0:00:02 > 0:00:04We asked you to tell us what's left you feeling totally ripped off,
0:00:04 > 0:00:07and you've contacted us in your thousands.
0:00:07 > 0:00:10You've told us about the companies that you think get it wrong,
0:00:10 > 0:00:13and the customer service that simply is not up to scratch.
0:00:13 > 0:00:17They just want to take money from people, that's what it's all about.
0:00:17 > 0:00:20You've asked us to track down the scammers who stole your money
0:00:20 > 0:00:24and investigate the extra charges that you say are unfair...
0:00:24 > 0:00:28What kind of people could do this, to an innocent human being?
0:00:28 > 0:00:32..and when you've lost out but no-one else is to blame,
0:00:32 > 0:00:35you've come to us to stop others falling into the same trap.
0:00:35 > 0:00:38You have to go through various levels of authority
0:00:38 > 0:00:40and push your way through.
0:00:40 > 0:00:44So whether it's a blatant rip-off or a genuine mistake,
0:00:44 > 0:00:46we're here to find out why you're out of pocket,
0:00:46 > 0:00:49and what you can do about it.
0:00:49 > 0:00:53Your stories, your money - this is Rip-Off Britain.
0:00:55 > 0:00:57Hello, and thank you so much for joining us
0:00:57 > 0:00:58for another Rip-Off Britain,
0:00:58 > 0:01:01where our team is beavering away on the stories
0:01:01 > 0:01:03that you've asked us to look into on your behalf -
0:01:03 > 0:01:06and today we're focusing on something that not so long ago
0:01:06 > 0:01:10was the stuff of thrillers or even science fiction,
0:01:10 > 0:01:13but I'm afraid it's all become practically an everyday reality,
0:01:13 > 0:01:16and I'm talking about cybercrime.
0:01:16 > 0:01:20And official figures estimate that more than 2 million people a year
0:01:20 > 0:01:23in England and Wales have fallen victim to cybercriminals.
0:01:23 > 0:01:25While research shows, rather worryingly,
0:01:25 > 0:01:29that the UK is one of the most targeted countries in the world -
0:01:29 > 0:01:32and, indeed, judging by all the letters and e-mails that you've sent
0:01:32 > 0:01:35us on this subject, it is something about which many of you
0:01:35 > 0:01:39really are seriously worried. Not least because you wonder
0:01:39 > 0:01:42if the companies that we trust to protect our details
0:01:42 > 0:01:45are really always doing enough to keep them safe.
0:01:45 > 0:01:48Yeah, you've only got to think of some of the big-name businesses
0:01:48 > 0:01:51who have been hacked to realise that's not the case,
0:01:51 > 0:01:53and as the hackers become more and more proficient
0:01:53 > 0:01:56at getting hold of and using our personal information,
0:01:56 > 0:02:00it's becoming harder to stay one step ahead of the crooks.
0:02:00 > 0:02:03So, as we investigate situations where things have gone wrong,
0:02:03 > 0:02:05we'll also be asking,
0:02:05 > 0:02:08what's being done to put any lapses in security right?
0:02:10 > 0:02:13Coming up... The all too plausible scam that saw this couple tricked
0:02:13 > 0:02:16into giving access to not just their computer,
0:02:16 > 0:02:19but thousands of pounds of their money...
0:02:19 > 0:02:22I felt my privacy had been invaded, threatened.
0:02:22 > 0:02:26I feel depressed that somebody could try and invade my premises.
0:02:28 > 0:02:32..and a reformed hacker spills the beans on how he used to do it.
0:02:32 > 0:02:34Now I've managed to crack your password.
0:02:34 > 0:02:37- What? Really? - You used a very common password.
0:02:37 > 0:02:39Well, blow me down.
0:02:42 > 0:02:45Now, of all the factors that come into play when we're deciding
0:02:45 > 0:02:48which companies to give our custom to, I'd be willing to bet
0:02:48 > 0:02:50that how they store and handle personal information,
0:02:50 > 0:02:54such as your bank account details, your address and date of birth,
0:02:54 > 0:02:57isn't usually going to be on top of the list.
0:02:57 > 0:03:00We're more likely to be swayed by the lowest price,
0:03:00 > 0:03:02or what seems to be the best deal.
0:03:02 > 0:03:05But, you know, getting a sense of the robustness of their security
0:03:05 > 0:03:07is probably something that we all need
0:03:07 > 0:03:09to start taking a lot more seriously -
0:03:09 > 0:03:13and if there's one story that's shown why that's so crucial,
0:03:13 > 0:03:17it's the major hacking incident that affected telecoms giant TalkTalk.
0:03:17 > 0:03:19A major cyber attack
0:03:19 > 0:03:21on the broadband and phone provider TalkTalk -
0:03:21 > 0:03:25millions may have had their personal details stolen.
0:03:25 > 0:03:29It remains one of the most audacious cyber attacks
0:03:29 > 0:03:32ever to hit the headlines. In October 2015,
0:03:32 > 0:03:38personal data relating to around 157,000 TalkTalk customers
0:03:38 > 0:03:39was dramatically compromised,
0:03:39 > 0:03:42including phone numbers, and, in some cases,
0:03:42 > 0:03:45details of credit cards and bank accounts.
0:03:45 > 0:03:49TalkTalk was fined a record £400,000
0:03:49 > 0:03:51by the Information Commissioner's Office,
0:03:51 > 0:03:53for failing to satisfactorily safeguard
0:03:53 > 0:03:55its customers' information,
0:03:55 > 0:03:58and ordered to tighten up its procedures -
0:03:58 > 0:04:00and while it says it's done just that,
0:04:00 > 0:04:01less than two years on
0:04:01 > 0:04:03we're still hearing from customers of the company
0:04:03 > 0:04:07who say the ramifications of the attack keep rumbling on.
0:04:07 > 0:04:11I've come to Surrey to meet Philip Minty and his wife Leslie.
0:04:11 > 0:04:15Last December, they ended up losing thousands of pounds
0:04:15 > 0:04:17after receiving a call from a fraudster
0:04:17 > 0:04:21they believe must have got their details during that hack.
0:04:21 > 0:04:25Now take me back to that fateful day, what exactly happened?
0:04:25 > 0:04:28Well, I was working on my laptop.
0:04:30 > 0:04:31Then the phone rang...
0:04:33 > 0:04:39..and a gentleman introduced himself as Kevin from TalkTalk,
0:04:39 > 0:04:44and that he wanted to give me a refund of charges,
0:04:44 > 0:04:49because my router had not been working properly.
0:04:49 > 0:04:52As Philip did have a contract with TalkTalk,
0:04:52 > 0:04:55he didn't question the call from this so-called Kevin.
0:04:55 > 0:05:01The only people to know our information are TalkTalk,
0:05:01 > 0:05:05so I had no reason to believe it was anybody else.
0:05:05 > 0:05:08But when he said, "You're having problems with your router",
0:05:08 > 0:05:09how did you react to that?
0:05:09 > 0:05:12I'm not a terribly technical person.
0:05:12 > 0:05:15I hadn't noticed any problems.
0:05:15 > 0:05:19He assured me that there were, and I took him at his word.
0:05:19 > 0:05:22Of course, Kevin wasn't from TalkTalk at all,
0:05:22 > 0:05:25but his story was so plausible that Philip suspected nothing.
0:05:27 > 0:05:31He wanted to make a refund of £200.
0:05:31 > 0:05:35He asked me if I had internet banking, I confirmed that we did,
0:05:35 > 0:05:38and he wanted to make the transfer immediately, to our bank.
0:05:38 > 0:05:42So at this point, were you thinking to yourself, "Oh, well,
0:05:42 > 0:05:44"this is quite nice, really"?
