Safe and secure online, on holiday – Kaspersky Lab official blog

Hopefully, you’ve read our advice on researching and booking holidays and other travel safely and securely. But have you thought about how to keep yourself protected online while you’re away, whether it’s the annual family holiday or a short break?

Whether you’re basking in the sunshine or enjoying the snowy slopes, it can be easy to forget that your online safety is as important as your sunscreen or goggles. So we’d like to offer some simple advice to help ensure that when it comes to being online, you’re as safe when away as when you’re at home.

Look after your mobile devices

The great thing about smartphones and tablets is that they’re small and portable. The downside to this is that they’re easy to lose, and easy for someone to steal. The consequences of this happening in your own country are bad enough, but if you’re abroad, you face additional inconvenience, expense and, often, upset.

When you’re out and about – especially in city centres – keep your phone or tablet close to you and get it out only when you have to in a safe place, to answer a message or check the map. Don’t leave it unattended in cafes, bars or public transport, and if there isn’t a safe in your hotel room, we recommend you take it with you.

And remember that apartments, villas, ski lodges or caravans all make attractive targets for thieves, so take care here as well.

Wi-Fi hotspots

When you’re on holiday – just like when you’re at home – there’s nothing easier and more convenient than being able to connect to Wi-Fi in your hotel room, the café or a bar. You can keep up with your friends, check the news, catch up on your email (uh oh, you’re meant to be relaxing!) and check your bank account.

But have you considered if that hotspot is secure, and what information you might be revealing inadvertently?

If you’re doing anything private online such as banking, paying for something, logging into a shopping site or confidential email – our advice is: don’t do it using a Wi-Fi hotspot, but use your data (remember, roaming is cheaper these days) or a mobile dongle.

This is because with hotspots, you have no guarantee that the connection is secure, so there’s a chance that it could be eavesdropped on orhijacked. Even if you need a code or your email to log on, it’s not worth the risk.

Social media

When you’re having a great time on holiday, there’s nothing quite like sharing it with posts and photos on your favourite social media platform, right?

Right, but the problem is, you can never be sure who’s going to end up seeing what you’ve posted and these days, social media has become the best friend of both burglars and fraudsters.

Advertise that fact that your home is unoccupied – even if it’s only for a weekend break – and you’re risking having it broken into. This isn’t uncommon, and even high-profile celebs have fallen victim. Insurance companies are now refusing to pay out if they find you’ve posted that you’re away so surely this, combined with the thought that somebody could be going through all your belongings while you’re away, would make you think twice.

We mentioned fraudsters using social media too, and this one affects your workplace. It’s become commonplace for fraudsters to combine the fact that you’re away on holiday with other snippets gained on LinkedIn or a sly phone call to defraud your business. They’ll impersonate a supplier, the bank, HMRC or – if you’re a senior exec, you – to extract money out of an unwitting colleague. You can only begin to imagine the consequences.

In conclusion

We want to you relax and enjoy your break and be able to enjoy your online experience seamlessly and safely while you’re away too. Following this practical holiday advice and the other online safety basics on our website, that shouldn’t be a problem.

Have a great time!

Source: Safe and secure online, on holiday – Kaspersky Lab official blog

Record number of fake HMRC websites deactivated – GOV.UK

HMRC has removed more than 20,000 malicious websites during the past year, but warns people to stay alert to the threat from online fraudsters.

placeholder

New figures show that HM Revenue and Customs (HMRC) requested a record 20,750 malicious sites to be taken down in the past 12 months, an increase of 29% on the previous year.

Despite a record number of malicious sites being removed, HMRC is warning the public to stay alert as millions of taxpayers remain at risk of losing substantial amounts of money to online crooks. The warning comes as Scam Awareness month, run by Citizens Advice, draws to a close.

HMRC has brought in cutting edge technology to tackle cyber-crime and target fraudsters. However, the public needs to be aware and report phishing attempts to truly defeat the criminals. Today (30 June 2018), ministers are urging people to take action to protect themselves as well.

