Civil servants exposed almost half of the British population to the threat of identity theft this week when they lost the names, addresses, dates of birth and account details of 25 million people. The debacle, which cost Paul Gray, the chairman of HM Revenue & Customs, his job, highlighted how little control we have over our personal data. But while the Government’s cavalier approach to information security has put millions at risk of fraud, security experts say that the greatest threat to our personal data and account details is online. Internet fraud is now so common that the House of Lords Science and Technology Committee recently branded the internet a lawless “Wild West”, while the US Treasury believes cyber crime is worth more than the illegal drugs trade.

GetSafeOnline.org, a joint initiative between the Government and the Serious Organised Crime Agency (SOCA), estimates that the average loss to cyber crime is £541. More worrying still, it says that one person in five knows nothing about internet security. Women are twice as likely as men not to know how to surf the web safely.

Methods of cyber crime fall broadly into two categories. In the first, fraudsters try to trick people into revealing account details and other personal data to steal money or create false identities. In the second, hackers break into a PC’s system to find these details or to sabotage the PC, making it slow or unusable. Con-men even hijack home computers to send spam to other people.

A common form of fraud is known as “phishing” because it involves con-men trawling the web to elicit account details. This is usually done through fake e-mails that look to be from legitimate companies such as eBay or Amazon. One recent example appeared to come from Revenue & Customs and suggested that recipients were due a tax refund of £172. The e-mail directed unsuspecting internet users to a fake website that appeared identical to the legitimate website and asked them to enter debit or credit card details so that the repayment could be credited to their account. People who followed the instructions will have had their account emptied or card plundered.

Experts believe that almost half of phishing thefts last year were committed by groups operating through the Russian Business Network, a web hosting company based in St Petersburg and run by a figure known as “Flyman”. Dubbed “the mother of cyber crime”, RBN has also been linked to child pornography, corporate blackmail, spam attacks and online identity theft. A report by Veri-Sign, one of the world’s largest internet security firms, suggested that Rock Group, a criminal gang specialising in phishing, used RBN’s network to steal about £75 million from bank accounts last year. RBN is also said to have developed fake software such as antivirus programs to dupe internet users into giving it access to their computers in the mistaken belief that they were protecting themselves.

Fraudsters also exploit our willingness to share personal details on social networking sites. One in four of the ten million Britons registered to Facebook, MySpace or Bebo has posted information such as their phone number, address or e-mail on their online profile, making them vulnerable to identity fraud. Tony Neate, the head of GetSafeOnline.org, says: “These details may provide rich pickings. Your date of birth and address is enough for someone to set up a credit card in your name.”

There are simple steps we can all take to protect ourselves and our computer from the myriad threats online. The first is awareness. “Reputable companies don’t ask customers for passwords or account details in an e-mail,” says Graham Cluley, a senior technology consultant at Sophos, an internet security company. “Even if you think an e-mail may be legitimate, don’t respond; ring the company or visit their website. Never click on links within dubious-looking e-mails; go to your web browser and type in the address.”

There are often telltale signs that an e-mail or website is a forgery. Fraudsters may have perfected web technology but they rarely master written English. Phishing e-mails and fake websites often contain spelling mistakes or poor grammar. The URL or internet address at the top of a web browser can be another giveaway. The addresses on most phishing websites differ from the genuine version. For example, the site purporting to be HMRC started with the web address gastager-weltreisen. de, suggesting that it is hosted in Germany, rather than the hmrc.gov.uk of the legitimate site.

There are simple ways to minimise the risk of hackers stealing your account details, passwords and personal details. Cluley says: “Be cautious about opening attachments and downloading files from e-mails or the internet, no matter who they are from; you may be infecting your computer with malicious spyware or viruses.” Spyware is software that infiltrates your PC to monitor your activity, scan personal information or give hackers control of your system.

Ensure that your computer has a regularly updated firewall and virus protection software. Microsoft offers Windows Vista users a free firewall, which should be adequate for most users. Free updates are available at www.windowsupdate.com. Companies such as Norton, McAfee and Symantec also sell automatically updated firewalls and virus protection software but there are also free alternatives such as Grisoft’s AVG, available for download at www.free. grisoft.com. For other options visit www.GetSafeOnline.org.

Internet shoppers can also check whether a website uses encryption technology to protect personal details before making a purchase. If the website is on a secure server it should start with “https://” (“s” for security) rather than the usual “http://”. Also look for a padlock symbol on your browser’s status bar. MasterCard’s SecureCode or Verified by Visa program offer another layer of protection. These secure payment systems require subscribers to enter a password when they make purchases with their cards at participating websites. Sadly, however, no amount of protection software or fancy electronic gizmos will protect you from the many “real world” scams that are increasingly conducted over the internet. Says Cluley: “Always have your wits about you when you go online.”

Times recommends

• Ask me about sex, not pay
• Culture clubbing
• Honor Blackman: Words from the wise