0:05:44 > 0:05:47There was no reason for me to think it was not TalkTalk.
0:05:47 > 0:05:49The fraudster explained to Philip
0:05:49 > 0:05:52that he needed to download an attachment on an e-mail,
0:05:52 > 0:05:56which would allow him to make the transfer automatically.
0:05:56 > 0:05:58I logged into my bank
0:05:58 > 0:06:02and he showed me that he was putting money into the account.
0:06:02 > 0:06:06- How did he do that? - By accessing my laptop.
0:06:06 > 0:06:09Well, unfortunately, allowing that access to Philip's laptop
0:06:09 > 0:06:12meant that money couldn't just be put into his account,
0:06:12 > 0:06:14it could also be taken out.
0:06:16 > 0:06:19I wasn't considering anything wrong was going on,
0:06:19 > 0:06:24so I went along with it, and I saw this amount going into my account.
0:06:25 > 0:06:28But then Philip started to notice things weren't quite right.
0:06:28 > 0:06:31As well as the expected £200,
0:06:31 > 0:06:35an extra £2,000 had appeared in his account as well.
0:06:36 > 0:06:40Then he said to me that he'd put in an additional amount by mistake.
0:06:40 > 0:06:45He asked me if I would assist him in reversing the money out...
0:06:47 > 0:06:49Which I did.
0:06:49 > 0:06:51Now you can probably guess what happened next.
0:06:51 > 0:06:54Philip let the caller take money out of his account,
0:06:54 > 0:06:58but I'm afraid he helped himself to almost three times as much as he was
0:06:58 > 0:07:03supposed to, taking out a whopping £5,800.
0:07:03 > 0:07:05On spotting this, Philip immediately called his bank,
0:07:05 > 0:07:07to try and stop the transfer,
0:07:07 > 0:07:11but they told him that not only had the £5,800 gone,
0:07:11 > 0:07:15but there'd also been a second attempt to take another £5,000,
0:07:15 > 0:07:17and given that Philip had logged in
0:07:17 > 0:07:19and carried out the initial transaction,
0:07:19 > 0:07:23the bank didn't see any reason to consider any of this fraudulent.
0:07:25 > 0:07:28As far as they were concerned, it was down to us, then.
0:07:28 > 0:07:31What, because you had willingly done it?
0:07:31 > 0:07:33Yeah... Willingly, I don't think is...
0:07:33 > 0:07:36It's an emotive word.
0:07:36 > 0:07:38- No, but you had pressed the button to send?- Yes.
0:07:40 > 0:07:42Eight weeks later, quite shamelessly,
0:07:42 > 0:07:45the same fraudster called Kevin left Philip a message,
0:07:45 > 0:07:49presumably eager to steal from the couple again.
0:07:54 > 0:07:56So it's definitely Kevin from TalkTalk, allegedly?
0:07:56 > 0:07:58- Yes.- Now that's very cheeky,
0:07:58 > 0:08:02to actually ring you eight weeks after carrying out that scam.
0:08:02 > 0:08:04So how did you feel?
0:08:04 > 0:08:08I felt my privacy had been invaded, threatened.
0:08:08 > 0:08:13I feel depressed that somebody could try and invade my premises.
0:08:13 > 0:08:17TalkTalk tells us that helping protect its customers from scams
0:08:17 > 0:08:18is a top priority,
0:08:18 > 0:08:22and to do that it's launched a number of initiatives,
0:08:22 > 0:08:24including a dedicated scam prevention team
0:08:24 > 0:08:28and a nationwide awareness campaign called Beat The Scammers,
0:08:28 > 0:08:30to provide guidance and tips,
0:08:30 > 0:08:33as well as several times contacting all customers
0:08:33 > 0:08:35with warning and advice.
0:08:35 > 0:08:37It added that it was very sorry to hear what had happened
0:08:37 > 0:08:41in this particular case, but pointed out that phone and e-mail scams
0:08:41 > 0:08:43are a serious and growing problem,
0:08:43 > 0:08:45affecting not just TalkTalk
0:08:45 > 0:08:48but people and companies right across the UK.
0:08:48 > 0:08:50It said it's determined to play its part
0:08:50 > 0:08:53in ensuring that other customers
0:08:53 > 0:08:56are not put in the same position as Philip -
0:08:56 > 0:08:59but the company's name continues to be dragged into similar scams,
0:08:59 > 0:09:02both online and over the phone.
0:09:02 > 0:09:05Indeed, we've heard from a Post Office worker in Chapel-en-le-Frith
0:09:05 > 0:09:08in Derbyshire who just in the nick of time
0:09:08 > 0:09:12managed to stop one such fraud in his tracks,
0:09:12 > 0:09:14after an elderly lady walked into her shop.
0:09:16 > 0:09:19She approached the counter nervously.
0:09:19 > 0:09:22So I said, "OK, then, have you filled the form in"?
0:09:22 > 0:09:24"No, I didn't know I needed a form".
0:09:24 > 0:09:25"Yeah, you needed a form".
0:09:25 > 0:09:27So I said, "OK, then.
0:09:27 > 0:09:29"Do you know who you are sending it to?"
0:09:29 > 0:09:32"Yeah, a friend". I said, "OK,
0:09:32 > 0:09:34"do you know this friend well?"
0:09:34 > 0:09:36"Yeah, he keeps phoning me up".
0:09:36 > 0:09:39It transpired that the elderly woman had received a call from someone
0:09:39 > 0:09:42claiming to be, yet again, from TalkTalk.
0:09:42 > 0:09:44They told her that the company had refunded too much money
0:09:44 > 0:09:49into her account, but she was to send it back via a money transfer.
0:09:49 > 0:09:53However, Linda was immediately sure this was a scam.
0:09:53 > 0:09:56I explained to her, she was in tears, she was very upset,
0:09:56 > 0:09:59very anxious. I managed to take her to one side
0:09:59 > 0:10:01and hold her hands and say to her,
0:10:01 > 0:10:06you know, "It's a scam, you know, you don't owe that amount of money.
0:10:06 > 0:10:10"It's important you don't send it. Please believe me".
0:10:10 > 0:10:13This wasn't the first time Linda had come across customers
0:10:13 > 0:10:16tricked into sending money transfers to unknown fraudsters,
0:10:16 > 0:10:18who'd got in touch with them over the phone.
0:10:20 > 0:10:26One guy came in to me wanting to transfer £10,000.
0:10:26 > 0:10:30This was his life savings that he was wanting to send back,
0:10:30 > 0:10:33because he was under the impression
0:10:33 > 0:10:35that they had put it into his account.
0:10:35 > 0:10:38I find over the past 12 months at least
0:10:38 > 0:10:41there's been 10-12 incidents of the scam,
0:10:41 > 0:10:43that I have personally dealt with.
0:10:43 > 0:10:47This is tragic, and it just shouldn't be.
0:10:47 > 0:10:50You know, these people are vulnerable
0:10:50 > 0:10:52and we are talking about their life savings.
0:10:52 > 0:10:55Well, isn't it fantastic that the locals here have somebody like Linda
0:10:55 > 0:10:59looking out for them? And she's got advice to keep in mind
0:10:59 > 0:11:02should any of the rest of us be cold called with a similar scam.
0:11:03 > 0:11:06They want your bank details, you go and speak to the bank first.
0:11:06 > 0:11:10You never, ever give bank details out over the phone,
0:11:10 > 0:11:12or even on the internet.
0:11:12 > 0:11:14You know, companies are set up
0:11:14 > 0:11:16that they don't ask for this sort of thing.
