Have you been a victim of cyber crime? If not, the chances are you will know someone who has – one-in-six adults have fallen foul of online fraudsters, according to a study from Experian, the global information services company.
Smartphones but not smart users
The Experian study of polled 2,000 UK adults and found that the vast majority (93%) have security or antivirus software installed on their desktops and laptops, it also revealed that three-in-five (60%) of smartphone users and almost half (48%) of tablet users admitted to having no malware protection on their devices.
That’s a lot of people leaving themselves vulnerable to cyber attacks.
More worrying still is that almost half of smartphone users use their devices for internet banking, while one-in-three use them for online shopping – meaning the fraudsters can help themselves to a lot of sensitive information.
Desktops and laptops still most vulnerable
Despite the high number of mobile users operating with little or no malware protection, desktop and laptop computers are still the most vulnerable devices with over three-quarters (83%) of users having been victims of cyber crime.
This compares with just over a fifth (21%) of smartphone users and just one-in-six (17%) of tablet users who have suffered similar attacks.
We could soon see this number rise though as fraudsters tap into the opportunities presented to them by tablet users – accessing the internet among adults has almost doubled from 16% in 2012 to 30% in 2013, while almost over half (59%) of people access the internet through a smartphone, a 6% rise since 2012.
It might not just be your own security you’re compromising, but those of your friends, family or business associates as over a quarter (27%) have transferred money to another person using a banking app.
So why aren’t people taking these online security threats seriously?
Automatic protection?
The problem isn’t that people aren’t concerned about the threat of cyber crime – two-fifths (41%) of device owners feel vulnerable to attack – it’s more that they assume their phone is automatically provided with protection.
Just over one-in-ten (12%) say they’ve not taken preventative measures on their device because they assumed they were automatically protected by their mobile service provider.
A further 8% thought they were protected by the company they’ve transacted with, another 8% aren’t getting protected as they think it’s too expensive, while just under a third (29%) didn’t have any anti-virus software installed as they weren’t aware they needed it.
So what types of cyber attack are out there?
Types of cyber attack
Tactic | Description | Victims |
Phishing attacks | Fraudsters create bogus websites, apps and emails that look like they come from legitimate companies in order to dupe victims into providing their genuine login, passwords and other credentials. These details are then used to steal money from the victim’s account.Phishing attacks occur where the legitimate user has malware on their device and are redirected to a “fake” login screen rather than the actual one. | Consumers & businesses |
Session hijacking attack | The fraudster secretly lies in wait for a victim to start a session and then takes over control of the session to make an unauthorized transaction. Malware is typically the source or culprit enabling fraudulent access; but whereas phishing attacks redirect users to a fake login site, session hijackers wait for the legitimate user to log into the official site. Following authentication the attacker is able to change the customer’s contact information associated with the account or to submit fraudulent transactions behind the scenes, as part of the same authenticated session.This attack is less common than phishing attacks because it requires direct session intervention by the fraudster – he/she must initiate a fraudulent transaction while the legitimate user is logged into the session. | Consumers & businesses |
Session Replay attack | Fraudsters use malware to capture complete session details including the login credentials and passwords which they later “replay” to trick companies into allowing unauthorized account access and diversion of funds, goods and services.A fraudster monitors legitimate accountholder transaction activity and captures the Javascript payload and HTTP headers from the transaction. The attacker then manipulates certain elements of the data (for example, changing the beneficiary information and modifying the transaction amount on a wire transfer) and resubmits the event with an identical Javascript payload. | Consumers & businesses |
Man-in-the-browser attack | The fraudster is transacting simultaneously to the legitimate user. This requires significant coordination and preparation by the attacker because his/her manipulation of transaction details would need to be in-stream and prior to the legitimate user clicking the Submit button. As the legitimate user is preparing transaction details, the attacker is changing account, amount, and other transaction details – so the customer believes that he/she is submitting one transaction, while the attacker is manipulating all of the transaction details behind the scenes. | Consumers & businesses |
If you’re concerned about the threat posed by cyber criminals, what can you do to minimize the threat?
No phishing
Phishing is a type of online fraud in which cyber criminals send emails or instant messages pretending to be from a reputable company or person, in an attempt to access sensitive information, such as login credentials or account details.
One in every 3,722 emails in the UK is a phishing attempt, according to Symantec, owner of Norton Antivirus, and around half of cyberattacks in the UK involve phishing. That’s roughly 20% higher than the global average.
For more on this wide-reaching type of cyber crime, check out our blog What is phishing? And how can you avoid it?
How to protect your device
If you want to protect your device, try following these steps…
- Always use a home screen lock on your mobile device.
- Don’t store account names and passwords or digital pictures of your passport.
- Remember that public Wi-Fi networks are riskier than private networks, so be careful with the information you access and share when out and about.
- Your email account is linked to many other accounts and can hold a large amount of personally-identifiable information. Beware of phishing – if an email seems suspicious, don’t open it or click on any links within the email. A legitimate company will never ask for your account details via email. If contacts have received emails from you that you did not send, change all your online passwords immediately.
- Social media sites can reveal your date of birth, maiden name, email address and enough information to help a fraudster identify possible PIN and/or passwords. Consider how much you really need to share.
If you’re worried you may have become the victim of identity fraud you should notify the police, contact your bank and check their credit file and highlight any fraudulent activity.
Have you fallen victim of a cyber attack? Let us know…