Online fraud 2009


Published on

With our love of shopping going online, it is no surprise that fraudsters are turning to the internet. Read more to find out the real risks of online identity theft whilst shopping online.

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Online fraud 2009

  1. 1. Online FraudA CPP white paperJune 2009
  2. 2. Contents 1.1 Foreword 1. Industry Facts 1.3 Research methodology 1.4 Key Findings - Nearly half of consumers have made no improvements to their personal or home security in the last 12 months - “It won’t happen to me” and saving money are the main reasons people are not updating their internet protection - Vast majority of consumers think internet security is vital - Seven out of ten consumers targeted by online fraudsters in the last 12 months - A third of consumer can’t identify a fraudulent e-mail - Big increase in the level of unsolicited spam reported 1.5 Conclusion 1.6 Avoiding online fraud 1.7 Further Information 1.8 About CPP Online Fraud June 2009
  3. 3. Introduction 3 1.1 Foreword With more online retailers than ever before and more of us using the internet to shop online, it is no surprise that fraudsters are turning to the internet as a channel to defraud consumers. In the UK it is conservatively estimated the number of people banking online has soared by 500 per cent during the past seven years to just over 21 million people in 2007. Indeed, the growth of the online channel for retailers has prompted organisations likeCNP is fraud APACS, the UK payments association, to launch specific online safety awareness campaigns like ‘Be Card Smart Online.’ over the The proliferation of card fraud is largely due to the increase in card-not-present fraud (CNP), telephone, which increased 13% to £328.4m in 2008 and now accounts for over 50% of total card fraud. CNP is fraud over the telephone, via mail order or on the internet – although the figures are not available broken down, the majority of this fraud is via the internet. via mail Furthermore, because the banks’ own systems have proven very difficult to attack andorder or on penetrate, criminals have turned their attention to getting information directly from online banking customers themselves. As a consequence online banking fraud losses increased 132% to £52.5m in 2008 – the largest percentage increase of any type of card fraud recorded.the internet Criminals attack consumers via the internet in a variety of ways including phishing and malware or Trojan e-mails. Phishing e-mails pretend to be from a customer’s bank, urging the recipient to click on a link that takes them to a fake website identical to that of their bank before being asked to verify personal security information. These e-mails look genuine and will often include advice on how to avoid fraud. Malware or Trojan viruses are a relatively new type of computer virus first seen in mid-2004, which can be installed on a computer without the user’s knowledge. Previously these were used to inject harmful Online Fraud June 2009
  4. 4. 4 software to damage the computer; however, they now install spyware such as keyloggers to steal information. Keyloggers work by recording keystrokes or websites people visit, in order to capture passwords and other sensitive personal information. Hidden away, they are invisible to the user and do not disrupt the computer’s operating system, which leaves the user oblivious to the ‘Trojan horse’ feeding the fraudster sensitive information. Although phishing attacks soared by over 180%, with over 20,000 phishing frauds in the first six months of 2008, online banking customers are increasingly being targeted by malware attacks. Malware is the main reason why the industry continues to remind customers to ensure they have up-to-date anti-virus software installed and ensure their computer’s firewalls are active. There has also been a parallel increase in ‘smishing’ where fraudsters use SMS text messages to extract sensitive information from their victims by cashing in on the rise of mobile phone marketing by banks and other companies. It is also the reason CPP conducted this research to look at consumer behaviour and whether it is enough to protect themselves against this growing type of fraud. The central message is banking customers need to remain wary of online scams such as unsolicited e- mails claiming to be from their bank, and only use a fully protected PC, with regularly updated anti-virus software and a firewall installed and switched on. Even the protection industry has a battle to stay abreast of the fraudsters however. One of the reasons why we are seeing so many fraudulent e-mails is because the anti-virus software industry struggles to keep up with the scamming. Originally hackers and creators of malware did it for the infamy - just so people would know who they were and what they were capable of. But once they realised how lucrative it could be, the amount of fraudulent e-mails and spam has gone through the roof. It will be interesting to look at the interim card fraud figures published in October 2009 and whether the online banking fraud losses will have increased further and at the expense of There were other types of fraud.over 20,000 phishingfrauds in the first six months of 2008 Online Fraud June 2009