0:11:17 > 0:11:18I love her -
0:11:18 > 0:11:21but considering how many of her customers are being targeted,
0:11:21 > 0:11:23Linda believes businesses could be doing more
0:11:23 > 0:11:26to protect their customers from fraud.
0:11:26 > 0:11:32I think companies should take more responsibility with their own data
0:11:32 > 0:11:36and how they store it and what they do with it.
0:11:36 > 0:11:38I mean, cyber attacks are one thing,
0:11:38 > 0:11:44but they should really have more security on their own facilities
0:11:44 > 0:11:46and their own policies and procedures.
0:11:46 > 0:11:48In response to this growing problem,
0:11:48 > 0:11:52the Post Office and other financial institutions have got together
0:11:52 > 0:11:54with the police to roll out a national scheme
0:11:54 > 0:11:56called The Banking Protocol,
0:11:56 > 0:11:59which is hoped will mean that any time someone walks into a bank
0:11:59 > 0:12:01or a Post Office to withdraw or transfer
0:12:01 > 0:12:04significant or unusual amounts of cash,
0:12:04 > 0:12:07staff will be expected to ask them a few simple questions about it,
0:12:07 > 0:12:11in order to stop these types of fraud in their tracks.
0:12:11 > 0:12:13If a potential fraud is found,
0:12:13 > 0:12:16it will also be reported to a dedicated police response team,
0:12:16 > 0:12:17who will be sent to investigate.
0:12:19 > 0:12:21Back in Surrey, Philip and Leslie
0:12:21 > 0:12:23wish that on the day they were scammed,
0:12:23 > 0:12:25they'd asked themselves some of those questions.
0:12:25 > 0:12:27Perhaps if they had,
0:12:27 > 0:12:30they wouldn't now be thousands of pounds out of pocket,
0:12:30 > 0:12:34with very little chance of getting any of their money back.
0:12:34 > 0:12:36So, how are you feeling at this particular point,
0:12:36 > 0:12:38realising what had happened?
0:12:38 > 0:12:40A bit of a mug, really,
0:12:40 > 0:12:43quite foolish, annoyed, robbed.
0:12:43 > 0:12:46That's what happens, that's the feeling.
0:12:47 > 0:12:49That somebody has...
0:12:49 > 0:12:52walked into your house and stolen things.
0:12:57 > 0:13:01All through today's programme we've been hearing how faceless criminals
0:13:01 > 0:13:05will stop at nothing to get their hands on our personal information -
0:13:05 > 0:13:08whether it's access to our companies,
0:13:08 > 0:13:10our e-mails or even our homes,
0:13:10 > 0:13:14we're all worried about becoming a soft touch for a determined hacker.
0:13:14 > 0:13:17So, is there anything we can do to protect ourselves
0:13:17 > 0:13:18from this type of crime?
0:13:18 > 0:13:21Well, we're about to meet a crack team
0:13:21 > 0:13:23who are being specially trained to fight back
0:13:23 > 0:13:25against these anonymous crooks,
0:13:25 > 0:13:29and who better to teach them how to do it than a former hacker himself?
0:13:29 > 0:13:31He's now turned good guy,
0:13:31 > 0:13:34but he's making good use of some of his old tricks
0:13:34 > 0:13:36to come up with some very new advice
0:13:36 > 0:13:40to make it much harder for the hackers to attack.
0:13:41 > 0:13:46It's estimated that cybercrime costs the UK £34 billion a year,
0:13:46 > 0:13:49but not all the people behind even the biggest attacks
0:13:49 > 0:13:53are hardened career criminals. Back in 2015, it was a 17-year-old boy,
0:13:53 > 0:13:57apparently operating from his bedroom, who hacked into TalkTalk.
0:13:57 > 0:14:01He said in court he was just showing off to his mates...
0:14:02 > 0:14:07..and Mustafa Al-Bassam was also a teenager when he was prosecuted
0:14:07 > 0:14:11for hacking. Mustafa was caught hacking America's CIA,
0:14:11 > 0:14:14as well as the UK's Serious Crime Agency.
0:14:14 > 0:14:17Now, aged 22, he's on the side of the good guys,
0:14:17 > 0:14:20based at the Department of Computer Science
0:14:20 > 0:14:21at University College London.
0:14:22 > 0:14:25I really want to find out what makes a hacker,
0:14:25 > 0:14:29or in this case a reformed one, so I've arranged to meet him.
0:14:29 > 0:14:33Mustafa, how did you get into hacking?
0:14:33 > 0:14:36Well, when I was very young, about eight or nine,
0:14:36 > 0:14:39I got my first computer, and I started learning
0:14:39 > 0:14:42how to programme and learning how to make websites,
0:14:42 > 0:14:44and when I started learning how to programme,
0:14:44 > 0:14:47I started to realise the mistakes that allows hackers to take control.
0:14:47 > 0:14:49So from that, I became sort of really interested
0:14:49 > 0:14:51in computer security and hacking.
0:14:51 > 0:14:55And it wasn't long before he got involved with a group of hackers
0:14:55 > 0:14:58who, he says, led him into hacking websites belonging to government
0:14:58 > 0:15:00or big business, just for fun.
0:15:02 > 0:15:04So what was it like, when you were doing it?
0:15:04 > 0:15:06Did it feel exciting, what was motivating you?
0:15:06 > 0:15:10Well, I think it was a bit of a challenge, really.
0:15:10 > 0:15:13It's kind of like puzzle solving, it's a bit of a game.
0:15:13 > 0:15:16Once you've solved the problem or solved the puzzle,
0:15:16 > 0:15:18when you finally get into the system,
0:15:18 > 0:15:20you sort of get a thrill from it.
0:15:20 > 0:15:22Nowadays Mustafa is poacher turned gamekeeper,
0:15:22 > 0:15:25studying the way hackers behave,
0:15:25 > 0:15:28and today he's going to reveal some of their secrets.
0:15:28 > 0:15:31So, tell me how a hack begins.
0:15:31 > 0:15:34So, it depends on the purpose of the hack.
0:15:34 > 0:15:35If it's a financial hack,
0:15:35 > 0:15:38the first thing they will do is they will try to find as much information
0:15:38 > 0:15:39about you as possible.
0:15:39 > 0:15:42By googling you, looking at your Facebook accounts,
0:15:42 > 0:15:43finding your e-mail accounts, etc.
0:15:43 > 0:15:45So the more exposed you are online,
0:15:45 > 0:15:49the easier it is for them to find out about you, is that right?
0:15:49 > 0:15:50Exactly.
0:15:50 > 0:15:52So, information such as e-mail addresses,
0:15:52 > 0:15:57mobile phone numbers or your date of birth are all useful to a hacker.
0:15:57 > 0:15:59And to demonstrate what can be done with them,
0:15:59 > 0:16:02Mustafa has set up a dummy shopping website that has what's apparently
0:16:02 > 0:16:05a fairly common weakness in its security,
0:16:05 > 0:16:08similar to the one TalkTalk used to have on its website,
0:16:08 > 0:16:11and easy for hackers like him to exploit.
0:16:11 > 0:16:15He's asked me to log on to the shopping site and create an account.
0:16:16 > 0:16:21I'm on my computer and I'm shopping online, and while I'm doing that,
0:16:21 > 0:16:22what are you doing?
0:16:22 > 0:16:25So you've signed up for a vulnerable shopping website,
0:16:25 > 0:16:26that has a security hole in it -
0:16:26 > 0:16:29and you've signed up for this website
0:16:29 > 0:16:30with a username and password.
0:16:30 > 0:16:34Now what I can do, I can try to hack into this website
0:16:34 > 0:16:36and extract your personal information.
