As I went gift shopping over the festive season, I found that most adverts I walked past on the London Underground had QR codes.

I think most people are familiar with QR codes but if you aren’t;  QR (Quick Response) codes are a type of matrix barcode that companies add to adverts and posters that, if scanned using a QR reader on a mobile device, take you to a website for further information related to the advertisement or poster on which the QR code appeared.

QR codes were created and originally used by the automotive industry as an efficient way to track vehicles during the manufacturing process but they are now used widely as an advertising aid.

However, they are also open to misuse by criminals;

Imagine a wall of advertisements with their QR codes displayed.  Then imagine how easy it would  be for a criminal to stick their own QR rogue code over a bona fide one.  Someone quickly scanning the advert as they walk past probably wouldn’t notice that the original QR code has been tampered with and that they were potentially infecting their mobile device courtesy of a rogue QR code.

This type of attack on a smart phone is known as attagging.

We all need to be aware of these dangers and be vigilant when scanning QR codes for signs of tampering. 2d Code recently provided tips on how you can scan a QR code safely. One of the tips that they gave was to install an app on your mobile device. This gives an added level of security and helps to protect your stuff.

2d Code recommends using Norton Snap. This is a free QR code reader which functions as a typical reader and also provides the added benefit of security to the scan.  Norton Snap analyses web sites to see how they will affect you and your device before you actually visit that site.

You can download Norton Snap via iTunes or the Android market place.

QR is short for Quick Response  and if you act too quickly you could get a quick response you were not expecting.  Stay safe!

It’s that time of year again! The Boxing Day sales have begun and if you’re anything like me, then you’re probably sat back in your armchair, avoiding the queues and cold by finding the best bargains online. But just because you’re protected from the elements, doesn’t mean that you’re protected from cybercriminals.

This Boxing Day, cybercriminals will be looking for their own discounts. And our mission? We need to take steps to ensure that it’s not our possessions that they’re getting cheap!

So, here are my 5 tips for keeping your stuff safe this Boxing Day:

1. Always remember that if it’s too good to be true, it usually is – We all love a bargain and cybercriminals know this as well. Don’t fall for the cheap price tag – as free or discounted goods could end up being really costly. So if you’ve found the latest hot designer shoes, but for a tenth of the price, regardless of how nice they may be for your office Christmas party, they’re probably not real. Cybercriminals are experts at creating websites and making them look identical to your favourite brand sites. I therefore recommend that you only shop at reputable online sites and avoid getting your credit card scammed.
2. Beware of fake website links – Don’t try and save vital sales shopping time by clicking on links in an email which appear to take you to your favourite online store. Instead make sure you type the store’s address straight into your browser. This will help prevent you from becoming a victim of a phishing attack. Phishers use fake versions of voucher deals to get their victims to a fake version of your favourite shop’s website. Once you’re there they can steal your passwords, log-in details, credit card information, or even your whole identity.
3. Be suspicious – Even big brands can become victims of cybercrime attacks. Use Norton’s free online tool called Norton Safe Web which identifies and warns you about dodgy sites before you click on them in search results.
4. Protect your bank details – Always look out for the ‘padlock’ icon at the bottom of the browser frame when making a payment online. This symbol indicates that the website you are visiting uses encryption to protect you, so cybercriminals cannot capture your personal information. Never let a website ‘remember’ your credit card details, always retype them if you want to shop there again.
5. Check your statements – Always check your credit card statements as often as possible to look out for unexpected transactions. Everyone splurges at Christmas and impulse buys in the sales. It is therefore important to keep an eye on your card transactions. This also lets you know who is using your card and allows you to spot problems before they become difficult to resolve. Also, credit card companies offer consumer protection and if you get in touch with them they will work with you to manage any disputed or unauthorised charges.

This is quite an exciting week for my inaugural blog; Earlier this month, Norton by Symantec announced the availability of Norton Tablet Security and an update of Norton Mobile Security Followed by Get Safe Online Week which focused on threats to smart phones from rogue apps and malware .

This got me thinking about what the biggest threats to mobile users in 2012 will be.  I had a chat with Orla Cox, one of my colleagues in the Symantec Security Response Centre in Dublin and this is what she had to say;

Orla Cox;

“We’ll likely to continue to see an increase in attacks via mobile platforms. In the past year we’ve seen 40 new families of mobile threats.  This number will continue to increase over the next year.  At the same time, however, PC threats will continue to be most dominant, vector numbers wise.  We continue to add detection for 60,000 new threats every week”

I also asked Orla how she thought the  bad guys would be making their cash in 2012 and she pointed out that the increase in the use of mobile devices for financial transactions will continue to make them a more attractive target for criminals.  Using  smart phones or tablets to make payments means that users must store their credit card details on the phone, therefore we may see attackers creating malware that can steal that data. We may also see threats which follow the trend in Windows malware such as Rogue Antivirus software.