Genuine organisations like banks and HMRC will never contact people out of the blue to ask for their PIN, password or bank details. So people should never give out private information, download attachments, or click on links in emails and messages they weren’t expecting.

People should forward suspicious emails claiming to be from HMRC to phishing@hmrc.gsi.gov.uk and texts to 60599.

They can also contact Action Fraud on 0300 123 2040 to report any suspicious calls, or use its online fraud reporting tool.

Treasury Minister Mel Stride MP, the Financial Secretary to the Treasury, said:  “The criminals behind these scams prey on the public and abuse their trust in government. We’re determined to stop them. HMRC is cracking down harder than ever, as these latest figures show. But we need the public’s help as well. By doing the right thing and reporting suspicious messages you will not only protect yourself, you will protect other potential victims.”

The most common type of scam is the ‘tax refund’ email and SMS. HMRC does not offer tax refunds by text message or by email.

HMRC has also been trialling new technology which identifies phishing texts with ‘tags’ that suggest they are from HMRC, and stops them from being delivered. Since the pilot began in April 2017, there has been a 90% reduction in people reporting spoof HMRC-related texts. This innovative approach netted the cyber security team with the Cyber Resilience Innovation of the Year Award in the Digital Leaders (DL100) Awards.

In November 2016, the department implemented a verification system, called DMARC, which allows emails to be verified to ensure they come from a genuine source. The system has successfully stopped half a billion phishing emails reaching customers.

HMRC has also saved the public more than £2.4 million by tackling fraudsters that trick the public into using premium rate phone numbers for services that HMRC provide for free. Scammers create websites that look similar to HMRC’s official site and then direct the public to call numbers with extortionate costs. HMRC has successfully challenged the ownership of these websites, masquerading as official websites, and taken them out of the hands of cheats.

HMRC is working with the National Cyber Security Centre to further this work and extend the benefits beyond HMRC customers.

Source: Record number of fake HMRC websites deactivated – GOV.UK

Met Police chief: Social media leads children to violence

The UK’s top police officer has blamed social media for normalising violence and leading more children to commit stabbings and murders. Met Police commissioner Cressida Dick told the Times social media sites “rev people up” and make street violence “more likely”. Fatal stabbings in England and Wales are at their highest levels since 2011.

 What can parents do about social media leading children to violence?

Parents can remind the children and young people in your care that…

  • Smartphones are everywhere. It is really easy for someone to take a photo or video of a young person involved in something spontaneous like a fight and share it with others online. This can have a permanent effect on their online and offline reputation. How would the video or image be viewed by a future employer or university recruiter?
  • Drama between friends can seem so important at the time, but in a few weeks, they’ll look back and won’t remember why they were so concerned about it.
  • If they hear plans of a fight, or something similar, spreading across their social media feeds, they should let an adult know about it. They won’t get into any trouble.
  • It can be easy to get irate and self-righteous on social media and become caught up in an unhealthy group mentality. It could be because of someone’s comment that they found offensive, or to fight for a collective cause. But things aren’t always as they seem – often comments only seem offensive after being taken out of context, for example.
  • When you’re part of a group, it’s easy to join sides and become aggressive. Advise your child that things can quickly escalate and move into the territory of group attacking or bullying.
  • Young people should be encouraged to think before they post on social media, and be reminded that silly comments they’ll probably regret in the future can have a permanent effect on their online reputation.

What If your child has been involved?

