National Identity Fraud Prevention Week is well underway now with a mission to drill into consumers and businesses why it is important not to throw away seemingly innocuous documents containing vital personal details. Of course the link between paper-based and online crime is a very real one; crims happily using banking or other details gleaned from real documents in order to set up phony accounts etc etc. But this campaign also raises broader issues about id fraud and the education work being done to try and prevent it.

Those questions of course include why does the public still not GET IT? And the answer, according to some including Detica's head of security and risk, David Porter, is that these campaigns don't really get to the hub of the problem. Mass media campaigns are happy to report when the latest celeb has fallen victim to massive online fraud, but a serious exploration of the issues and what you should be doing to prevent it are usually confined to "shred everything, don't write your passwords down and be vigilant". Which is fine, if you know what to be vigilant about. As Porter told me, if people knew what identity really means in the online world – that the details they enter on MySpace are fair game for example – then we might go some way to surmounting the problem, and addressing that tricky conundrum; how to educate consumers without scaring them off shopping and using services online.

One of the most common methods of online fraud is the phishing attack, as I'm sure you're all aware. Although some of these are now getting more sophisticated, targeting specific customers with information gleaned from other sources and keyloggers to make the fake messages appear genuine, most still leave a lot to be desired, with poor English and easily spottable mistakes. Without being too condescending, it seems amazing that the good ol' British public is still so gullible, but as Porter told me, up to 24 percent of UK adults are functionally illiterate, depending on which figures you look at, and so easy prey for the phishing industry. That epxlains tinhgs.