Consumer awareness of phishing attacks has doubled between 2007 and 2009 – with the number of consumers falling prey to this attack increasing six times during that period – making users more hesitant to share personal information.
This is one of the findings of RSA's 2010 Global Online Consumer Security Survey, which polled more than 4 500 consumers regarding their awareness of online threats, concerns with the safety of their personal information online, their willingness to share it, and desire for better identity protection.
It found that, while hundreds of thousands of people join social networking web sites each day, nearly 65% of the people who belong to these online communities are less likely to interact or share information due to their growing security concerns.
Social networking web sites have become a hotbed for online criminals because of their global reach and the participation by hundreds of millions of active users from all walks of life. This makes these communities prime targets for exploitation by criminals who seek to steal personal information through socially engineered attacks. Reflective of this trend, four out of five (81%) people using social networking web sites displayed concern with the safety of their personal information online.
"Fraudsters continue to fine-tune their array of tactics that result in millions of computers becoming infected with Trojans and other malware,” says Rob Watson, country manager of RSA, the security division of EMC South Africa.
"These online criminals are adept at social engineering and prey upon victims with at-the-ready phishing attacks. There have been countless cases of fraudsters exploiting consumers who seek the latest news about popular celebrities, rock stars and professional athletes – by injecting malware into the websites that report on these famous people, to infect the devices used by those who visit them. While it’s difficult to prevent consumers from visiting these websites, we can do a better job of protecting those who do.”
In the 2007 RSA survey, one in three (38%) consumers reported they were aware of the threat of a phishing attack – and this figure doubled two years later where three in four (76%) have become aware. Additionally, nine in 10 consumers (89%) reported concerns caused by the threat of phishing.
Despite increased awareness, there have been a growing number of online users who have fallen victim to a phishing attack. In the 2007 RSA survey, only one in 20 (5%) consumers cited they had fallen victim to a phishing scam – and this rate increased six times in 2009 to represent three in 10 (29%) consumers. This increase can be attributed to more advanced communications tactics and greater sophistication such as improved writing and web design skills on the part of the fraudsters. Phishing attacks have also evolved in an attempt to exploit users in different ways and through a broader variety of methods including offshoots known as “vishing”, “smishing” and “spear phishing".
The sheer volume of phishing attacks launched in recent months is also contributing to these trends. The RSA Anti-Fraud Command Centre recently reported its highest-yet detected rates of phishing attacks between August and October 2009 and a 17% increase in the total number of attacks between 2008 and 2009.
An increase in consumer knowledge of online threats is further evident from the growth in the number of respondents that expressed awareness of Trojans. In 2007, 63% of consumers stated that they were aware of Trojans and in 2009 that figure climbed to 81%.
Online banking continues to provide significant levels of convenience for consumers, with quick access to checking and savings accounts, the ability to pay bills automatically, transfer funds and perform other financial transactions. There is dramatic adoption of the use of social networks, which people use to form and nurture personal and professional relationships. Finally, healthcare organisations as well as local, para-statal and government agencies are bringing the power and convenience of online services to the consumer – offering access to personal healthcare records, driver’s licence renewals and payment of tax bills.
Consumers using online banking (86%) websites shared more concern with the theft of their personal information than those using healthcare portals (64%) and government websites (68%). As a result of these concerns, more than half of all consumers reported that they are less likely to share information and interact on these web sites.
Consumers agree that their identities should be better protected than a simple username and password on social networking (59%), healthcare (64%), government (70%) and online banking (80%) websites. Nine in 10 consumers are willing to use a stronger form of security if offered.
“Consumer education and awareness is one of the first lines of defence in the ongoing battle against online crime,” Watson said. “Organisations will continue to take advantage of the many benefits offered by the Internet and consumers will seek the convenience offered online – all despite the inherent risks. In order to maximise the full value of what the online world can offer, organisations need to take a layered approach to online security in order to best protect their customers’ information.”