Protection from Identity Theft Phishing and online fraud!

Disclaimer: Information provided here is collected from internet and is bound to change over a period of time.
Please check relevant Links and sources for correct and latest information. Authors of this page, won’t be responsible for any claim/loss arising out of use of following information.  I STRONGLY URGE YOU TO READ THIS DOCUMENT TILL THE END TO PROTECT YOURSELF AND YOUR FAMILY FROM Identity Theft Phishing and online fraud!

10 very basic thumb rules to protect you online and from email/phone call/sms fraud (but you should still read the article till end)

  1. MUST Always have a good FREE latest anti-virus and trojan/spybot cleaner installed on your laptop on top of Windows Security Essentials.  E.g. Free Avast Antivirus  and Skybot S&D. Avoid downloading some random software with serial keys or torrent file from net. If download then before running it, right click and scan it using your antivirus software. Do same for suspicious looking attachment via emails or chat messengers.
  2. NEVER USE SAME PASSWORD FOR ALL YOUR BANK ACCOUNTS. Always have 2-3 memorable passwords (never use your DOB for any password). An easy way is to use a word-digit pwd combination. Keep the word same and in digits use the registration no of your bikes/cars/last 4-5 digits of your mobile no/any memorable year/Your Fav Bus no route twice etc etc. Always do insert atleast 1-2 special keyboard character like # , ~’ @, *, %,$ in your passwords. e.g. k1ckas55@3@4#5 Never use same password for all your email accounts. Again always have 2-3 pet passwords for different purpose email/facebook/twitter accounts. Always remember your security details incase you forget/loose your password so that you can recover it without any problem. Try to save your online passwords in google chrome and firefox to avoid typing them on websites to protect yourself from keylogger kind of virus/trojans on your system (more on that below). Never access bank or do any shopping from internet cafes etc. Always clear cookies and cache of browser when you finish your session on a internet cafe laptop/pc or friends’s laptop.
  3. Record all your credit/debit card numbers and the customer support phone number to call to block them in a sheet/note in google drive/ sky drive  kind of place which you can share with a close friend/family who can call and get them blocked if your wallet gets stolen along with your phone. This usually happens when you are travelling foreign countries and calling each bank from there would be very costly. Try to not carry more than 1 credit and 1 debit card in your wallet. Never write and share PIN with anyone (inc your spouse). Never save your payment details on any shopping website.
  4. Always scan your monthly bank/credit card statements for suspicious transactions and always check your credit file every 2 months by paying just £2 to experian of equifax (they are required by law to give you your credit file for just £2)
  5. If your smartphone is stolen, you can remotely wipe it. Just google about this. Both google and apple provide free remote-reset service to wipe it and erase all data and accounts from that phone.
  6. A phishing website is usually a 100% clone of the genuine website hosted at a dodgy address like http://bank.hsbc.com.netsecure.com/ . The bit before the .com or .co.uk should always be only the name of the organisation/bank and nothing else meaning bank.hsbc.com is a genuine link/address.  If an email/sms looks suspicious, never click the links given in message. Any hacker can spoof from emailid or from SMS number which will show as email/sms is from bank/hmrc etc. Also phishing/fraud links can show different words to you than the actual link of that phishing website. If you have clicked the link, always check that the website shown in the address bar of browser is the genuine website. Never trust an email asking you to click a link and confirm your personal details and bank account information by entering them. Before entering payment information always make sure that there is lock icon on left of web address meaning your communication to website is safe and encrypted.
  7. IMPORTANTWhen receiving unsolicited calls, never provide personal information before confirming that personal information like DOB, POSTCODE, First line of address – the caller already claims to hold is correct. Also in NO scenario NEVER provide a PIN/ OTP/Credit card/Bank Account number to anyone who has called you. To  ensure you know who you are talking to, ask for the details of the organisation the caller represents and call them back yourself on the officially published numbers on their website rather than the numbers the caller may try to provide you with.

IMMIGRATION HOME OFFICE CALL HMRC CALLS OR OTHER PHONE CALL FRAUDS SIMILAR TO THAT

Fraudsters purporting to be from the Home Office:

Fraudsters are purporting to be from the Home Office and cold-calling victims to claim that there is a problem with their immigration status. Victims are informed that in order to rectify this issue, they must pay an up-front fee and are often asked to confirm personal details such as their passport number and date of arrival in the United Kingdom.