  • If you find out your child has been involved in a fight, the first thing you’ll worry about is whether they’re physically OK. After you’ve established that, you’ll need to have a serious conversation with them about why they got into a fight. Try not to seem too accusatory, or upset, as this may prevent them from opening up to you. As always, making sure all lines of communication are kept open is a priority with this kind of issue.
  • If there is footage of your child in a fight – whether they’re the perpetrator, or the one being targeted – it isn’t something you want online for other people to see. Find out who posted the content, and ask them to take it down. If the incident is linked to school, they can help you do this. If the person who posted the content is unknown, contact the social media platform to ask them to take it down. Find out how here (link is external).
  • It may be that you can’t control the spread of the footage. If that is the case, support your child. As with all bad experiences, there are lessons to be learnt. Make a plan together of how they will avoid situations like this in the future. Good plans usually focus on getting rid of negative influences and avoiding high risk situations. Discuss with them how they can spend more time on positive friendships and activities.
  • If your child sees this sort of content on social media and tells you about it, remind them that this sort of violence is never acceptable, even if it is a joke or prank and the chances are that somebody has got hurt. Encourage them to always report the content to their school, as well as the social media network they’re using. Instagram in particular has a very strong stance against bullying.
  • Both resorting to physical aggression as a way of dealing with a problem, or fighting just for the ‘fun’ of it, may point to a deeper emotional issue. You may want to ask them if there’s anything else in their lives that’s worrying them. Remind them that it’s very important they find other ways of dealing with problems, such as communication, negotiation and compromise, as carrying this violent behaviour into adulthood could get them into serious trouble in the future.

You may feel your child needs professional help with anger or other problems. Young Minds has some good advice (link is external) on anger, aggression and violence in young people and what parents can do to help their children.

What does the National Cybercrime Security Centre (NCSC) think of password managers?

 People keep asking the NCSC if it’s OK for them to use password managers (sometimes called password vaults). If so, which ones? Who should use them – private citizens, small businesses, massive enterprises? And how should people use them? Is it safe to put all your crucial passwords into a password manager, and forget trying to remember any at all?

This is a big topic, so we’re chunking it up. This blog explains what I think about password managers in general, and how I use them myself. This might be helpful if you’re an individual deciding whether and how to use a password manager for your personal use. If you’re looking for business use, this blog post won’t hold all the answers you need (look out for more from the NCSC on this soon).

Should I use a password manager?

Yes. Password managers are a good thing.

They give you huge advantages in a world where there’s far too many passwords for anyone to remember. For example:

  • they make it easy for you to use long, complex, unique passwords across different sites and services, with no memory burden
  • they are better than humans at spotting fake websites, so they can help prevent you falling for phishing attacks
  • they can generate new passwords when you need them and automatically paste them into the right places
  • they can sync your passwords across all your devices, so you’ll have them with you whether you’re on your laptop, phone or tablet

All these things are full of win. They reduce security friction – making security easier and more convenient.  If security is difficult, tedious, appears to add no value or gets in the way of the main task we’re trying to do, then we tend to find (insecure) ways around it. And then we end up less protected.

Well, that all sounds great. Where’s the catch?

You might be thinking “If password managers are this good, why haven’t you recommended them before now?”

Well, they do have some drawbacks:

  • Password managers are attractive targets in themselves. They’ve been successfully attacked in the past, and realistically they will be again. So all your passwords could get stolen in one go.
  • If you forget the master password for your password manager, you will not be able to get back in. You will have to try and access all your accounts individually, or recreate/reset them from scratch. This will hurt.
  • You can’t use them for everything. Some service providers (such as certain banks) don’t support the use of password managers. If you tell them you’ve put your banking passwords into one (or written them down in any way at all) they might not give you your money back if you are the victim of cyber crime. If your bank is one that takes this stance, you’ll need to think about how you’re going to manage critical passwords without writing them down. On the brighter side, this is much easier to do once you’ve got most of your passwords out of your head and into the password manager.

Should I use a browser-based password manager?

Many web browsers now come with password managers built in, and they can be a very good choice. They are very convenient to use, as they are fully integrated with the web browser – so they know when you’re on a website that needs a password, and they just pop up and do their thing. You don’t even have to remember a separate master password. So feel free to use the built-in password manager, provided that:

  1. You keep your web browser up-to-date.
  2. You have some kind of access control on your device such as a PIN/password/biometric
    …two things you should be doing anyway!

