Two studies show that young people are more likely to be victims of online fraud. You’d think that since most of them have not experienced a world without Internet and email, they’d be more knowledgeable about phishing and other schemes. But the insurance group CPP reports that the 16 to 24 age group is most likely to be defrauded in the UK, with the average loss of £590 per incident.
Another research study comes from RSA’s 2010 Global Online Consumer Security Survey, which shows very interesting trends:
“Of the more significant survey findings, consumer awareness of phishing attacks has doubled between 2007 and 2009 and the number of consumers who reported falling prey to this attack increased six times during that same period of time. In addition, while hundreds of thousands of people join social networking websites each day, the survey exposed that nearly two in three (65 percent) people who belong to these online communities indicated they are less likely1 to interact or share information due to their growing security concerns.”
“Consumers using online banking (86 percent) websites shared more concern with the theft of their personal information than those using healthcare portals (64 percent) and government websites (68 percent). As a result of these concerns, more than half of all consumers reported that they are less likely to share information and interact on these websites.”
This is interesting because it tells us that phishers are becoming more and more sophisticated and consumer education is limited in terms of preventing online and identity fraud.
What it means for us is that social engineering is becoming more sophisticated, fooling even those who don’t remember the times before Internet and mobile phones. Effective proactive defense includes mutli-channel authentication options, which will not rely on user alertness or mental mapping techniques. Secure web services will help protect their customers without relying on their ability to recognize a phishing attack.
In similar news, twitter.com got passwords stolen the other day. It appears no site is safe.
Thanks @Flint. We just posted on the Twitter attack. Makes me wonder though, who’s desperate enough to phish a site that has no money and no sensitive information?
With the knowledge that many people use the same passwords across multiple sites, there is value in phishing ANY online login system. Because email+password can be identical on every site, any and every site is vunerable to phishing. Phishers need a single chink in the armour, if the phished person uses a hotmail/gmail etc email address for Twitter, there’s a high chance the email can then be comprimised with the same login details, and once you have the email you could wait for a ‘statement’ email from a bank or credit card …
Thanks @Malcolm. Very helpful information… And speaking of which, maybe I should go change a few of my passwords.