I know myself that the open and ubiquitous platforms are the most attractive for attackers and for that reason Android will likely continue to be the more attractive platform to attach.  If we see an increase in popularity for Windows Mobile-Nokia devices, then these too may become attractive to attacker. Apple iPhones and iPads will also not be immune from threats due to the millions now being used across the world. Indeed using any mobile device in an open wifi environment leaves a user open to other people capturing the data they transmit across the airwaves.

All this said, it remains more important than ever to be smart when using your smart phone and tablet.

As a minimum users should lock their phone with a pin code (you would be surprised just how many people don’t use this simple function on their phone).  This is a simple function that can save users a lot of hassle if their phone falls into the wrong hands.  At the other end of the scale, users can install mobile security on their mobile device. Caution should also be used when connecting to wifi hotspots.

Mobile devices are now mini computers and people keep their lives on them. How do you protect your device?

With the evolution of technology comes the development of a whole load of other things, including crime. Over the years crime in the virtual world – also known as cybercrime- has increased. Our own, Norton Cybercrime Report shows that cybercrime is a hundred times bigger than the annual expenditure of UNICEF.

What sets cybercrime apart from other crime is that it can happen to anyone, at any time, and often it involves your personal details – the information that you go at lengths to protect – being stolen.

Take Jacquelyn Moulds from Clapham, London. She had over £4000 go missing from her savings account. After contacting the bank she was told that she’d been the victim of a phishing scam; someone had obtained her bank log-in details, logged into her account and set up a new payment – there was no trace of who or where the money had been sent to.

The investigations carried out showed that Jacquelyn’s account details had been stolen whilst she was accessing her account online. When exactly they were stolen was unknown and because Jacquelyn accessed her account from multiple computers, it was difficult to pinpoint the exact time and computer her details were stolen from.

Luckily, Jacquelyn’s bank reimbursed her money, however, this is does not happen in all cases. It’s therefore important to be vigilant: use strong passwords, don’t click on suspicious emails or web links, only make payments on secure websites and of course get your computer or device protected.

Jacquelyn’s story is just one example of cybercrime. If you or anyone you know has been a victim of cybercrime, then get in touch and help us to increase the awareness of the risks of cybercrime.

The Internet is full of tricks and treats. It provides us with endless entertainment and opportunities to connect with one another, but it does also put us and our family in potential risk, 24 hours a day.

The recent Norton Cybercrime Report showed that online scams is amongst the top three types of cybercrime – even web-savvy adults fall for them! With little education, however, we can all learn methods to avoid such problems and stay safe.

But what about the children? How do we ensure that our kids stay safe online, without us peering over the shoulders? The same answer – education!

Whilst teaching kids to limit the information that they share with others and how to appropriately use security and privacy settings helps them to stay safe online, kids need to taught how to keep the door closed for the Internet’s bogeymen.

And how do we do this? Similar to how we teach our children the rules of trick-or-treating e.g. staying on the pavement, crossing the street carefully, avoiding unwrapped or homemade treats and coming home before it’s too late. We can teach children the internet’s equivalents:

1. Be careful about what they  click on – stick to well-known Internet sites and use search ratings tools like Norton Safe Web to avoid going to dangerous website

2. Teach your child never to respond to spam and to delete unwanted messages – Marian Merritt, Norton’s internet safety advocate, mentioned in a recent blog post that some of the most common scams that trick children are pop-up ads that:

• Promise you can easily win great prizes like a tablet or gaming system
• Claim to detect viruses on your computer and offer to clean them
• Offer to speed up your computer

3.  Use security software on all computers as well as mobile phones and tablets.

4. Set up unique and complex passwords and ensure that your children share them with you but no one else.

5. Talk to your child about Internet scams, misleading advertising, spam Instant Message or social network friend requests, and other online tricks you know to avoid but they may not.

This week is National ID Fraud Prevention Week, which got me thinking about an experience that I had on a recent holiday in Greece.

Whilst I was there I booked a sight-seeing boat trip with the Holiday Rep.  We were staying on a remote Greek island and so I wasn’t surprised that the Rep didn’t have a chip and PIN reader when she took  my payment. However, it did surprise me that she didn’t have one of those old-fashioned card swiping machines, the ones with the multi-sheeted carbon paper.  Instead she placed my credit card under the carbon paper sheets and rubbed over the credit card with the edge of a pen, brass-rubbing style – how very hi-tech!

It made me smile and in my relaxed holiday frame-of-mind I didn’t really consider how insecure this was or how easy it would be for my card details and signature to be captured.  Luckily, the Rep was totally trustworthy and my ID hasn’t been misused.

However, this isn’t the case for everyone. Research issued by Action Fraud has found that although 95% of the UK population is aware of the threat and risks of identity fraud, the number of victims is still rising. People continue to be careless with their identities and the average cost of these incidents to each victim is £1,190.  National ID Fraud Prevention Week is another reminder for us all to protect our offline and online identities.

