Modernizing Authentication — What It Takes to Transform Secure Access
Internet users are more educated and suspicious than ever before but, according to a survey conducted in October for storage software giant EMC's RSA security division, they're still falling victim to phishing scams at a higher rate than ever before.
RSA's 2010 Global Online Consumer Security Survey, conducted by InfoSurv, asked 4,539 people to characterize their online behavior and their awareness of trojans, viruses, and sophisticated phishing scams that continue to plague Internet users.
And while 76 percent of the users surveyed reported they were aware of the threat of a phishing attack -- up from 38 percent in a similar 2007 RSA survey -- 29 percent of respondents said they had been the victim of a phishing scam, a nearly sixfold increase from 2007 when only one in 20 people queried admitted to being duped by a phishing plot.
"Consumer education and awareness is one of the first lines of defense in the ongoing battle against online crime," said Christopher Young, RSA's senior vice president of products. "Organizations will continue to take advantage of the many benefits offered by the Internet and consumers will seek the convenience offered online -- all despite the inherent risks."https://o1.qnsr.com/log/p.gif?;n=203;c=204634421;s=15939;x=7936;f=201702151714490;u=j;z=TIMESTAMP;a=20304455;e=i
RSA officials said this increase -- despite the improved awareness -- is a testament to the perpetrators' improved writing and Web design skills and their ability to infiltrate and exploit social networking sites to access personal information and spread their malware.
Law enforcement agencies and security software experts alike are astounded by the growing sophistication and organization of hacking and phishing operations that have managed to extend their illegal operations around the globe.
In October, the FBI's Operation Phish Phry bust netted 100 alleged con artists based in the U.S. and Egypt who are accused of perpetrating the largest cyber fraud phishing scam in U.S. history.
Authorities claim the Egyptian-backed hackers snared bank account numbers and other personal information from an "unknown number" of banking customers through unsolicited e-mails that directed victims to official-looking banking or credit card Web sites where their personal and account information was obtained. The group then recruited "runners" who set up bank accounts where the funds stolen from the compromised accounts could be transferred and withdrawn.
RSA said that while hundreds of thousands of people join social networking sites such as Facebook, MySpace and Twitter each day, the survey exposed that nearly two in three (65 percent) people who belong to these online communities said they are less likely to interact or share information due to their growing security concerns.
Four out of five people using social networking sites said they are concerned about the safety of their personal information online yet they still continue to log on and share their work information, personal photos and details such as where they live and the names and Web pages of their friends and family.
"These online criminals are adept at social engineering and prey upon victims with at-the-ready phishing attacks," Young said. "While it's difficult to prevent consumers from visiting these websites, we can do a better job of protecting those who do."
In this survey, 81 percent of respondents said they were aware of trojans, up from 63 percent in 2007.
They also had a greater appreciation for the importance of security and identity protection depending on what type of site they were visiting.
Consumers using online banking (86 percent) sites shared more concern with the theft of their personal information than those using healthcare portals (64 percent) and government sites (68 percent), according to the survey. As a result of these concerns, well more than half of all consumers reported that they are less likely to share information and interact on these sites.
Users also agree that their identities should be better protected than a simple username and password on social networking (59 percent), healthcare (64 percent), government (70 percent) and online banking (80 percent) sites and nine in 10 consumers said they would be willing to use a stronger form of security if it were offered.
RSA said all the survey participants were between 18 and 65 years of age and lived in 22 different countries scattered across North America, South America, Europe and Asia Pacific.