0:16:36 > 0:16:40And it doesn't take long before Mustafa successfully gets into first
0:16:40 > 0:16:43the website, then my account.
0:16:43 > 0:16:45And now I can see your e-mail address
0:16:45 > 0:16:48and also I can see a protected version of your password.
0:16:48 > 0:16:52I always thought my password would be hard to figure out,
0:16:52 > 0:16:54but Mustafa says not.
0:16:55 > 0:16:57Now I've managed to crack your password...
0:16:57 > 0:17:00- What?- Because you used a very common password.
0:17:00 > 0:17:01- Is it?- Yeah.
0:17:01 > 0:17:03Well, blow me down.
0:17:03 > 0:17:06That's upsetting!
0:17:06 > 0:17:08I'm about to learn my first big mistake -
0:17:08 > 0:17:12the password for this shopping account is the same one I use
0:17:12 > 0:17:15for my e-mails, so Mustafa is immediately able to use it
0:17:15 > 0:17:18to access all of those.
0:17:18 > 0:17:20Now I'm logged into your Gmail account,
0:17:20 > 0:17:21now I can see all your e-mails,
0:17:21 > 0:17:23because you haven't used unique passwords.
0:17:23 > 0:17:25- Guilty.- I can see here you've got an e-mail
0:17:25 > 0:17:27from someone called Gloria Hunniford,
0:17:27 > 0:17:30asking you if you've seen the script for the next shoot.
0:17:30 > 0:17:33This is very spooky.
0:17:33 > 0:17:34So, now things get really serious.
0:17:34 > 0:17:37The next stage in this hack is vital.
0:17:38 > 0:17:43Sometimes hackers will create an e-mail address
0:17:43 > 0:17:46from someone that you know, that looks very similar
0:17:46 > 0:17:48that might have just one letter difference,
0:17:48 > 0:17:51to trick you that that person is really them.
0:17:51 > 0:17:53So, Mustafa does exactly that,
0:17:53 > 0:17:54creating an e-mail account
0:17:54 > 0:17:57with an almost identical address as Gloria's,
0:17:57 > 0:18:01which he uses to send an e-mail that naturally I will go on to open.
0:18:01 > 0:18:05On that e-mail is an attachment that looks like a programme script,
0:18:05 > 0:18:09but is in fact a bit of computer software called malware.
0:18:09 > 0:18:14Once opened, it gives Mustafa complete control over my computer.
0:18:15 > 0:18:18So, now I can do all kinds of things to your machine.
0:18:18 > 0:18:21For example, I can take a webcam photo.
0:18:21 > 0:18:24I can, for example, record everything you're typing,
0:18:24 > 0:18:27so if you were to type in your username and password somewhere,
0:18:27 > 0:18:28I would get your username and password.
0:18:28 > 0:18:30If you type in credit card information,
0:18:30 > 0:18:32I will get your credit card information,
0:18:32 > 0:18:34I can essentially retrieve or download any file on your computer.
0:18:34 > 0:18:37If you've got any sensitive photos or documents there,
0:18:37 > 0:18:39I can download them.
0:18:39 > 0:18:43So, with the click of a button, you have taken over my life?
0:18:43 > 0:18:44Exactly.
0:18:44 > 0:18:49With access to my e-mails, Mustafa could cause utter havoc.
0:18:49 > 0:18:52He could use my identity to rack up loans and credit cards in my name,
0:18:52 > 0:18:54as well as gain access to my bank account -
0:18:54 > 0:18:57but it seems the key to avoiding this type of situation
0:18:57 > 0:18:59is simple advice that we've heard before.
0:19:01 > 0:19:04There's a lot of basic steps that you can do to protect yourself.
0:19:04 > 0:19:08It's very important that you use a unique password for every website,
0:19:08 > 0:19:10because if one of those websites get compromised,
0:19:10 > 0:19:13it means that hackers can't use that same password
0:19:13 > 0:19:15to compromise your other accounts.
0:19:15 > 0:19:18Secondly it's important to have some due diligence
0:19:18 > 0:19:21when it comes to opening attachments from people.
0:19:21 > 0:19:25So never, never open up a document that's contained within an e-mail
0:19:25 > 0:19:27from somebody that you don't really know?
0:19:27 > 0:19:30- Exactly.- Is that correct?- That's the best way to be safe, for sure.
0:19:30 > 0:19:34Mustafa is clearly a whizz kid at the computer,
0:19:34 > 0:19:36so it's a relief that he is now putting all his hacking knowledge
0:19:36 > 0:19:40to good use, instead of disrupting big business and government...
0:19:43 > 0:19:44..but in recent months,
0:19:44 > 0:19:47a number of big companies and organisations have fallen victim
0:19:47 > 0:19:50to cyber attacks, with Wonga, Airbnb, ABTA and Yahoo
0:19:50 > 0:19:55just some of the high-profile names who've had their computers hacked,
0:19:55 > 0:19:58and their customers' personal data compromised.
0:19:58 > 0:20:01So it's no wonder that in the fight against the hackers,
0:20:01 > 0:20:03the Government is eager to recruit
0:20:03 > 0:20:06some of the country's brightest computer brains.
0:20:06 > 0:20:07I've come to Bristol,
0:20:07 > 0:20:10to meet the next generation of computer geniuses.
0:20:11 > 0:20:14Right, so if I can get everybody else's IP addresses...
0:20:14 > 0:20:18In this room are some of the UK's top computer whizz kids.
0:20:18 > 0:20:19The moment of truth.
0:20:19 > 0:20:23Brought together by big business and government agencies,
0:20:23 > 0:20:25in an effort to find new talent
0:20:25 > 0:20:28to plug what's been recognised as a skills gap
0:20:28 > 0:20:30in the UK's cyber defences.
0:20:30 > 0:20:34Looking around the room, I'm struck by how young they are.
0:20:34 > 0:20:38They were born into a digital world, where things like tablets,
0:20:38 > 0:20:42computers and smartphones are constant companions.
0:20:42 > 0:20:45These teenagers all have the sort of in-depth computer knowledge
0:20:45 > 0:20:48that would enable them to be hackers,
0:20:48 > 0:20:50but it turns out they'd rather use their skills to help.
0:20:52 > 0:20:54How long have you been doing this kind of thing?
0:20:54 > 0:20:59I originally started this thing, probably about 14.
0:20:59 > 0:21:01What are you hoping to do yourself in the future,
0:21:01 > 0:21:02are you going to go to university
0:21:02 > 0:21:04or are you going to go straight into business?
0:21:04 > 0:21:06I'm looking to go the university route.
0:21:06 > 0:21:10Ideally I want to study maths and computer science,
0:21:10 > 0:21:14and then look at doing the cyber security thing once I graduate.
0:21:14 > 0:21:15Yeah.
0:21:15 > 0:21:18The Government recently announced the creation of a special training
0:21:18 > 0:21:20college at Bletchley Park,
0:21:20 > 0:21:25to teach cyber security to 16-19 year olds in an effort to build up
0:21:25 > 0:21:26a talent pool for cyber defence...
0:21:28 > 0:21:33..and last year a £1.9 billion cyber security strategy was launched,
0:21:33 > 0:21:37with part of it aimed at stopping children becoming involved
0:21:37 > 0:21:40in sophisticated computer hacking offences -
0:21:40 > 0:21:43and it seems those of us who are slightly older
0:21:43 > 0:21:46also have a role to play in the war against cyber crime.
0:21:46 > 0:21:50The man running today's events in Bristol is Brian Lord,
0:21:50 > 0:21:55a cyber security expert who spent 21 years working at GCHQ.