In a number of instances when the victim receives this phone call from the suspect, a genuine Home Office telephone number will be displayed as the Caller ID on their phone. The suspect will point this out to the victim in order to add legitimacy to the request. The fraudster has used a method called ‘spoofing’ to display a Home Office telephone number LIKE – 02070354848. This does not mean that the call has actually originated from the Home Office.

Many victims who have been targeted by this fraud have had an association to India. The fraudsters often state that the victim has outstanding criminal charges against them in India, or that their official documentation was not completed satisfactorily upon their arrival into the United Kingdom. Victims are given with three options – either face deportation; face arrest and imprisonment; or pay the up-front fee.

Victims are asked to pay the fees through a variety of methods, including money transfers via a Money Service Bureau and by purchasing iTunes vouchers by relaying the voucher code to the caller or by transferring cryptocurrency e.g. Bitcoin.. The fraudster usually attempts to keep the victim on the phone until the payment is received, which can be hours at a time.

Protect yourself from Phone Call Fraud:

  • The Home Office, Police or any UK Law Enforcement Agency will never ask for money over the telephone.
  • Government agencies do not use non-secure payment methods such as a transfer via a Money service Bureau, iTunes voucher(s) or cryptocurrency e.g. Bitcoin.
  • IMPORTANTWhen receiving unsolicited calls, never provide personal information before confirming that personal information like DOB, POSTCODE, First line of address – the caller already claims to hold is correct. Also in NO scenario NEVER provide a PIN/ OTP/Credit card/Bank Account number to anyone who has called you. To  ensure you know who you are talking to, ask for the details of the organisation the caller represents and call them back yourself on the officially published numbers on their website rather than the numbers the caller may try to provide you with.
  • If you have any concerns regarding your immigration status, please visit the following government website to speak with someone regarding your specific immigration issue: https://www.gov.uk/contact-ukvi-inside-outside-uk
  • If you have been affected by this, or any other type of fraud, report it to Action Fraud by visiting www.actionfraud.police.uk, or by calling 0300 123 2040.

Identity theft

Hello There, these 30 minutes of your life can save you from a disaster. Every year around 80000 (and increasing) people in UK suffer from identity theft. You could be the next one. Don’t Take It Casually!

Preface: “There’s no such thing as a foolproof system. That idea fails to take into account the creativity of fools. – Frank Abagnale”   A Must read article
“You ask people what they’ve got and they say, ‘I’m protected against ID theft now,’” he says.
But the company insuring you against ID theft often doesn’t explain that they’re not reimbursing the money you lose – just the money it costs you to fix things.

Some Good Sites to check before you read further (If you have time):-
One Must Subscribe To http://www.getsafeonline.org/–     Must read

http://www.electronic-identity.org/how-to-prevent-identity-theft
http://www.cifas.org.uk/ – Govt’s Initiative to protect your data.

Directory of useful/helpful organisations related to financial matters
Crimestoppers – 0800 555111 or www.crimestoppers-uk.org
Financial Services Authority – 0845 606 1234 or www.fsa.gov.uk
National Identity Fraud Prevention Week – www.stop-idfraud.co.uk
Trading Standards (for consumer protection)

Experian’s online credit monitoring and ID theft protection service is called CreditExpert.co.uk. It costs around £6.99 a month, though it is offering the chance to sign up for a 30-day free trial. The service allows people to check their credit file online, as often as they want, and there are weekly text or email alerts letting you know if someone takes out a loan or card in your name.

Equifax is offering a similar service called Identity Watch at a reduced rate of £3.99 a month rather than the usual £6. A cheaper alternative may be to register with the “protective registration” service provided by Equifax on behalf of Cifas. For £11.75, a mark is placed against your address, and banks will carry out extra-detailed identity checks on applicants for credit.

There are some basic steps we can all take to help avoid our identities being compromised. Many may seem to be obvious, but it is by dropping our guard that the fraudster ultimately will benefit.

Always take particular care of your handbag or wallet.  Don’t give thieves a chance.  Be especially careful with your credit and debit cards.  Try not to keep them together or have them all with you at the same time and never let them out of your sight.