One drawback with browser-based password managers is that your passwords may not automatically sync between all your devices if these use different operating systems. So, if you have a Windows laptop, an iPad and an Android smartphone, your passwords may not follow you around everywhere – unless you use the same web-browser on all your devices and log into it. Also, if more than one person uses a device on the same user profile, they would all have access to the same password-protected content. You may not want that.

Should I use a standalone password manager?

Compared to browser-based managers, standalone password managers tend to do a better job of keeping your passwords available to you on all your different devices, no matter what platform they’re on. They give you a little more control over when and where you use your passwords, as you get to press a button to say ‘I want to use the password please’, rather than the web page in the browser requesting one when it feels like it. Importantly, with a standalone password manager you do have to create and remember a long master passphrase (unlike with a browser-based one). Standalone password managers may also include more advanced features, such as:

  • notifications about compromised websites
  • flagging up reused or weak passwords
  • prompting you to change old passwords*
  • helping you change passwords for some websites, by integrating with your browser
  • multi-factor authentication

How do I do this, then?

As with many things, there are lots of different ways of going about this. This is what I do myself:

  1. First, try and cut down the number of passwords in your life, and reduce how much you rely on those passwords to prove who you are. Use multi-factor authentication or single sign-on where available. For infrequently-used passwords, use a password reset mechanism when you need to log in (instead of making any attempt to recall or store the password). But take really good care of the email account that the password reset emails are sent to.
  2. Consider biometrics. Fingerprint readers on smartphones are generally good enough to protect your phone and the data on it, and they are very usable. So feel free to use them. Turn on encryption (if it’s not already on) for extra protection.
  3. Decide whether to use a browser-based or a standalone password manager. Personally, I use both, for different things.
  4. If you use a standalone password manager, make its master passphrase the best you possibly can. We suggest a passphrase rather than a password as it’s much easier to make it really long, and adding length gives much more protection than adding complexity. Make it hard for someone who knows you to guess in 20 attempts, and make it totally different from any password or passphrase you’ve ever used anywhere else.
  5. Memorise your passphrase. Yes, you really do have to, sorry! If it helps, write it on a piece of paper until it’s firmly lodged in your memory. Keep the piece of paper very safe, and destroy it when you’ve memorised the password.
  6. Don’t put any work passwords into your personal password manager unless you’ve got permission from your employer.

Finally, think about how important each password is to you for each account. If someone discovered this password, would it result in

  • your life being ruined?
  • your bank refusing to refund any lossesIf the answer to either is ‘yes’, then I wouldn’t put it in a password manager. For these cases, a password shouldn’t be the only thing that the security of your account rests on. So look at extra defences such as multi-factor authentication.

For other, less important accounts, having the password stolen might be massively inconvenient, but there would be no real permanent damage done. Passwords for these accounts should be OK to go into your password manager. Some accounts have very low value. For instance, an online forum that requires a password, but doesn’t actually hold any personal information you care about. These passwords can be stored in a password manager without a second thought.

A future without passwords?

Long-term, I think the success of password managers shows  – yet again –  that password-based authentication has outstayed its welcome. Passwords are supposed to be ‘something you know’, but now we’re saying the best way to manage them is not to know them (because your password manager knows them all for you). Passwords have taken us a long way, but now it’s really time to move on. The NCSC is working to help us all reduce our reliance on passwords, and to move towards a future where we make greater use of better, more secure, more usable authentication mechanisms instead. In the meantime, we’re also working on some guidance on how best to use password managers in organisations – look out for this soon.

Password managers are a good thing – for now. But we hope not forever.

