Protect your computer from fraudsters

So many of us rely on the internet – yet many people are still frightened of online fraud from phishing emails and online scams.

In October, Moneywise held a webchat with Garreth Griffith, head of risk management at PayPal, to find out the latest ways you can stay safe from fraudsters online. Here are some of the best questions and the answers. 

Q: Each time I am asked for my card number expiry date and the security number on the back I get very nervous. What more can I do?

Garreth Griffith (GG): Before you make any payments online, there are a few simple rules to follow:

1. Use reasonable judgment to make sure that the website is genuine and safe. For example, look for the padlock symbol in the browser and make sure the URL starts with ‘https’.

2. Be aware of the protections that would be in place to cover you, should anything go wrong.

Q: Is it safe to store details – such as my address and payment details - on sites like Amazon to make shopping faster the next time?

GG: I think it's a case of using your reasonable judgment. As you would do when you are on the high street – ask what you know about the brand and the company. And always have the latest security software installed, and set to automatic update.

Q: I get a lot of emails that claim to be from PayPal - how do I know when it's a genuine one?

GG: PayPal emails will always address you by name (not by ‘Dear member’ or ‘PayPal user’). We will never ask you for any personal details or include a link directly to the log-in page.

If you receive an email from PayPal asking you to verify some information, or to take action about your account, we recommend you open a new browser window and go to the PayPal website directly. If you have any doubt at all, you can forward the email to and we will let you know quickly whether it is genuine.

Q: I read an interesting story about people hijacking your wi-fi and leaving you with hefty bills for exceeding download limits. How can I protect my wireless router from strangers?

GG: You need to set your wi-fi security settings to the maximum. Check your router instructions on how to set to maximum security. At the very least, set up a password.

Q: I'm using several anti-virus and anti-spy products across two PCs - some say that the PCs are completely clean while others find varying amounts of viruses and other vulnerabilities.

For example, the full commercial version of Kaspersky  AVG and Malwarebytes rarely find anything, while Stopzilla frequently does. How do I know which to believe, and how worried should I be about this?

GG: This may reflect how regularly you update your anti-virus software and which version you have.

Always set your software to automatically update, check the settings because you may have your software set to look for absolutely everything on one PC, but not on the other; be aware of what each program is designed to look for.

Q: I use the same password for all my online accounts - how do I avoid that and remember several different passwords?

GG: We would definitely advise you not to use the same passwords for all sites. Make sure your passwords are strong ones. What I find easiest is to create a memorable phrase relevant to the website. For example if you were on a shoes site, your password could be 'I love red shoes' .

Also, never use personal details in the password or use 'password' as your password!

Q: Why don't the credit and debit card providers give their customers the real-time device that changes every 20 seconds (or so) the numbers you put in as either the card number or password during online transactions? That way you never have the same number twice.

GG: This is about striking a balance between convenience and security. You’re referring to something called second factor authentication, which requires you to provide something you know (password etc) and something you have (the code which the device will generate).

All major bank and card providers do have a whole host of anti-fraud measures behind the scenes as additional security. Many are also moving to offering additional measures of second factor security, for example PayPal offers a security key either as a fob or text message as this extra layer of security.

Q: Why should we pay for fraud protection? Shouldn't the onus be on the product providers just as it is with retail products?

GG: All banks and most retailers are doing a lot of the protection for you at no extra charge. There is a lot of good free anti-spy and antivirus softwares out there - but many of us like the assurance that comes from investing in your security.

Personally, I think the extra cost is good value for money to give me extra peace of mind.

Q: Am I reasonably safe with an Apple Mac from scams?

GG:  It’s true that for many years Macs have been reassuringly free of a lot of the viruses that have been aimed at PCs. But fraudsters are always looking for new targets and there have been viruses aimed at the Mac, so we strongly recommend that Mac users look into anti-virus software for their computers.

Q: Has anyone ever really been caught out by the Nigerian email scam?

GG: Yes, people have been caught out, and continue to be caught out. The Nigerian email scam has evolved and can be almost plausible. Always use reasonable judgment - if something sounds too good to be true, it almost always is.

Q:  I actually use my real name as my email for my PayPal account. Should I use a fake email name for the account when buyers are putting money into the account, or should I use a fake email address name?

GG: It’s fine to use your real name for your email address, but do make sure you follow the usual anti-phishing rules.

Q: Dodgy emails were sent from my son's email address to everyone in his address book. How could this happen and is it enough for him to just change his password?

GG: Unfortunately it sounds like your son must either have clicked into a phishing email or has a virus on his computer, so I’d recommend that you get it checked out by an expert or run anti-virus software. After that has been done he should change his password.

Q: Is it safe to leave my broadband connected permanently - with AVG virus check and Ad-Aware plus Soybot working - or should I disconnect while away from the PC?

GG: The good news Richard is that you’re obviously taking measures to keep safe online. The other point is to make sure that your protection software is updating automatically. Personally, I log off when I’m not using broadband, but then I’m a cautious guy!

Q: You can ‘charge back’ a credit card if the transaction falls over, but how do you reverse PayPal payments?

GG: PayPal has buyer and seller protection programmes. We do have an online disputer resolution process and ' get involved' if buyer and seller are unable to resolve the issue.

Q: Why have my credit card details been stolen when I have bought Kaspersky security? Also why do you think I keep getting fraudulent emails?

GG: It will depend on your specific situation, but you should check that you have the software set to automatically update and that you have the latest browsers, for example Internet Explorer 8, that include the latest anti-phishing measures.

To stop receiving fraudulent emails you should ensure your email spam filter is turned on.

Q: What should you do if you are a victim of identity fraud?    
GG: Go to your local police station firstly. And go to the relevant institutions where the fraud has occurred. For example, if someone has stolen your banks details, go to the bank to report it immediately.


More about