Also, avoid carrying documents such as passports unless necessary and never keep in the same bag as your wallet.

Shred all documents when you dispose of them. These can range from credit card or bank statements to letters from doctors, employers and indeed anything bearing your full name and address or signature. Receipts can also be valuable to a fraudster, so take care to shred these too. A Cross cut shredder is better than strip cut shredder and you can find it for only £10 in WH Smith.

Examine your bank and credit card statements carefully. Keep all your receipts until you have checked each one individually against the statements. This will help you to monitor your account.

Check your credit reference agency file regularly for unfamiliar items and take prompt action if you spot anything strange.

Don’t forget to keep your home secure, and keep your personal documents locked away.  Increasingly it is these documents that are being searched for by burglars rather than TVs and computers. Theft or loss of documents such as your driving licence or passport should be notified immediately

Use CIFAS Protective Registration if you have personal documents stolen. Either contact the service on 0870 010 2091 or download details from www.cifas.org.uk/pr.  There is a small charge of £14.10.

Don’t give your personal details to callers, charity collectors or “researchers” in the street.  Check whether they are truly who they claim to be before giving them any information.  Be just as careful when taking telephone calls.  Fraudsters may try to dupe you into believing they are from banks or other companies. If you give them your account and security details they could run up huge debts in your name.

When buying online – keep your passwords secure at all times and regularly change your passwords. Make sure that you have up-to-date security software, and only use sites that provide secure payments and be sure you know who you are dealing with.

Avoid online bank or shopping transactions when using public wi-fi zones or shared computers.

Redirect ALL post when moving house or business address.

Now some advice from personal experience:-

1) Don’t throw your credit card receipts etc in high-street bins. Theives have access to them.
1b) Always hide your pin number when entering it, if card holder cannot be removed or has no cover to hide it then you can put hand while entering pin or can ask the shop where you are using it. Remember it is your right and you must use it !!
2) Throwing bank letters and all paper in your local recycling collection is a nice idea. But wait for the collection day. And try to leave it out there just before collection.
3) Atleast every 6 months check your credit file for £2 only. Credit file companies like experian and equifax are bound by law to give you your credit file for just £2. Nothing can prevent you more from fraud. Keep an eye on your credit file always.
4) Make an excel or google docs sheet of your credit card details and expiry of special promotions etc. If you loose walet, report all your cards stolen using this information.
5) Don’t write down your PIN or Internet Banking passwords anywhere. More advice on this in a section later in this article.
6) Keep an eye on your statements coming by post. Try to switch to paper-free statements for most accounts except one. (for visa application forms etc).
7) Always check your statement regularly. Those 2 mins spent on scanning it can save you loads of pain later on.
8) If you have lost wallet, debit cards etc or have become a victom of ID theft involving your bank account. Just using CIFAS Red-flag service would not give you 100% peace-of-mind. Best solution is close those accounts and open new ones. Because your Sort Code, A/c No can be mis-used in future for loan applications etc. If your personal email accounts are hacked too, don’t worry, hackers are usually not interested in your personal emails. They are only interested in money. So If you have a linked money-theft incident along with Id-theft then you can use the police report to get your yahoo/gmail account back from respective providers. They will need you to fax them the copies of your passport, utility bills etc.

9) If you have lost money from account because you were a victim of fraud, you are entitled to a refund. All credit card providers are also legally bound to protect you from losses which weren’t your fault or happened not because of your negligence. (Negligence includes not informing bank in time, writing down your PINS, sharing that information with a friend or relative, any relative even spouse)
10) Fraudster can damage your credit file big time, today, tomorrow or 10 yrs later. So always check your credit file every 6 months.. That’s the only sure shot protection.