Source: What does the NCSC think of password managers? – NCSC Site

The top 8 frauds to watch out for in 2018

A new report from NatWest has identified the top ways they expect fraudsters will try and get their hands-on people’s cash in 2018. NatWest has worked with research agency The Future Laboratory to analyse data from the last 18 months to predict eight frauds expected to emerge in 2018.

Eight scams to watch out for in 2018 

  1. Social media spying. People might not realise how much information they are giving away, but to a fraudster the posts can be very helpful in setting up a scam.
  2.  Malicious software on smartphones. It is expected that malware or malicious software threats will grow among mobile devices.
  3. Bogus Brexit investments. Consumers should be wary of fake investment opportunities. For example, fraudsters may email customers, warning Brexit will affect their savings, and that they urgently need to move them into a seemingly plausible, but actually fake, investment product.
  4. Fraudsters preying on World Cup excitement. Some fraudsters will sell football tickets that are either fake or will never arrive. It is also expected that “package trips” will be offered by fake travel companies. Always buy tickets from a reputable source.
  5. Money mules. Mule recruiters may trawl social media for potential targets, particularly cash-strapped students in university towns, and use them to inadvertently launder money. Money mules receive the stolen funds into their account, they are then asked to withdraw it and send the money to a different account, often one overseas, keeping some of the money for themselves.
  6. Wedding excitement. Experts fear couples could be easy prey for fraudsters who tempt victims with extravagant offers at bargain prices. Fraudsters can set up fake websites for elements of the big day like venue hire, catering, or wedding dresses that appear very realistic. Fake wedding planners will take people’s money and then disappear.
  7. Romance scams. Criminals create fake profiles to form a relationship with their victims. They use messaging to mine victims’ personal details to use for identity fraud. Or, just when the victim thinks they have met the perfect partner the fraudsters asks them for money.
  8. Scams aimed at first-time buyers. Computer hackers monitor emails sent by a solicitor to a first-time buyer and then they pounce, pretending to be the solicitor and telling them the solicitors’ bank account details have changed in order to steal cash.

Julie McArdle, NatWest security manager said: “Scammers are dogged in their attempts to get their hands on people’s money and are always looking for new ways to get ahead. This means banks and customers need to evolve alongside scammers too. By being aware and staying ahead of scammers, we can stop them winning and keep the country’s money safe and secure.”

If you think you have been a victim of fraud you should report it to Action Fraud by calling 0300 123 20 40 or by using the online reporting tool.

No excuses: how to tighten up your online security in 10 minutes | Cyber Aware | The Guardian

It’s one of those “it’ll never happen to me” things. Sure, we’ve all got a friend whose cousin had their identity stolen online, but cybercrime is so uncommon, isn’t it?

Not according to an Office for National Statistics survey. There were 3.7 million victims of fraud and computer misuse in the year ending September 2017, meaning you are 35 times more likely to encounter it than robbery. The good news is there are very simple things you can do to tighten up your online security right now, according to the government’s Cyber Aware campaign, which has been set up to help the public and small businesses better protect themselves from cybercrime.

Don’t say ‘remind me later’ to updates
It’s tempting to flick away a software or app update reminder, telling yourself you’ll do it tomorrow, but updates are crucial to help protect devices from viruses and hackers. They’re designed to fix weaknesses in software and apps that hackers could potentially take advantage of. Set up your devices so updates are done automatically or, even better, at night when you’re sleeping.

Pa55word! is not gonna cut it any more
Cyber Aware says passwords are prime territory for hackers – so it’s high time you gave up using your dog’s name. Make sure you use strong, separate passwords for your most important accounts like your email, so that if hackers do manage to steal your password for, say, your fitness app, they can’t use it to access your banking app. Try using three random words which you can supplement with numbers and symbols, for example, 4wartschickenbath32£.

You should also use two-factor authentication, when available, to protect your email account, a handy tool to give it an extra layer of security. New research from Experian and Cyber Aware reveals that over half of all those surveyed aged 18-25 reuse their email password for other accounts – putting their cybersecurity and identity at risk. As a result, they’re urging Brits to help protect their email accounts from hackers with a strong and separate email password through the just-launched #OneReset campaign.