  5. 5. 5 1. Industry Facts The proliferation of online threats continues and it is contributing to the raise in online banking fraud losses. - More than 20,600 phishing incidents in the first six months of 2008, compared to 7,200 in the same period of 2007 - Online banking losses totalled £52.3m, in 2008, up 132% on 2007 - Phone, internet and mail order fraud totalled £328.4m, up 13% on 2007 - Total card fraud losses totalled £609.9m, up 14% on 2007 Source: APACS – the UK’s payments association 2008 - Major stories in the media include a recruitment business that was hit by an extensive phishing scam that saw 1.3 million details downloaded to servers in the Ukraine in 2007 - Get Safe Online reported criminal websites selling personal information for as little as £5 per piece of data or £80 for an entire package - According to Panda Security 10 million internet users worldwide were hit with identity fraud related malware in 2008 - The consolidation of UK banks has lead to an increase in phishing e-mails as fraudsters look to exploit confusion caused by mergers and takeovers - Fraudsters are now targeting the physical location of computers to lure people with false news reports i.e. customising the story to make it as though appear it happened locally and make people click on the more ‘credible’ malware link 1.3 Research Methodology CPP commissioned research in May 2009 to establish how widespread web scams are and how many consumers have been targeted in the past year. Unfortunately, this problem is likely to get worse as the recession takes hold. The ultimate aim was to quantify the level of online risk across the country and the extent to which consumers can identify fraudulent e-mail scams and whether people are putting the right precautions in place to protect themselves. A representative sample of 1,563 UK credit and debit card holders aged 18+ were questioned by Matters. The report also draws on figures from APACS, the UK’s payment association.Online Fraud June 2009
  6. 6. 6 1.4 Key Findings Nearly half of consumers have made no improvements to their personal or home security in the last 1 months While nearly half of consumers (48%) have not made any improvements to their personal or home security in the last 12 months, nearly a third (29%) of consumers have renewed their internet security packages and 20% added additional security to their home PC. Somewhat surprising, consumers aged 55+ are most likely to have renewed their internet security (32%) and added additional security to their home PC (26%). Those aged 35-44 are least likely (48%) to have made any overall improvements to their security in the last twelve months closely followed by those aged 25-34 (47%). Q: What improvements have you made to your personal or home security in the last 12 months?Online Fraud June 2009
  7. 7. 7 ‘It won’t happen to me’ and saving money are the main reasons people are not updating their internet protection Despite the risk of online fraud and the increase in phishing e-mails and malware attacks, just under half (45.3%) will not be renewing their internet protection over the next 12 months. When asked why they did not plan to do so, a third gave no reason, but 27% said they saw no need as they had never been a victim of online fraud, 19% said they were making cut-backs and 12% said they didn’t know how to do it. Interestingly men are more likely to be motivated by making financial cut-backs in the current recession and because they have never been a victim of online fraud, whereas woman are more likely not to have renewed their internet protection because they don’t know how to do it. Q: Which of the following are reasons why you will not be renewing your Internet protection over the next twelve months? ‘It won’t happen to me’ and saving money are the main reasons people arenot updatingtheir internet protection Online Fraud June 2009
  8. 8. 8 Vast majority of consumers think internet security is vital Despite just under half (45.3%) not intending to renew their internet protection during the next twelve months, a massive 80% believe internet security is vital. The other 20% said it was either an unnecessary cost, too techie or they didn’t understand it. Older consumers (55+) were most likely (85%) to say internet security is vital whereas younger consumers aged 16-24 are least likely (65%) to consider it important. Regionally all areas consider internet security important with only 11% variance between Edinburgh who considered it most important (85%) and Newcastle who thought it least important (74%). Q: Which one of the following statements do you most agree with? Older consumers (55+) were most likely(85%) to say internet security is vital Online Fraud June 2009
  9. 9. A massive 77% of consumer targeted by online fraudsters Helping to drive awareness of the online threat, a massive 77% of consumers have received a fake e-mail from seemingly legitimate banks in the last 12 months and 70% have received bogus online pleas for money overseas. Furthermore, 67% were confirmed winners of sham competitions. Because fraudsters typically target millions of consumers in the hope of defrauding a few, there is little variance between genders and regionally. However, those aged 55+ were most likely (83%) to report receiving fake e-mails from their banks, opposed to 56% of those aged 16-24. The likely explanation of this is either older people are more likely to be targeted because they are more trusting, or the younger demographic expect to receive such scams online and therefore they have less impact. As a consequence of the majority of us being bombarded from numerous online threats, it is not surprising that 68% think they are at risk from unsolicited e-mails, 59% from computer viruses, 45% computer worms and 41% from having their personal data stolen. Demographically, the perception of risk decreases the younger the consumer. Q: Have you experienced any of the following in the past year?Online Fraud June 2009
