Now you need a separate bank account for online shopping to beat fraud (2024)

Standing on a wooden podium at the front of the room is a geeky-looking 21-year-old man, typing furiously on a black laptop.

An audience of 150 City workers sit at tables in front of him, transfixed. On a projector screen set up on the stage are rows of letters and symbols.

It looks like a secret language - and it is. This is the code that IT whiz kids use to communicate with computers.

Mustafa Al-Bassam, who describes himself as an ethical hacker, has set up what looks like an ordinary online shopping website.

But it is a fake, designed to show his audience just how easy it is for fraudsters to hack an online retailer and steal its customers' personal information.

Simple but cunning, this crime has become the biggest fraud risk in Britain, say police. Figures obtained by Money Mail show that almost 1,000 people a day fall victim to online shopping fraud.

Yet almost nine in ten fail to report the attack, either because they are unaware or because they blame themselves.

It has left police chiefs in despair: privately, they admit they are losing the battle to stop the cyber-criminals.

They are pinning their hopes on a two-pronged attack. First, they want shoppers to get smarter online. Police are urging us to use a separate bank account for internet shopping and write passwords on paper, rather than store them on a computer.

And the authorities are also desperate for banks, shops and other companies to beef up their online security.

That's what lies behind this hacking demonstration, which is being put on for company executives at the Guildhall's grand Livery building, home of the City of London Police.

By now, Mr Al-Bassam has 'hijacked' the site he created by typing some letters and symbols into the box where the website address is at the top of the screen. This, he says, allows him to control what the website does.

He asks it to retrieve all the information it has on customers. Less than a minute later he has 52 tables of customer data, including names, addresses and credit card information.

'This would be seen by hackers as a lame hack - anyone could do it,' he says. 'It's how TalkTalk was compromised.'

Next he shows us how quickly fraudsters can guess your password. Most people still use something common, such as '1234', 'querty', 'password' or 'letmein'.

But even unusual passwords aren't safe. It takes Mr Al-Bassam's computer program just 0.7 seconds to scroll through millions of possible passwords and guess the right one.

Two-thirds of people have the same username and password for every website they use. So once fraudsters have obtained one set of details, they will try them on popular websites such as Amazon and major banks.

Watching Mr Al-Bassam work isn't exciting or glamorous. But this is how criminals get their hands on your money - and it doesn't seem to take much effort.

Audience members hesitantly raise their hands to ask questions. 'What exactly is the cloud that everyone is always talking about,' a woman asks.

Another wants to know if her text messages can be intercepted. A man asks if computer geniuses engage in hacker wars 'like in the films'.

These are the people in charge of your money. And it's clear many have no idea about the threat of online crime - let alone how to protect your money from fraudsters.

Big companies employ teams of IT experts to help, but small businesses and individuals are on their own.

Fraud costs the British economy £52billion a year. A total of 230,630 reports of fraud were made to the watchdog Action Fraud in the year to March 2015 - up 9 per cent on the previous 12 months. Almost one in five of these crimes (or 42,589) is related to online shopping.

Experts say it's just the tip of the iceberg. If the estimates are correct and 88 per cent of fraud goes unreported, the real figure for internet shopping fraud will be nearer to 354,903 - or 972 victims a day.

James Phipson, special inspector and director of the Economic Crime Directorate for City of London Police, says: 'Online shopping fraud is the biggest threat to the UK. Victims often don't realise they've fallen foul of a scam until their goods don't arrive a month later.

'By then, it is too late to do anything. Your money will have been moved from bank account to bank account and disappeared halfway round the world by then.'

The police admit they are struggling to keep pace with online criminals. With so few crimes being reported, investigators are missing out on the vital clues needed to catch criminals.

Many people don't even realise they have fallen victim to fraud, while others are embarrassed.

Special inspector Phipson says using a credit card is the safest way to buy something online. If you spend more than £100, you have protection under Section 75 of the Consumer Act if what you purchase never arrives.

Some websites charge a fee to use a credit card rather than a debit card, so you may need to set up a bank account that has a debit card, too.

He also recommends writing down passwords on a piece of paper and keeping it in a safe place at home. With so many passwords to keep track of, many people email themselves reminders. But fraudsters can hack into your emails and steal this information.

Mr Al-Bassam suggests using an online password manager such as 1Password or RoboForm. This software stores a file of all your passwords and can be accessed only with a super-secure master password.

Where possible, use a two-step security process. Most banks and major firms, such as Facebook and Paypal, allow customers to request a security PIN to be texted to their phone which then needs to be entered before anyone can log in. Mr Al-Bassam says this will stop most hackers in their tracks.

WHAT YOU NEED TO KNOW ABOUT MONEY: LISTEN TO THE THIS IS MONEY PODCAST

> Listen & subscribe on iTunes