Set up screen locks
Did we say dead simple? Yes, this is about as easy as it gets in making your online security watertight. All devices should go to lock mode when you’re not using them. Pins, patterns or passwords to unlock them shouldn’t be easy to guess, like 1, 2, 3, 4 or an L shape (we’ve been through this, you’re better than that).

Back up, back up, back up
The one golden rule of smart online behaviour is to back up your data regularly. If your device is infected by a virus, malware or is hacked, you may not be able to access your data as it could be damaged, deleted or held to ransom. Use an external hard drive or the cloud to save copies of your photos and documents, but make sure the external hard drive is not permanently connected to the device – either physically or over a wifi connection – as it could become infected too.

Not all wifi is created equal
We all love a bit of free wifi, but be careful about using public hotspots to transfer sensitive information like credit card details. Hackers can set up networks, enabling them to intercept information you’re sending online. So it’s best to do your online banking and shopping on a trusted network.

‘Jailbreaking’ is a no-no
Here’s one for the more tech-savvy. “Jailbreaking” or “rooting” your smartphone means disabling software restrictions set up by the manufacturer so you can download apps and tools which aren’t available through official app stores. Doing so leaves your phone vulnerable to malware and invalidates the warranty of the device. You will also stop receiving software updates, which, if you’ve been paying attention, is bad news.

Spot the imposters
Cybercriminals can set up fake websites that look very similar to the real thing, in an effort to get you to share sensitive information such as your bank details. There might even be a padlock or “https” in the address bar but check thoroughly for misspelled names, and logos and design features that don’t quite look right. Wherever possible, type the address of the website directly into the browser yourself, or find the website using a search engine. If you notice something is up, get out quickly.

Resist the urge to open suspicious links or attachments
Haven’t heard from your cousin John in eons and he’s now sent an email with a link to win a free iPhone? Back away. Even if something arrives in your inbox supposedly from someone you know or a company you trust, it could be fake. Never respond to suspicious or unexpected emails, as this will let the sender know your email address is active. Flag it as spam and send it to trash where it belongs.

For advice on simple ways to be more secure online, visit the Cyber Aware website

Source: No excuses: how to tighten up your online security in 10 minutes | Cyber Aware | The Guardian

Seniors & Cyber Crime – 5 Tips to Protect Yourself Now

Definition: hacker [ˈhakər] a person who uses computers to gain unauthorized access to data.

Decades ago, hacking used to be something of a joke. A tech nerd living in their parents’ basement would see if they could gain access to the CIA or send a digital virus around the world. But today, it’s much more pervasive and sinister.

“This is now organized crime and their intentions are financially motivated,” says cyber security expert Daniel Tobok, CEO of CytelligenceTM. “They want to make money and they want to steal money.”

Tobok says although we’re all vulnerable to cybercrime, seniors are much most at risk. “They understand how to protect themselves from a bad guy at the door, they don’t always understand that the person pretending to be your friend on Facebook® could be a hacker trying to steal your information, access your computer to obtain your financial information and so much more.”

“I think everybody can be dumb at times,” says Dr. Tom Keenan, author of Technocreep. “People are generally pleasant, but if a weird, creepy person came up to you in the park and started asking you about your medical history and stuff like that and offered you a free magazine, you’d probably run the other way.” Yet when it comes to giving free information away on social media, we’re sharing too much.

Awareness is the Key

Tobok stresses that education, awareness and being cautious, even a little paranoid, is healthy and could prevent half of cyber security issues.

Phishing

Phishing is a major point of entry for criminals. This is where you’re sent an email, text message, Facebook message or more asking you to click on a link, open up an attachment, change your password etc. The emails can look very real, like they’re coming from your bank, a friend, the government or a retailer – but they’re not real. They’re coming from criminals. And with our busy lifestyles, it’s easy to not pay attention and accidentally click on something you didn’t mean to. However, that one misstep can allow hackers to see everything you’re doing on your computer. If you went to their fake website and entered in your personal information, they now have that info, too.