0:21:57 > 0:22:01How do you actually make this world something that ordinary people
0:22:01 > 0:22:05can be involved in and, therefore, to some extent, protect themselves?
0:22:05 > 0:22:07There is a sense of personal accountability
0:22:07 > 0:22:08that I think everybody can take.
0:22:08 > 0:22:10The same way in which, if someone knocks at your door,
0:22:10 > 0:22:12you don't automatically invite them in.
0:22:12 > 0:22:16You don't leave your keys in the car with the door open
0:22:16 > 0:22:18because you just can't be bothered to unlock it
0:22:18 > 0:22:19and put the keys in the ignition.
0:22:19 > 0:22:21So there's a lot of education,
0:22:21 > 0:22:24and I think this is where there is a gap in what we do -
0:22:24 > 0:22:28there is still a lot of education that needs to be made available.
0:22:28 > 0:22:32As we've heard, taking care not to open unwanted e-mails
0:22:32 > 0:22:34and attachments and, most important of all,
0:22:34 > 0:22:37using totally unique passwords on websites
0:22:37 > 0:22:38really do go a long way
0:22:38 > 0:22:42to protecting ourselves from being hacked -
0:22:42 > 0:22:44and it's reassuring to think that the teenagers in this room
0:22:44 > 0:22:47in Bristol could one day be playing a key role
0:22:47 > 0:22:51in keeping us all safe from cybercriminals.
0:22:51 > 0:22:55The stereotype of a hacker sitting in his bedroom with his hoodie on
0:22:55 > 0:22:58and hacking away at computers is not true.
0:22:58 > 0:23:01You can see that from the people around us today.
0:23:01 > 0:23:03What I would say is, for every bad hacker at there,
0:23:03 > 0:23:06there is somebody doing good and doing the ethical thing.
0:23:13 > 0:23:17Still to come on Rip-Off Britain, how safe is your home?
0:23:17 > 0:23:19Could the latest hi-tech gadgets
0:23:19 > 0:23:22be leaving you open to a cybercrime attack?
0:23:22 > 0:23:24This is us upstairs, being filmed.
0:23:24 > 0:23:26How does that make you feel?
0:23:26 > 0:23:27Oh, good God.
0:23:27 > 0:23:28It's more than scary,
0:23:28 > 0:23:33it's horrifying that he could be watching your every move.
0:23:38 > 0:23:40Manchester's Trafford Centre
0:23:40 > 0:23:43was this year the venue for our annual pop-up shop,
0:23:43 > 0:23:46where visitors took time out from the shops to wait for advice
0:23:46 > 0:23:49from our top team of experts -
0:23:49 > 0:23:52and while we tackled most of your problems indoors,
0:23:52 > 0:23:57outside we were looking to help one of the sweetest faces to drop in -
0:23:57 > 0:23:59seven-year-old shih-tzu Maisie.
0:24:00 > 0:24:03She was joined by her owners, Marion and Tom Slavin,
0:24:03 > 0:24:05who were hoping that Andy Webb from the Money Advice Service
0:24:05 > 0:24:07could give them advice
0:24:07 > 0:24:09on a pet insurance claim they made last year.
0:24:11 > 0:24:14Well, this is Maisie - and aren't you a little cutie?
0:24:14 > 0:24:17Absolutely! But, Tom, you and your wife have had problems, have you,
0:24:17 > 0:24:19with a vet's bill over Maisie?
0:24:19 > 0:24:22Yes, we did, yeah. She had a cyst on her back, on her shoulder,
0:24:22 > 0:24:26which actually burst, and after about three visits with the vet,
0:24:26 > 0:24:30we finally submitted the claim to the insurance company,
0:24:30 > 0:24:33amounting to something like £226.
0:24:33 > 0:24:36The insurance company agreed to pay the vet's bill,
0:24:36 > 0:24:38and they deducted an excess fee of £89,
0:24:38 > 0:24:42but the couple were shocked to also see a further deduction
0:24:42 > 0:24:47of £38.50 for unrelated and unexplained items.
0:24:47 > 0:24:50It was my contention that we paid the vet his fees,
0:24:50 > 0:24:53which amounted to £226,
0:24:53 > 0:24:56but now we are being deducted a further amount
0:24:56 > 0:24:59because they don't want to pay it, basically.
0:24:59 > 0:25:01Well, Tom, we've got Andy with us here -
0:25:01 > 0:25:03what do you think is going on here with pet insurance?
0:25:03 > 0:25:06We're always hearing that people are having problems
0:25:06 > 0:25:07with their pet insurances.
0:25:07 > 0:25:10Yeah, it's so frustrating, isn't it? Because you put in one claim
0:25:10 > 0:25:12for one illness, as far as we're concerned,
0:25:12 > 0:25:15and you expect that to be treated as one payment
0:25:15 > 0:25:17minus the excess you spoke about.
0:25:17 > 0:25:19Tom and Marion have requested further information
0:25:19 > 0:25:23from the insurance provider to find out which part of the treatment
0:25:23 > 0:25:26wasn't covered. They're still waiting for a response,
0:25:26 > 0:25:28but what can they do in the meantime?
0:25:28 > 0:25:31Now, I would definitely look at the policy documents,
0:25:31 > 0:25:33just in case there's not any exclusions,
0:25:33 > 0:25:34cos the thing with insurance
0:25:34 > 0:25:37is there's so much small print, isn't there?
0:25:37 > 0:25:38So what would your recommendation be, then?
0:25:38 > 0:25:40That they'd first of all talk to the vet
0:25:40 > 0:25:43and see if he or she can do something with the paperwork?
0:25:43 > 0:25:44They might have seen this before,
0:25:44 > 0:25:47they might know where insurers are doing this kind of thing
0:25:47 > 0:25:50and something they can do to make sure, no, this is the same claim.
0:25:50 > 0:25:52After they made the claim,
0:25:52 > 0:25:54Tom and Marion were also surprised to find out
0:25:54 > 0:25:58that the terms of their insurance policy would now change.
0:25:58 > 0:26:01We got a letter from the insurance company, saying,
0:26:01 > 0:26:03with effect August of next year,
0:26:03 > 0:26:06which is the renewal date for Maisie's insurance,
0:26:06 > 0:26:10we are excluded from claiming for anything relating to cysts.
0:26:10 > 0:26:14Yeah. And it feels kind of unfair, because you paid so much money,
0:26:14 > 0:26:16even if you try to shop around to another insurer,
0:26:16 > 0:26:18it's still a pre-existing condition.
0:26:18 > 0:26:21- Yeah.- It's very unlikely you're going to be able to get cover
0:26:21 > 0:26:23for Maisie now, if that was to come back.
0:26:23 > 0:26:28But for anyone unhappy with changes or charges on their pet insurance,
0:26:28 > 0:26:31Andy suggests an interesting alternative.
0:26:31 > 0:26:33Obviously, the older a dog gets,
0:26:33 > 0:26:36the more expensive the insurance premiums get anyway.
0:26:36 > 0:26:39So you might want to consider self-insuring,
0:26:39 > 0:26:42which is basically putting the money aside yourself.
0:26:42 > 0:26:43You mean like a savings policy?
0:26:43 > 0:26:46Yeah, it's an emergency fund that if any other illnesses come up,
0:26:46 > 0:26:49you've got the cash there to pay for any other coverage,
0:26:49 > 0:26:51including anything that might re-occur.
0:26:51 > 0:26:52Well, there you go, Maisie,
0:26:52 > 0:26:54so what do you reckon you're going to do, then?
0:26:54 > 0:26:57We've already cancelled the insurance policy and put aside.
0:26:57 > 0:26:59So, I mean, whatever happens, she'll be looked after anyway.