Simple actions can help to keep you and your family secure:

• Don’t share your personal details with others
• Use a private computer when  shopping online
• Ensure that the website you’re using is secure (this is indicated by the padlock  and the “https://” before the URL)
• Use smart passwords (to find out what makes a smart password, take a look at this blog  by Symantec)
• And of course, always use an up-to-date internet security package.

The Stop ID Fraud website, prepared especially for this week, has a resource centre where you can download useful tips and advice on how to protect your  identity.  You can also use the Norton downloads, to keep your online stuff safe and protect your family and your possessions.

Imagine a world in which a hacker is not a stranger, but rather your neighbour. Now imagine that that neighbour has spent 18 hours a day on social media sites that you are present on, to work out your passwords and answers to secret question. And now imagine that the hacker has stolen over £35,000 from you.

That is the reality of today’s world. The Telegraph this week reported a hacking story that is different from what we are accustomed to. It showed how hackers no longer need to use code to gain access to a program or account, but instead they can monitor your online activities and view your conversations to gather enough data that will help them gain entry into your account.

For me, this story, once again, raises the question of how private the setting ‘private’ really is? You see, the story mentioned shows how an individual used the content of what his neighbours are sharing online, to work out passwords to online and offline banking accounts. It indicates how an innocent status update or comment can provide others with enough data to cause you harm and once again raises the issue of how it is important to consider what you are writing before you hit enter – it’s important to remember that there are a number of different people that will be reading what you write, and not to sound cynical, but not all of them will have your best interests at heart.

And so, my top three tips for keeping yourself, your data and your possessions secure are:

1. Ensure that the privacy settings on your accounts are up-to-date and only people that you want your data to be visible to can see what you have written.
2. Use strong passwords, ones that others will not be able to guess. One of our security response guys has posted an interesting blog on passwords.
3. Before hitting enter, invest a minute to review what you’ve written. Think about the information that you are sharing and what people can take from it. Also think about the connection between current and previous updates and how they can be manipulated if they are seen by the wrong pair of eyes!

It is alarming how often personal details are harvested by cyber-criminals looking to imitate, trick, or simply track unsuspecting internet users.

In the most unlikely places, personal information can be posted online without the person who the information is actually about even knowing.

So where are cyber-criminals finding this information?

A quick search online will provide a good starting point to get information on most of us; with the electoral role, land registry, and social networking sites all giving a powerful insight into our personal lives.

As if that’s not enough, blog sites, reviews, comments, and even pictures can provide an insight into our backgrounds, habits, and even personality.

We often get asked whether it really matters if someone can obtain an address, a photo, or date of birth, and the answer in short is yes! Whilst these snippets of information may be harmless on their own, if they are part of a larger profile on you, than it can become a very serious issue.

We were recently engaged to look after a new client who had fallen victim to online fraud:

Client X posted comments on an online forum complaining about a bad experience he had had with his mobile phone company. He used his real name and listed the town he was from. A cyber-criminal noted this information and tracked his details on the land registry and obtained his postal address and home phone number. The criminal sent Client X a very expensive phone bill posing as his mobile phone company, which looked completely legitimate. The phone bill related to calls made from America, and Client X became worried that he hadn’t been to America recently and his phone must have been used without his knowledge.

When he called the number on the letter (which he thought was his phone company), they admitted there indeed had been a mistake, and they would gladly “refund” Client X with the money. Keen to resolve the issue, Client X provided his bank details so that the “refund” could be made.

Unfortunately there was no refund, and Client X had been conned out of £3,500.

Whilst many of us may think that we wouldn’t fall for such an obvious con, legitimate looking emails or letters which contain personal information, and are from a service provider you currently use, can be very difficult to spot; so keep your eyes peeled.

Vigilante Bespoke provide digital security services to high-profile individuals in sport, entertainment and commerce. For further information visit: www.vigilantebespoke.com

The factual narrative is enlivened by focusing on the story of two individuals who have battled against the rise in cybercrime. Barret Lyon, a computer whizz who unwittingly became embroiled in protecting legitimate and illegitimate businesses against attacks. Andrew Crocker is a British detective, who in working for the National Hi-Tech Crime Unit in the UK, went to Russia to track down and prosecute hackers and to find out who they ultimately worked for. 

The books offers great insights into how cybercrime works, who is involved and why it is being used. It is truly shocking and thought-provoking, in equal measure.

Zoe Kleinman has brought an interesting perspective to all of this with an article she has written on the BBC News site. In her piece she referes to research to be presented by Dr Kieron O’Hara of  Southampton University, wherein,  he calls for people to be more aware of the impact on society of what they publish online.  Privacy law is driven by a concept of a reasonable expectation of privacy. As more of our private lives have moved online, either intentionally or not, then the expectation of privacy has changed. What is normal now? The bottom line is that, with more people putting ever more private information out there, then we not have the level of legal recourse that we think we have. However, we are part of the community and our actions do ultimately drive the social norm. Hence, the solution is down to us and what we ourselves do on-line.