Over two-thirds of smartphone users are leaving themselves vulnerable to opportunistic identity fraudsters, experts at GetSafeOnline.org are warning today.

67% of people accessing the web from their mobiles do not use the password or PIN function to secure their handsets - the first line of defence against fraudsters looking to harvest valuable identity information from lost or stolen devices, reveals the latest research [1] from the UK online security initiative.

Rapid growth in the use of smartphones [2] - the new generation of mobile phones with internet access - along with the applications that allow web users to bank, shop and social network on the move, mean that the online identity fraud risks associated with personal computers and laptops are becoming increasingly relevant to mobile handsets.

Combined with all the other information they store – home telephone numbers, family names and personal emails, for example – smartphone users can be particularly vulnerable to fraud if the device falls into the wrong hands.

Cabinet Office Minister, Angela Smith said: “More and more of us are using the internet when out and about. People often ensure their home computer is secure but forget to take the same measures in protecting their mobile phones.

“All of us need to take extra care when using the internet including when accessing it on our mobile phones. Get Safe Online.org provides simple, easy to use advice on how to protect yourself, your family and your business– whether going online at home or on your mobile,” she added.

Tony Neate, managing director of GetSafeOnline.org, explains: “Smartphones are a great way to make the most of the web and it’s easy to see why they are so popular. However, users must remember that they are essentially carrying around a tiny laptop with a wealth of personal information that is very attractive to fraudsters.”

“For instance, a quick look at your Favourites or browsing history can easily reveal where you bank and shop. Many social networking and other applications also use cookies [3] to ‘remember’ personal information such as log in details - meaning that if someone else had your handset, they can access and use your profile without needing to know your password. In addition, if you synchronise your handset with a PC at home, they’ll be able to access all of that information too,” Neate continues.

Get Safe Online’s research indicates that as many as 1 in 5 (20%) smartphone owners have lost or had their handsets stolen. “The frequency with which many of us upgrade or replace our phones means that we often don’t value or look after them in the same way as we would if we lost a laptop. However, as far as fraudsters are concerned, it’s what is actually on your phone that counts more than the handset itself. This is why basic measures such as using the PIN function are so important,” explains Neate.

Jack Wraith, Chair of the Mobile Industry Crime Action Forum (MICAF), adds: “The significant take-up in smartphones makes anti-theft and other security measures ever-more critical. From the individual user to large organisations, we all have an important role to play in making sure we don’t make life easy for fraudsters. As such, we very much welcome today’s advice from Get Safe Online, which reinforces the steps being taken by law enforcement, Government and the mobile phone industry to stop criminals in their tracks.”

Get Safe Online’s research also found:

• over 1 in 4 (28%) internet users use a smartphone to access the internet, rising to 50% amongst 18-24 year olds. Of these:
• 71% use their phones to send emails or use messaging applications
• 56% view and update their social networking profiles
• 1 in 5 (20%) synchronise their handsets to a personal computer
• almost 1 in 5 (19%) use their mobiles to make purchases online
• over 1 in 6 (16%) manage their finances, including banking and paying bills
• 1 in 5 (20%) have had their handsets lost or stolen

Get Safe Online’s top advice for safer surfing on the move is:

BE PASSWORD SMART

• Use the PIN or passcode function to secure your handset. Don’t rely on the default factory settings - create a combination that won’t easily be guessed by others, and set your device up so that it automatically locks if you haven’t used it for a few minutes
• Make sure any application you use does not store your log- in details or allow automatic log-in
• Never store reminders of your logins and passwords in your contacts or in texts

GUARD PERSONAL DETAILS

• Think twice about any personal information you store on your phone. 59% of smartphone owners admit that they store their home telephone number as ‘Home’ in their mobile device – determined fraudsters may call the number, purporting to be someone else, and use the conversation to find out more details about you
• Think carefully about what information you share online and how it could be misused. Your smartphone holds a great deal of personal information in a single place, making life very easy for fraudsters. So, it’s not just about what you put on your social networking profile, but also that it’s probably easy to work out who you bank with, where you’ve recently made transactions, the names of your family and to glean other details from emails or other documents

STICK WITH REPUTABLE SITES & APPLICATIONS

• The small form factor on mobile browsers can make it more difficult to spot fraudulent websites so it’s critical to make the relevant checks – for example, keep an eye on the URL to make sure you are not be diverted onto other sites
• Mobile banking can be a very efficient way to manage your finances, but only use applications written and published by your bank. Avoid third party tools and make sure you follow the password advice above

PROTECT AGAINST MALICIOUS SOFTWARE

• Watch out for prompts or warnings asking if you want to allow software to install or run – if you don’t know what it is or what it relates to, err on the side of caution. Mobile handsets are relatively secure devices, but criminals get around this by trying to dupe users into downloading malicious software themselves (often referred to as ‘social engineering’)
• If you’re accessing public wireless networks, turn off the Bluetooth connection when you’re not using it to minimise the risk of infections or interception. Overall, using your 3G network is a much more secure option.

REMEMBER IT’S NOT ‘JUST A PHONE’

• Treat your smartphone like your wallet - keep it safe and on your person at all times
• Think of your smartphone as a computer – all the same security rules apply. This includes checking the authenticity of websites, not clicking on links from people you don’t know, and watching out for phishing scams (by email, text or even voicemail) asking for personal information. Visit www.getsafeonline.org for more information on how to protect yourself against identity fraud
• If you decide to recycle your phone, make sure you delete all your personal information first - most handsets have a ‘reset to factory settings’ option in the menu. And don’t forget to remove or wipe any inserted memory card too.

BE PREPARED FOR LOSS OR THEFT

• If you lose your phone or it is stolen, report it to your network operator immediately so it can be disabled. If you find it again, your network operator can easily re-enable the phone.
• Register your smartphone on the Immobilise National Property Register (www.immobilise.com)– if it gets recovered by the police after being lost or stolen, there’s a better chance of it being reunited with the rightful owner

Notes to Editors:

[1] Unless otherwise stated, all figures are taken from the 2009 Get Safe Online Survey, independently carried out by ICM Research during October 2009. The survey interviewed 1,520 adults over the age of 18 with access to the internet.

[2] Based on the Gartner report, Competitive Landscape: Mobile Devices, Worldwide, 4Q09 and 2009, published on 23 February 2010, which stated smartphone sales during the fourth quarter of 2009 totalled 53.8 million units, up 41.1 per cent from the same period in 2008. In 2009 overall, smartphone sales reached 172.4 million units, a 23.8 per cent increase from 2008.

[3] A cookie is a small text file that enables websites to ‘remember’ individual web users when they return to the website. Many allow users to store their password details so that they don’t have to log in every time they visit a particular site.

About the Mobile Industry Crime Action Forum

The Mobile Industry Crime Action Forum (MICAF) is a forum for the exchange of information and the promotion of a united effort against criminal activity in telecommunications. The Forum seeks to raise awareness of crime issues affecting the industry or impacting on its customers and suppliers. It helps identify and develop effective counter-measures to telecom crime, as well as developing procedures to combat mobile phone-related crime in the UK. Its members include Vodafone, O2, T Mobile, 3 UK, Orange, BT Mobile, Phones 4 U, Carphone Warehouse and Virgin Mobile. MICAF also endorse the Immobilise campaign for consumer registration (www.immobilise.com). For further information, visit www.micaf.co.uk.