0:26:59 > 0:27:03And she is an absolute cutie, so, hopefully, Maisie, stay well,
0:27:03 > 0:27:06nothing more in the future for your mum and dad!
0:27:06 > 0:27:09Back inside, technology expert David McClelland
0:27:09 > 0:27:14is downloading his thoughts on the shelf life of some of our purchases.
0:27:14 > 0:27:17So, David, we get a lot of e-mails to the office
0:27:17 > 0:27:19about all things to do with technology,
0:27:19 > 0:27:22you know, people will say, "I bought a new telephone,
0:27:22 > 0:27:23"I have bought a laptop,
0:27:23 > 0:27:27"what is the expectation of how long they may last?"
0:27:27 > 0:27:30I think we're being conditioned to refresh the technology that we buy.
0:27:30 > 0:27:32I mean, take smartphones, for example.
0:27:32 > 0:27:35We buy them on a contract, that might be 12 months, 18 months,
0:27:35 > 0:27:38two years long, and then we want to buy a new one.
0:27:38 > 0:27:41Technology has become almost like a fashion item.
0:27:41 > 0:27:44And yet the question that crops up a lot is,
0:27:44 > 0:27:48do you think that manufacturers build in a kind of obsolete clause
0:27:48 > 0:27:51to encourage you to buy new the latest technology?
0:27:53 > 0:27:56I'm sure if you were to ask this to any manufacturer,
0:27:56 > 0:28:00they would go, "Absolutely not, what a preposterous idea."
0:28:00 > 0:28:02If you were to push me,
0:28:02 > 0:28:06I would say that I think it would be a really bad thing
0:28:06 > 0:28:10if manufacturers were to, essentially, hobble a device
0:28:10 > 0:28:12once it got to a certain age
0:28:12 > 0:28:14so that it would push us into buying a new one.
0:28:14 > 0:28:16Can I say that it's never happened before?
0:28:18 > 0:28:20I'm a suspicious so-and-so, that is why I'm in this job.
0:28:20 > 0:28:22But leaving technology to the one side,
0:28:22 > 0:28:26I find even with a dishwasher or a washing machine,
0:28:26 > 0:28:29you get a chap who'll come out to fix it, and he'll go,
0:28:29 > 0:28:31"It would cost you more for me to fix this in time
0:28:31 > 0:28:34"than it would to buy a new machine."
0:28:34 > 0:28:37When items, when devices are manufactured en masse,
0:28:37 > 0:28:39the overall cost comes down, economies of scale.
0:28:39 > 0:28:42But then if you're wanting a replacement part,
0:28:42 > 0:28:44that part maybe isn't being manufactured any more,
0:28:44 > 0:28:47so does cost more to buy that one individual part,
0:28:47 > 0:28:50so it can be cheaper - as frustrating as it is,
0:28:50 > 0:28:52it can be cheaper to buy a new device.
0:28:52 > 0:28:53That's how it is, I'm afraid.
0:28:54 > 0:28:56Meanwhile, many of you took the opportunity
0:28:56 > 0:28:58to visit our gripe corner,
0:28:58 > 0:29:02to get off your chest the consumer issues that wind you up the most.
0:29:02 > 0:29:05What I get annoyed about is football merchandise.
0:29:05 > 0:29:08It's so expensive, such a rip-off.
0:29:08 > 0:29:13What makes me cross is that our bills keep going up all the time,
0:29:13 > 0:29:17and the increase we get in the pension doesn't cover it whatsoever.
0:29:17 > 0:29:19If I get one more call about PPI...
0:29:19 > 0:29:20Stop calling!
0:29:20 > 0:29:21Stop calling!
0:29:25 > 0:29:27During the years that we've been making this series,
0:29:27 > 0:29:29I've been able to see at first hand
0:29:29 > 0:29:32just how fast the nature of scams has changed,
0:29:32 > 0:29:34and how quickly the fraudsters behind them
0:29:34 > 0:29:37are able to exploit the latest technology
0:29:37 > 0:29:39to get their hands on your money.
0:29:39 > 0:29:42Now, what makes that especially concerning is that, these days,
0:29:42 > 0:29:45just about all of the clever gizmos and gadgets
0:29:45 > 0:29:48that we have in our homes to make our lives run seamlessly
0:29:48 > 0:29:51are, in some way, hooked into the internet.
0:29:51 > 0:29:54So it's not just our laptops or our phone and tablets
0:29:54 > 0:29:56that the crooks might be targeting -
0:29:56 > 0:30:00all sorts of our personal data can be floating around
0:30:00 > 0:30:03in a way that means that it could, quite conceivably,
0:30:03 > 0:30:04fall into the wrong hands.
0:30:07 > 0:30:10Russell Morris from Swansea runs a successful cleaning firm
0:30:10 > 0:30:13with the help of his partner, Pauline,
0:30:13 > 0:30:17which they manage using their Facebook account.
0:30:17 > 0:30:21About 80% of our customers come from Facebook, you know,
0:30:21 > 0:30:24they've been finding out via that method, basically.
0:30:24 > 0:30:26Not only does he advertise on Facebook,
0:30:26 > 0:30:29but his PayPal account is also linked to it,
0:30:29 > 0:30:31so, once logged onto Facebook,
0:30:31 > 0:30:33he can manage his bookings, make payments,
0:30:33 > 0:30:36and receive money from his cleaning jobs.
0:30:36 > 0:30:40That online account is pretty much a portal to his entire business.
0:30:42 > 0:30:44We rely on social media a lot,
0:30:44 > 0:30:49it has made a big impact on our business,
0:30:49 > 0:30:53and I don't think we would have took off as well as we have without it.
0:30:53 > 0:30:57Russell had never had any problems running his business this way
0:30:57 > 0:31:00until one day, on his way to another cleaning job,
0:31:00 > 0:31:02he tried to buy some petrol.
0:31:02 > 0:31:06I went to use my bank card to pay for the fuel - declined.
0:31:08 > 0:31:10I was thinking, "Oh, that's strange,
0:31:10 > 0:31:13"I've only just been paid."
0:31:13 > 0:31:19Russell called Pauline, as she had access to the bank's online account.
0:31:19 > 0:31:22So I went on online banking on my phone,
0:31:22 > 0:31:24and I saw the account was empty.
0:31:25 > 0:31:29£800 had been cleared out of Russell's account.
0:31:29 > 0:31:32Pauline then checked her own account,
0:31:32 > 0:31:34and £400 had gone from there, too.
0:31:34 > 0:31:38And a further 1,500 had gone from her mother's account!
0:31:38 > 0:31:40They were baffled as to what was going on.
0:31:41 > 0:31:45We just saw the money was gone, but we didn't know why it happened,
0:31:45 > 0:31:47and we said, "Listen, Mam, we don't know where it's gone,
0:31:47 > 0:31:49"but it's gone."
0:31:49 > 0:31:52After long conversations with the bank,
0:31:52 > 0:31:55it became apparent that they had been targeted by hackers.
0:31:55 > 0:31:58The bank agreed to reimburse all that had been stolen,
0:31:58 > 0:32:02pending an investigation to prove that a fraud had taken place -
0:32:02 > 0:32:06but, by now, Russell was in no doubt as to the explanation.
0:32:07 > 0:32:12They hacked into my Facebook account that was linked with PayPal,
0:32:12 > 0:32:17and then they could do whatever they wanted to and empty as much money
0:32:17 > 0:32:23that I had or Pauline had or her mother had linked into the account.