5 Tips to Protect Yourself Now

  1. Never give any personal information over the phone, email, text or social media to anyone.
  2. Don’t click on jokes, attachments or links that you aren’t 100% sure are authentic.
  3. Use antivirus software and make sure your computer, smartphone and tablet are up-to-date.
  4. Don’t use free WiFi – especially if you’re checking your online banking or using your credit or debit card to purchase something online.
  5. Be careful using free apps, games and software – they’re free for a reason and could be using your computer, phone or tablet to track you, install malware (malicious software) or gain access to your sensitive and financial information – or worse.

If you have a smartphone, it may not feel like it, but you have a very powerful computer in your hands. You need to know how to protect yourself while using it.

We are the Cyber Champions

The certification of 21 new Cyber Champions has followed an event staged by Nuneaton & Bedworth Neighbourhood Watch Association (N&BNWA). All are active volunteers in their own localities serving their neighbours by helping protect them from harm.

When it first started in 982 its focus was very much on enabling neighbours, by banding together and working closely with their local police, to protect themselves from the impact of threats such as burglary, criminal damage and vehicle crimes. How things have changed! Although those original threats have not gone away the greatest current threat is cybercrime.

Responding to this developing threat began in earnest by N&BNWA followed a challenge issued at its 2015 AGM by then Deputy Police & Crime Commissioner Dr Eric Wood – “…… and what are you going to do about it?” We began by making use of DISC (Database & Intranet for Safer Communities) to improve the efficacy of our communication network.

This was followed in 2016 by the organisation, in conjunction with NW colleagues from across Warwickshire, of a Combating Cybercrime Conference. Its aim was that each of the five district NW associations would be able to develop and implement and effective action plan.

By early 2017 N&BNWA had developed and adopted a Combating Cybercrime Policy supported by an operable, rolling action plan. Alert messages and advisory cybersecurity information items are posted regularly on DISC, on Twitter @NunBed and on website www.nbnwa.net Very recently the launch of a Nuneaton wide network of interlinked, closed Facebook groups has considerable enhanced capability to successfully deliver the Combating Cybercrime Action Plan.

And following the Community Champion’s event, so excellently facilitated by Warwickshire County Council Cybercrime Advisor Sam Slemensk, N&BNWA now has a cadre of up-skilled volunteers to support the delivery of the action plan

Lock Snapping & How to Prevent It

Lock Snapping is a method used by home invaders which involves snapping a particular type of lock cylinder, allowing the burglar to quickly and easily gain access to your home. If the right amount of force is applied to the cylinder, it can break and give access to the locking mechanism.

Lock Snapping has become more common over recent years as it requires no special tools or expert knowledge, just the force of a hammer, mole grips or anything else that can physically grab and take hold of a cylinder is enough to gain entry. Many readily available videos’ online show the shocking force, speed and ease of the technique that burglars are using to break into homes up and down the country. One online video that we’ve seen shows how burglars will gain access to a cylinder even if it isn’t protruding from the handle. In this case the handle is shown literally being ripped off the door, the cylinder exposed, and the locking mechanism compromised using household tools such as a hammer and screwdriver.

A recent short tv documentary showed how a former burglar, without previous experience of snapping locks, could use this method to gain access to a property within 40 seconds, even he admitted how shocked he was at the ease and speed of gaining access, he said that an experienced lock snapper could probably gain access in as little as 13 seconds [Lock Snapping Video]. Another former burglar admitted that even if he had the best lock picks in England, he would rather snap the cylinder because “it’s simpler and easier”.

Police have said it’s estimated that around 22 million doors throughout the UK could be at risk from lock snapping where the lock cylinder can be broken in seconds.

