a credit or charge card, where you get an interest-free period before you have to settle the bill, the funds spent on a debit card are withdrawn immediately from your current account. Unless you’ve arranged an overdraft, if you don’t have the cash in the account, you can’t spend it.
Used by the holder to buy goods and services, credit cards also have a monthly or annual spending limit, which may be raised or lowered depending on the creditworthiness of the cardholder. But unlike charge cards, borrowers aren’t forced to pay the balance off in full every month and, as long as they make a stated minimum payment, can carry a balance from one month to the next, generating compound interest. As the issuing company is effectively giving you a short-term loan, most credit cards have variable and relatively high interest rates. Allowing the interest to compound for too long may result in dire financial straits.
Generally thought of as being interchangeable with insurance but isn’t. Assurance is cover for events that WILL happen but at an unspecified point in the future (such as retirement and death) and insurance covers events that MAY happen (such as fire, theft and accidents). Therefore you buy life assurance (you will die, but don’t know when) and car insurance (you may have an accident). Assurance policies are for a fixed term, with a fixed payout, and unlike life insurance have an investment aspect: as a life assurance policy increases in value, the bonuses attached to it build up. If you die during the fixed term, the policy pays out the sum assured. However, if you survive to the end of the policy, you then get the annual bonuses plus a terminal bonus.