0:32:24 > 0:32:27Russell and Pauline did receive a notification from Facebook
0:32:27 > 0:32:30saying that their account had been suspended
0:32:30 > 0:32:33as it had detected suspicious activity -
0:32:33 > 0:32:37but their bank said that because PayPal told them that their password
0:32:37 > 0:32:40had been used to access the Facebook and PayPal account,
0:32:40 > 0:32:43it had been deemed a genuine transaction, which,
0:32:43 > 0:32:48as far as the bank was concerned, meant there had been no fraud.
0:32:50 > 0:32:53They basically said that we authorised it, didn't they?
0:32:53 > 0:32:56Yeah, it looks as if we authorised it.
0:32:56 > 0:33:00But the only proof you can get
0:33:00 > 0:33:04is through Facebook, I would imagine,
0:33:04 > 0:33:06and Facebook is hard to contact.
0:33:06 > 0:33:10Russell says he tried to contact Facebook to ask for more details
0:33:10 > 0:33:12about who had logged in and where from,
0:33:12 > 0:33:14but says the company didn't respond -
0:33:14 > 0:33:15and, in the meantime,
0:33:15 > 0:33:18as the bank no longer considered that this was a fraud,
0:33:18 > 0:33:21Russell was asked to pay back most of the money.
0:33:21 > 0:33:24You feel like a criminal, that's basically it,
0:33:24 > 0:33:26you feel like a criminal.
0:33:26 > 0:33:29And when nobody is listening to you, the banks are believing PayPal,
0:33:29 > 0:33:32PayPal are not coming back with anything...
0:33:32 > 0:33:35Russell and Pauline still had no idea how the hackers
0:33:35 > 0:33:38managed to get hold of their Facebook passwords,
0:33:38 > 0:33:43which then automatically gave them access to their PayPal account.
0:33:43 > 0:33:46They're very clever people...
0:33:46 > 0:33:48and I wish I could get my hands on them.
0:33:49 > 0:33:53We asked IT security expert David McClelland to have a look
0:33:53 > 0:33:55at Russell and Pauline's story,
0:33:55 > 0:33:58and he believes that linking accounts like PayPal
0:33:58 > 0:34:02to one Facebook password had left them vulnerable to attack.
0:34:02 > 0:34:04The lynchpin of the fraud here
0:34:04 > 0:34:06is the fact that Russell's Facebook account
0:34:06 > 0:34:09was connected to a PayPal account.
0:34:09 > 0:34:12Not only that, but Russell's PayPal account
0:34:12 > 0:34:15had three different bank accounts linked to it.
0:34:15 > 0:34:19The fraudsters struck lucky - they got three for the price of one here.
0:34:19 > 0:34:24As far as the bank is concerned, as far as the merchant here, PayPal,
0:34:24 > 0:34:27is concerned, Russell authorised these payments -
0:34:27 > 0:34:31you know, the hackers had a username and password.
0:34:31 > 0:34:34David also believes that, given that Facebook has so many users,
0:34:34 > 0:34:38it's near impossible to get them to invest the time it'll take
0:34:38 > 0:34:40to help prove that this was a fraud.
0:34:42 > 0:34:45I think that it needs to go to Facebook as the right place
0:34:45 > 0:34:47to try and get these charges contested.
0:34:47 > 0:34:49One would hope that Facebook
0:34:49 > 0:34:52would be able to look at some login information
0:34:52 > 0:34:53and notice when, all of a sudden,
0:34:53 > 0:34:56someone was logging in from a different country
0:34:56 > 0:34:57on to that Facebook account
0:34:57 > 0:35:00to try to spot where these fraudulent logins happened
0:35:00 > 0:35:02and try and ascertain and, you know,
0:35:02 > 0:35:05make sense of where this fraud has actually happened.
0:35:05 > 0:35:08Unfortunately, because it's one of the biggest internet companies
0:35:08 > 0:35:11in the world, with well over a billion users,
0:35:11 > 0:35:15that probably makes the job a little bit harder.
0:35:15 > 0:35:18Well, we contacted Facebook about Russell and Pauline's case,
0:35:18 > 0:35:22and it told us that it is still looking into what may have happened
0:35:22 > 0:35:24in this instance - but, in the meantime,
0:35:24 > 0:35:25the company suggested
0:35:25 > 0:35:28that anyone else who thinks that they may have been hacked
0:35:28 > 0:35:31should head to the help page on its website,
0:35:31 > 0:35:34which enables users to change their passwords
0:35:34 > 0:35:36and review suspicious activity.
0:35:37 > 0:35:40We also spoke to PayPal, and they confirmed
0:35:40 > 0:35:43that Russell had linked his Facebook and PayPal accounts
0:35:43 > 0:35:46so that he could automatically pay for advertising
0:35:46 > 0:35:48that he purchased on Facebook,
0:35:48 > 0:35:51thereby approving a billing agreement which allowed Facebook
0:35:51 > 0:35:55to deduct money automatically from his PayPal account -
0:35:55 > 0:35:57but PayPal said when Russell got in touch
0:35:57 > 0:36:01to report 25 unauthorised payments made from his PayPal account,
0:36:01 > 0:36:05an investigation found no evidence of unauthorised access
0:36:05 > 0:36:06or suspicious activity...
0:36:08 > 0:36:10..but Russell and Pauline are adamant
0:36:10 > 0:36:12that their accounts were hacked and, as a result,
0:36:12 > 0:36:15they are now thousands of pounds out of pocket -
0:36:15 > 0:36:17and with their confidence severely shaken,
0:36:17 > 0:36:21they avoid using websites to make payments altogether.
0:36:21 > 0:36:24But in this day and age, that's really hard -
0:36:24 > 0:36:27as computers or mobile phones have become so vital.
0:36:27 > 0:36:31And there are those who would find it impossible to function
0:36:31 > 0:36:33without relying on some kind of technology.
0:36:33 > 0:36:36So we've asked Pete Turner, a digital security expert,
0:36:36 > 0:36:39to help Pauline and Russell become more technology savvy.
0:36:40 > 0:36:41So, first of all,
0:36:41 > 0:36:44what sort of technology do you have at home right now?
0:36:44 > 0:36:47iPad, smartphone,
0:36:47 > 0:36:49PCs, laptops.
0:36:49 > 0:36:52With the new devices that are in our homes,
0:36:52 > 0:36:54perhaps a lot of people are not aware of some of the risks
0:36:54 > 0:36:57that come with them. We've got some things inside here
0:36:57 > 0:37:00that can show you some of the new smart devices
0:37:00 > 0:37:02that can help make your life easier,
0:37:02 > 0:37:05and I'll help explain, perhaps, about how to make them secure
0:37:05 > 0:37:08- for everyday use.- Yeah.
0:37:08 > 0:37:10This specially adapted house in South East London
0:37:10 > 0:37:12is full of the sort of technology
0:37:12 > 0:37:15that we can expect to see in houses of the future.
0:37:15 > 0:37:18Heating, lighting, even coffee machines and kettles -
0:37:18 > 0:37:20they're all connected to the household internet
0:37:20 > 0:37:23so that they can be controlled by using a mobile phone.
0:37:24 > 0:37:27That router connects to the internet, so that's the gateway,
0:37:27 > 0:37:29if you like, to connect all those devices,
0:37:29 > 0:37:31but it's also a gateway for the hackers.
0:37:32 > 0:37:36While Pete shows Pauline and Russell around this house of the future,
0:37:36 > 0:37:39we've arranged for a friendly computer hacker
0:37:39 > 0:37:40to see if he can hack into the Wi-Fi
0:37:40 > 0:37:44and take control of some of those household appliances.
0:37:45 > 0:37:49Very soon, lots of devices are going to be connected to the internet.