  10. 10. 10 A third of consumer can’t identify a fraudulent e-mail In line with the increasing sophistication of phishing e-mails and fraudulent pop-up windows, 33% do not think they would be able to spot a fake e-mail. The days of receiving phishing e-mails with basic spelling mistakes or from a Nigerian prince wanting to deposit £50m into your account are long past. Demographically, those aged 45-54 years old are least likely to identify a fraudulent e-mail (47%). Those aged 16-34 years old are the most confident they could spot a fraudulent e-mail (62%). Encouragingly 84% of consumers who receive a fraudulent e-mail delete it immediately and 21% report it to their antivirus protection supplier. Worryingly, however, and contrary to all advice, 9% of consumers would open the e-mail putting themselves at risk from malware viruses designed to capture sensitive financial information like passwords and account numbers. More concerning, nearly a third (27%) of 16-24 year olds would open the e-mail to see what the e-mail was about, as opposed to only 3% of consumers aged 55 and over – clearly more education is required. Q: Are you certain you’d be able to spot a fake email? (by age) 84% of consumerswho receivea fraudulent e-mail delete itimmediately Online Fraud June 2009
  11. 11. 11 Big increase in the level of unsolicited spam Echoing many of the news stories in the media, 64% of consumers say they have received more unsolicited e-mails in the last 12 months compared to the year before. Women report to receiving more fraudulent e-mails last year then men (67% vs. 60%), but it is the youngest age group (16-24) who say they have received more spam in the last 12 months (70%). This may be due to the fact they are more likely to organise their social lives and buy gadgets and applications online. Regionally, all cities reported seeing a big uplift in unsolicited e-mails, but in Belfast a huge 93% of consumers reported receiving more spam in the last 12 months. When asked how they identify how their computer’s security has been compromised by a virus, most (largely incorrectly) reported slower processing speed, screen freezes, error messages and pop ups. 21% said they wouldn’t know what signs to look for. Interesting only 3.5% (largely correctly) said malware is designed to show no obvious sign it has infected a computer in order to quietly extract as much sensitive information as possible. Women are slightly less aware than men that malware is designed to show no obvious sign (2.7% vs. 4.8%). Q: Do you think that you are receiving more unsolicited emails in the last 12 months? (by City)Online Fraud June 2009
  12. 12. 1 1.5 Conclusion There is no doubt that the internet is a safe and convenient channel to shop and conduct online banking. However, it is only safe if consumers are vigilant and follow some basic security rules that will make it much harder for the fraudsters to succeed. What is This report tells us that UK consumers are being targeted by fraudsters online via phishing and malware e-mails; designed to extract sensitive financial information and infect ourclear is that computers for the same reason. Despite seven out of ten consumers being targeted by online fraudsters in the last 12 months, nearly half of consumers have made no improvements fraudsters to their personal security even though an overwhelming majority saying it is vital. Driving this behaviour is a feeling that it will not happen to me, wanting to save money inwill continue difficult economic times and a lack of knowledge. to use the What is clear is that fraudsters will continue to use the internet to defraud people and this report shows a big increase in the level of unsolicited e-mails over the last 12 months. With a third of consumers not able to identify fraudulent e-mails, consumers need to be internet to very vigilant when looking out for fraudsters trying to access their accounts and fool people into handing over security information such has user names, passwords and defraud sensitive information. people Consumers need to recognise the dangers of online fraud and reverse the fraud trend that saw an increase of 132% last year. A consumer education programme would clearly help reverse this trend and differentiate the lead organisation. 1.6 Avoiding Online Fraud Michael Lynch is an identity fraud expert at CPP and offers the following advice to consumers to help protect them from identity fraud. Michael is responsible for the UK Identity Protection portfolio at CPP Group Plc (CPP). Michael has been with CPP for 14 years. His experience in financial services extends to customer service, new product and market development and affinity relationships. During his time at CPP, Michael has helped bring to market the UK’s market leading service, Identity Protection, which now protects over one million UK consumers from the consequences of this rapidly growing crime. In addition, Michael had used his expertise to create a commercial identity theft product aimed at protecting businesses of all sizes. He has also developed a strong understanding of consumer perception and reaction to identity theft and its consequences. Michael has also been responsible for breaking some major identity theft stories in the media including the availability of fraudulent documents online, car cloning, junk mail and postal theft. Committed to forging industry co-operation to reduce the opportunities for identity theft he is leading the call for consumers to change their behaviour to counter what is becoming an increasingly sophisticated and intrusive crime. Michael is media trained across print and broadcast and is available for media interviews on the issue of identity fraud. Online Fraud June 2009
