Although the majority of people (71 percent) are worried about the amount of personal information held online, a significant proportion would still share confidential information with people they didn’t know, with almost a third (32 percent) stating they would send a password, bank account number or their mother’s maiden name via email or a social networking website, say the result of a recent Faronics survey exploring UK web users’ attitudes to online security.
Respondents were particularly trusting of LinkedIn, with 33 percent of site users admitting they have accepted connection requests from people they do not know. This compares to just 15 percent of Facebook users.
Likewise, while 46 percent of Facebook users have customized their privacy settings, just 20 percent of those on LinkedIn have controlled who can view the information on their profiles.
“While the risk of identity theft and other cyber threats is relatively well known, many users still seem to be in complete denial that it could happen to them,” said Bimal Parmar, VP marketing at Faronics. “The aim of this survey was to assess just how knowledgeable people are about the specific security threats that their social networking accounts can pose – and the results are eye-opening to say the least.”
“Users are clearly concerned about the amount of data held online, yet they are continuing to trust social networking sites with very personal information. A growing concern is that when it comes to websites such as LinkedIn, it appears that this trust is even greater. While issues surrounding Facebook’s security – or lack thereof – have been widely covered in the media, LinkedIn is very rarely mentioned, which has led users to fall into the trap of believing that the security risk is lower. Unfortunately, as the threat landscape evolves, and attacks become more targeted and convincing, this is simply not the case.”
Many people still do not believe they are a target for cybercriminals, with 51 percent of all respondents claiming they are not at risk of cyber fraud, and 28 percent believing there is no value in the information posted on their social networking pages.
That said, 13 percent would be happy to send a password to complete strangers online if the request looked genuine. This, coupled with the fact that only a fifth (21 percent) of those asked have heard of attacks such as spear-phishing indicates a significant lack of awareness when it comes to changing cybercrime tactics.
“Today, any personal information can be harvested and exploited by a determined cybercriminal,” continued Parmar. “As more cybercriminals employ social engineering tactics that tap into basic human psychology, even the smallest bits of information – such as birthdays, job roles, supplier information, travel plans or details of hobbies – can be used to form a convincing email that the victim could believe originated from a trusted source. All the target has to do is open the email, click on a link or download an attachment for spyware, keyloggers or other malware to be dropped onto the computer and open the entire corporate network to fraud.”
Just over half (51 percent) of those surveyed admitted they had been targeted by a spear phishing campaign, with 12 percent of these attacks reported as successful. This is perhaps unsurprising as 60 percent of all respondents stated they would be willing to open an unsolicited email attachment if it looked relevant, interesting or appeared to be in response to an action they had taken (for example, a receipt for a recent purchase).
This lack of consideration could be partially down to the fact that just 24 percent of UK organizations admit to having specific policies, training and/or safe computing measures in place to prevent an employee from falling victim to spear phishing and other email scams, and a fifth of survey respondents still believe that a good PC security package will solely protect them from fraud.
The full findings of the survey can be found here.