 

What Locks Are at Risk

Key locks that are at risk of lock snapping are those of Euro Cylinder profiles, and locks that extend beyond 3mm of the handle. The further the lock cylinder protrudes from the door the more prone to tampering it becomes as it is easier to grip and take hold of, but even if a lock cylinder doesn’t protrude from the handle it still isn’t immune to tampering.

ASB Anti-Snap Locks

Locks that are of a TS007 3 Star standard (also known as ‘anti-snap’ cylinders) are locks that meet the requirements to withstand lock snapping attempts.

Anti-Snap cylinders have a ‘snap-off’ section integrated which will come away if a burglar was to try and snap the lock, making the cylinder shorter, thus making it more difficult to grasp. With the help of built in grip defenders it makes getting hold of the cylinder even harder. Not only that but anti-snap locks have a hardened bar which won’t snap, it will only flex making snapping almost impossible.

Check that your current locks do not over extend. If they appear vulnerable you may want to consider having them replaced or replacing them yourself. Fitting them yourself is relatively easy, takes little time and requires no specialist tools.

Replacement costs

Upgrading to an ASB lock by a reputable locksmith will cost you £100 to £150 for a single door. Replacing more than one at the same time reduces the cost per door.

If you are prepared to buy the replacement cylinders off line and DIY it will cost you £35 to £45 per door.

Tackling Tobacco Crime across the Midlands

Over 5.5 million illegal cigarettes and 645 kg of hand rolling tobacco were seized by Warwickshire County Council’s Trading Standards Service and other local Trading Standards within the Central England Trading Standards Authorities (CEnTSA). The cigarettes and tobacco were seized in the last financial year (2016/2017) with a loss to the tax payer of over £2 million. The total retail value of the illegal goods is estimated to be worth more than £2.5 million.

The cigarettes and hand rolling tobacco were often well hidden, in sophisticated concealments using electronic magnets controlled by a switch, in cavity walls and even disguised as BBQ sets. Such hiding places are difficult to detect without the aid of specialist tobacco sniffer dogs.

All offending businesses are subject to a criminal investigation, with some traders already being successfully prosecuted. Some have received financial penalties, others, suspended prison sentences and community orders. In addition, some shops have had their alcohol licences suspended or revoked for dealing with illegal tobacco products.

Warwickshire County Councillor Howard Roberts, Portfolio Holder for Community Safety said:  “Far from being a victimless crime, the illegal tobacco trade is providing a cheap source of cigarettes for children and young people. Whilst all tobacco is harmful, the illegal tobacco market, and in particular the availability of cheap cigarettes, makes it easier for children to start smoking and harder for smokers to quit and remain smoke free. The loss to the tax payer means less money being spent on local communities, schools and the NHS.’’

Bob Charnley, Chairman of CEnTSA said ‘‘More and more people over the past few years have decided enough is enough and are providing information to Trading Standards, to stop local criminals selling and distributing illegal tobacco. Combating illegal tobacco has become an increasing priority for Trading Standards. The illegal tobacco trade has strong links with crime and criminal gangs, including drug dealing, money laundering, people trafficking and even terrorism. Selling illegal tobacco is a crime.”  Mr Charnley added ‘‘retailers are becoming increasingly sophisticated in their approach, adapting their methods in order to avoid detection. Some businesses had gone to great lengths to conceal the illegal tobacco in secret compartments, including BBQ sets, fake floor boards, false walls, ovens and fridges. You may hide it, but we will find it.’’

Illegal tobacco products can usually be easily recognised. They will be very cheap, often less than half the price of legitimate packets and often have foreign writing on them. Anyone being offered cheap tobacco or any other types of illicit goods should report it to Trading Standards by calling the CEnTSA’s confidential fakes hotline on 0300 303 2636.

For more details on NHS Stop Smoking Services in Warwickshire go to www.quit4good.co.uk or phone 0800 085 2917.