About Electronic Fraud:-

Rule No 1) Always have a Good (and latest updated) Anti-Virus and Spybot Protection on your PC. My fav is “Avast Antivirus” and “SpyBot S&D” (works best when you are disconnected from internet, scan your whole system atleast 3 times). Windows Defender now known as Microsoft Security Essentials is also a free (basic, its not enough) tool from Microsoft. Although its not as good as SpyBOT S&D. The Incident which provoked me into writing this article was a result of carelessness in this department. Victim’s system was infected by a Trojan. These are deadly but totally hidden Programs which silently install themselves when you download those free lesser known sound/video utilties on net or programs which come through open ports in your broadband routers (without NAT firewall enabled) OR if your wireless network is not WPA Key protected and is open to all then a Music-Junkie teenager with a trojan/virus full of system can join your Local Network and your Router’s NAT firewall won’t protect you from trojan infection from that PC because it will be on Local/Home Network, so almost all the ports will be available to the trojan to replicate itself.
One of the primary purposes of Trojan is to wait for a chance to silently download and install a Key-Logger program from hackers’ temp-sites which appear randomly on net on random IP addresses. These programs then record everything you type in every webform and silently email all of it to hacker’s anonymous untraceable email-ids. So your email account passwords and internet banking passwords can all be collected at a silent and hidden server somewhere on internet and hacker would usually wait for a month or two to collect details of every important account you have and which you access through internet. Then one fine day, hacker will sit on a table with a 10-20 mins action plan to hack every important account, change passwords and transfer money etc. This all will be done in max 30 minutes while you might be sleeping or stylishly sipping wine with your 3-course dinner in a restaurant. Instalment one of the shock would usually reach first to you. That the email account which has your childhood memories and various personal secrets is hacked. Instalment two will be more shocking. That all the money in your bank accounts is gone in just 30 minutes..
These hackers are one step ahead of security agencies and usually work from the countries with poor laws for cyber crimes.. like Czech Republic, Iran, Russia.

What you can do to protect yourself from this crisis. (never compromise on below mentioned rules)