  13. 13. 13 Top tips to avoid falling victim to online fraud - Install a trusted anti-virus system and firewalls on your computer and keep them up-to-date. Usually a message will appear on your screen when updates need downloading. - Do not click on any link in an unsolicited e-mail, even if it seems genuine. If you are not sure type in the web address and contact the bank using an advertised phone number or directory enquiries. - Do not engage in any dialogue with the fraudster by replying to phishing e-mails and providing bogus information or letting the sender know it is a scam. Doing so puts you and your PC at risk. - Do not give out PIN numbers or passwords to anyone online either, or over the telephone. Because fraudsters start with very limited information, phishing e- mails are usually addressed to “Dear Customer” rather than to your name. - Remember banks will never contact you by e-mail to ask you to enter passwords or any other sensitive information by clicking on a link or visiting a website. Phishing e-mails are sent out completely at random in the hope of reaching a live e-mail address of a customer with an account at the bank being targeted - Only make online transactions on secure websites that begin ‘https’ or display a padlock in the corner of your web browser. - Register your payment cards Verified by Visa or MasterCard SecureCode. It adds another layer to online security and makes it harder to fall victim to online fraud. - Always log out after shopping online and save the confirmation e-mail as a record of your order. - If you are a victim of online banking fraud, you have protection through the Banking Code, which states that unless you have acted fraudulently or without reasonable care you will not be liable for losses caused by someone else. - Avoid carrying out transactions on public or shared computers.Do not give out PIN 1.7 For further information please contact:numbers or Nick Jones PR and Communications Managerpasswords CPP Group Plc Holgate Park York YO26 4GA to anyone Tel 0104 544 387 E-Mail Web Online Fraud June 2009
  14. 14. 14CPP is an award 1.8 About CPPwinning organisation: The CPP Group Plc (CPP) is an international marketing services business offering bespoke- Named in the customer management solutions to multi-sector business partners designed to enhance Sunday Times 008 PricewaterhouseCoopers their customer revenue, engagement and loyalty, whilst at the same time reducing cost to Profit Track 100 deliver improved profitability.- Finalists in the National This is underpinned by the delivery of a portfolio of complementary Life Assistance Business Awards, 3i Growth products, designed to help our mutual customers cope with the anxieties associated with Strategy category, 008 the challenges and opportunities of everyday life.- Finalist in the National Whether our customers have lost their wallets, been a victim of identity fraud or looking Business Awards, Business for lifestyle perks, CPP can help remove the hassle from their lives leaving them free to of the Year category, 007 enjoy life. Globally, our Life Assistance products and services are designed to simplify the and Highly Commended in 008 complexities of everyday living whether these affect personal finances, home, travel, personal data or future plans. When it really matters, Life Assistance enables people to live- Named in the Sunday Times life and worry less. 006, 007 and 008 HSBC Top Track 50 companies Established in 1980, CPP has 11 million customers and more than 200 business partners across Europe, North America and Asia Pacific and employs 2,000 employees who handle- Regional winner of the National Training Awards, 16 million consumer sales and service conversations each year. 007 In 2008, Group revenue was £259.5 million, an increase of more than 15 per cent over the- Winner of the BITC Health, previous year. This is more than five times the sales level of 2000. Work and Well-Being Award, 007 What We Do:- Highly Commended in the CPP provides a range of assistance products and services that allow our business partners UK National Customer to forge closer relationships with their customers. Service Awards, 006 We have a solution for many eventualities, including:- Winner of the Tamworth Community Involvement - Insuring our customers’ mobile phones Award, 006. Finalist in - Protecting the payment cards in our customers’ wallets and purses, should 008 these be lost or stolen- Highly Commended in The Press Best Link Between - Providing assistance and protection if a customer’s keys are lost or stolen Business and Education, 005 - Providing advice, insurance and assistance to protect customers against the and 006. Winner in 007 insidious crime of identity fraud- Award Finalist in the National Business Awards, - Offering advice to people considering legal action and cover for the costs Innovation category, 005 involved in taking action on a range of legal issues- Award finalist for the 003 - Providing discounts on everyday lifestyle commodities The Royal Bank of Scotland Sunday Times Business - Monitoring the credit status of our customers Awards- Recognised as one of the Growth Plus Europe 500 For more information on CPP visit: companies Online Fraud June 2009