0:37:49 > 0:37:52Some of them may be more useful and more applicable to some people than
0:37:52 > 0:37:54others and, you know, in a kitchen,
0:37:54 > 0:37:57not just coffee machines and kettles,
0:37:57 > 0:38:00but your fridge, for example, can be connected to the supermarket,
0:38:00 > 0:38:03so when you run dry of things, it can order some more for you.
0:38:05 > 0:38:08So if your fridge was connected to a supermarket to record food
0:38:08 > 0:38:12when things run low, in the event of a successful hack,
0:38:12 > 0:38:16criminals could potentially access all sorts of information -
0:38:16 > 0:38:18most likely including bank details.
0:38:18 > 0:38:21Why would someone want to hack my kettle?
0:38:21 > 0:38:23Well, it's true, actually, it's not a particularly big risk to you,
0:38:23 > 0:38:26there's no personal information on your kettle,
0:38:26 > 0:38:29but what the hackers want to do is to control that device
0:38:29 > 0:38:33because it can send a signal to other computers.
0:38:33 > 0:38:37Pete says any device controlled by your Wi-Fi is a potential window
0:38:37 > 0:38:40for hackers to get to other computers and devices in your house,
0:38:40 > 0:38:44including televisions, laptops and tablets.
0:38:44 > 0:38:46As Russell and Pauline leave the kitchen,
0:38:46 > 0:38:50the hacker has successfully managed to hack into the coffee machine.
0:38:50 > 0:38:51He even switches it on.
0:38:55 > 0:38:57And it seems there are plenty of other gadgets and devices,
0:38:57 > 0:39:00from security cameras to baby monitors,
0:39:00 > 0:39:02that could face the same risk.
0:39:04 > 0:39:07These devices are vulnerable because of the camera on them,
0:39:07 > 0:39:11and there have been instances where people have access to baby monitors,
0:39:11 > 0:39:15like this, and used it to actually communicate with the baby,
0:39:15 > 0:39:18because some of them have voice control and a speaker where you can
0:39:18 > 0:39:21actually talk to them. And that is really creepy.
0:39:21 > 0:39:22Yeah, that's creepy, yeah.
0:39:22 > 0:39:26However creepy, that is exactly what's happened
0:39:26 > 0:39:28in the house right now.
0:39:28 > 0:39:31Our hacker has managed to hack into the baby monitor, too,
0:39:31 > 0:39:33and he's watching everything.
0:39:33 > 0:39:35So when they make their way back to Pete's car,
0:39:35 > 0:39:39Pauline and Russell are in for a bit of a shock.
0:39:39 > 0:39:41So we've seen some great connected devices,
0:39:41 > 0:39:45but what you won't know about is, whilst we've been filming today,
0:39:45 > 0:39:48we've actually been hacking live into some of those devices.
0:39:48 > 0:39:53And you can see here, this is us upstairs, being filmed.
0:39:53 > 0:39:55How does that make you feel?
0:39:55 > 0:39:56Oh, good God.
0:39:56 > 0:39:57It's more than scary,
0:39:57 > 0:40:01it's horrifying that he could be watching your every move.
0:40:01 > 0:40:04With the possibility of so many of our household devices
0:40:04 > 0:40:06being linked to the internet,
0:40:06 > 0:40:09experts like Pete think it's become increasingly important
0:40:09 > 0:40:13to really gen up on what's needed to protect yourself from hackers -
0:40:13 > 0:40:15and there's three really simple bits of advice.
0:40:17 > 0:40:21So, top ways in which you can stay safe at home is to make sure
0:40:21 > 0:40:26you download the latest security updates for your operating system
0:40:26 > 0:40:30on your computer and any other firmware updates for those devices.
0:40:30 > 0:40:34Secondly, make sure you have up-to-date antivirus software
0:40:34 > 0:40:37on all your machines - really, really important,
0:40:37 > 0:40:39stop those hackers getting into you in the first place.
0:40:39 > 0:40:42Thirdly, make sure you change your passwords regularly
0:40:42 > 0:40:44and choose passwords that are different
0:40:44 > 0:40:48for each of the different devices or services you use.
0:40:48 > 0:40:52And that's particularly useful advice for Pauline and Russell.
0:40:52 > 0:40:54When their password was hacked,
0:40:54 > 0:40:56it gave criminals access to their bank account,
0:40:56 > 0:40:58so they've learned that in future
0:40:58 > 0:41:02they need to be much more careful online.
0:41:02 > 0:41:05Scary, it's been a real eye-opener.
0:41:05 > 0:41:10Yeah, you realise nothing's safe, you've got to be so cautious.
0:41:10 > 0:41:13The biggest thing I'm going to take away from today
0:41:13 > 0:41:14is changing the passwords -
0:41:14 > 0:41:16to protect ourselves, we've got to change it.
0:41:24 > 0:41:27Well, if you have a story you'd like us to investigate,
0:41:27 > 0:41:30then we now have even more ways to get in touch.
0:41:30 > 0:41:33You can join in a conversation on our Facebook page,
0:41:33 > 0:41:35just look for BBC Rip-Off Britain.
0:41:35 > 0:41:37As well as the most up-to-date news,
0:41:37 > 0:41:40you'll also find exclusive behind-the-scenes clips
0:41:40 > 0:41:43and pictures from the show.
0:41:43 > 0:41:48Or you can log onto our website, bbc.co.uk/ripoffbritain,
0:41:48 > 0:41:51where there's plenty of advice and fact sheets full of tips
0:41:51 > 0:41:54on how you can avoid getting ripped off.
0:41:54 > 0:41:55Or if you'd like to send us an e-mail,
0:41:55 > 0:41:59then our address is ripoffbritain@bbc.co.uk...
0:42:01 > 0:42:04..and, of course, you can send a letter to our address...
0:42:17 > 0:42:19Now, I must confess, and the girls will be nodding at this,
0:42:19 > 0:42:23I'm not the most tech-savvy person you'll meet in life,
0:42:23 > 0:42:24but I've always been worried
0:42:24 > 0:42:26about some of the things that can happen online -
0:42:26 > 0:42:28but hearing some of those stories today
0:42:28 > 0:42:30has only made me more convinced
0:42:30 > 0:42:34that the biggest names could be doing more to safeguard our details
0:42:34 > 0:42:37against hackers so that our most valuable information
0:42:37 > 0:42:40doesn't end up in the wrong hands.
0:42:40 > 0:42:43I was so interested to meet our former hacker Mustafa
0:42:43 > 0:42:44and hear what he had to say on this.
0:42:44 > 0:42:47He really does feel that even some of the best-known businesses
0:42:47 > 0:42:50are still leaving themselves vulnerable to attack,
0:42:50 > 0:42:52which is a bit worrying, to say the least -
0:42:52 > 0:42:55and he should know, because before he cleaned up his act,
0:42:55 > 0:42:57he could well have been the one going after them.
0:42:57 > 0:43:01So I think we'd all like to see the companies up their game considerably
0:43:01 > 0:43:03in the fight against cybercriminals.
0:43:03 > 0:43:05I think we all agree with that.
0:43:05 > 0:43:08And while, of course, many of them are doing exactly that,
0:43:08 > 0:43:11we've all got our own part to play in this, as well,
0:43:11 > 0:43:14so maybe today we all picked up some tips on how to make sure
0:43:14 > 0:43:19that we're doing our bit to protect ourselves - as well as others.
0:43:19 > 0:43:21But I'm afraid that we're going to have to leave it for today.
0:43:21 > 0:43:25We really loved having you with us and look forward to seeing you again
0:43:25 > 0:43:28the next time we're back. So, until then, from all of us on the team,
0:43:28 > 0:43:29- bye-bye.- Bye-bye.- Bye-bye.