1) Download all windows updates regularly. If you use a Smartphone/Tablet, use protection softwares made for Smartphone/Tablet. Install a Free Anti-Virus like “Avast AntiVirus”, Spybot scanner like “SpyBot S&D” and some tool to scan the programs running in memory and detect the dangerous ones which are opening communication channels (incoming/outgoing) with internet servers. One of them, one bad day, could be a Key Logger. A good free a bit techie utility to scan your memory and report about this is “security task manager”.
2) Never have your home network unprotected/unsecured. Always have a WPA key protected network. Never join a unsecured (without password) network anywhere. Cafe, school, college.. anywhere.
3) Always keep atleast two different personal mail accounts. The personal one with secrets and stuff should never be accessed from internet cafes anywhere especially while you are holidaying. for ex in thailand or Prague. To share holiday pics and stuff, use another email account specifically made for this purpose.
4) Try to have Two laptops if you can. Never access internet banking and precious email accounts on laptop A. If you wish to download some random software with serial keys or torrent file from net, always download stuff first time on this one laptop A. And only install after making a RESTORE-POINT in Windows. (learn windows help for that – its pretty easy). After installing, wait for a week and see if any weird random popups appearing just by accessing google homepage.
If YES :- Then immediately disconnect that Laptop/system from internet and local network (switch off /disable wireless adapter). Uninstall that dubious program. Restore your whole system to last healthy working status- restore point. Clean your system with SpyBot S&D. Do atleast 3 scans. Connect it back on internet and keep a keen eye on it for another week.
If NO :- Scan your experiment laptop A with latest Anti-Virus and SpyBot S&D. If nothing is spotted then only after a week, copy the program/utility across to more precious PC/Laptop.
5) If your mobile gets stolen (which is easy), go to find your device option online for your smartphone (from google or apple) and reset the device remotely. Resetting will delete all the date.  Also change password of your main email account used on that smartphone asap by going to the apple/google site on laptop – this will also log out your accounts on that phone and from everywhere else.  You should also so the same with your facebook/twitter accounts
6) Never click on any link in an email which asks you to validate your bank account information, NO MATTER HOW MUCH GENUINE THE EMAIL LOOKED.
7) Never open attachment from people you don’t know. Infact whenever you download an attachment, utility from website or file coming thru a transfer-file feature of a chat messenger, even if its coming from a friend, always put it in one designated folder for downloaded stuff and scan the file with anti-virus software first before opening it. Any document including a JPG image can have virus/trojan/worm attached to it. Pls pls use a good anti-virus software to scan everything you receive/download. Never accept file from people in chat messenger whom you don’t know, as it makes a direct connection between two parties and by running a small command “netstat -n” one can find your IP address ( Your Computer’s Unique Address on Internet) and then if trojan/virush is installed on your PC then several hacking attacks can be done against your PC connected via that IP.
8) VERY VERY IMPORTANT:– Always check the URL-Address-link in your brower’s address bar. IT has to be a common-sense approved URL. First part of All the URLS should end in words like HSBC.COM/ Lloydstsb.com/ . There should be a “/” or “\” after .com or .co.uk. For Ex xyz.hsbc.com.netsecure.com/ will be a fraud site. Its actually a Netsecure.com domain name and xyz.hsbc is a subdomain which is pointing to a subfolder on that website where the hacker have put cloned (looking exactly similar) pages of HSBC’s internet banking site. Cloned pages will be 100% copy of a Bank’s online site. YOUR ONLY PROTECTION FROM THIS PHISHING FRAUD IS TO CHECK THE URL/Link Address IN YOUR BROWSER’s ADDRESS BAR. Don’t RELY ON FROM NAME OR FROM EMAIL ADDRESS. For scammers, Its just One line code/ 2 mins job to put any words in the FROM NAME/EMAIL tag of a phishing email. It might happen that you receive an EMAIL FROM A HSBC/HMRC ACCOUNT (CustService@HSBC.com – with a link in the email reading like http://bank.hsbc.com/ but when you click on it, the actual URL/linkaddress it takes you to, (yes the Link text shown to you and actual Link URL can be different words) could be http://bank.hsbc.com.netsecure.com/  or http://gov.uk.something.com/hmrc/confirmidentity which will be a phishing site. HENCE always check the URL/LINK address in your browser BAR that its Genuine website or not.
9) Most reputed companies/banks etc will use Https: (secured encrypted way of communication) on their login screens and also whenever an online funds transfer/payment is made. So always check for Https: in your browser’s address bar/URL bar whenever you are doing anything with internet banking or online credit card payments. Never enter payment details or credit card etc details on site which doesn’t show security lock next to the url/link in your broswer bar.
10) NEVER USE SAME PASSWORD FOR ALL YOUR BANK ACCOUNTS. Always have 2-3 memorable passwords (never use your DOB for any password). An easy way is to use a word-digit pwd combination. Keep the word same and in digits use the registration no of your bikes/cars/last 4-5 digits of your mobile no/any memorable year/Your Fav Bus no route twice etc etc. Always do insert atleast 1-2 special keyboard character like # , ~’ @, *, %,$ in your passwords. e.g. k1ckas55@3@4#5 Never use same password for all your email accounts. Again always have 2-3 pet passwords for different purpose email/facebook/twitter accounts. Always remember your security details incase you forget/loose your password so that you can recover it without any problem. Many people change there password but they have no way to recover it back in case they loose it. And always use a separate email/password for useless subscriptions and shopping websites on Internet. Usually your loginids and passwords are available to see in text form to the web developer of these small shopping websites and he can try that loginid/pwd combination on net on other shopping websites and can cause your losses. Never SAVE your card details ONLINE with any shopping website. And only shop from HOME PC. Never from an internet cafe. Not from a friend’s PC unless you know he has latest anti-virus and stuff installed. Better be safe than sorry. Don’t access critical accounts on any non-office PC except your Home-PC. Usually Office PC’s are monitored and maintained by an IT services company and are more secure than your average home-PC.
11. If you leave your PC unattended, always lock it as you never know what your colleague/flatmate may be doing on your PC (Just in case scenario). Its as easy as pressing Windows Key (on left of space bar) and “L” key, and locking a laptop like this takes just a fraction of second.
12. Always see what add-ons are active in your browser, you can find that in “Tools” tab in Internet Explorer/Edge and “Preferences” tab in Firefox and settings tab in Google Chrome. Many add-ons are dangerous too. Remove or Disable them If you have doubts about them.
13. Always clear your cache, cookies, browsing history BEFORE AND AFTER using a Friend’s PC or Internet Cafe PC for Anything. Options are given in any browser’s settings-> content or data privacy section. Never make an exception to this RULE Or a little carelessness here might cost you thousands of pounds.