One-third of UK web users would hand over a password, bank account number or their mother’s maiden name via email or social networks to someone they don’t know, a new survey has revealed.
The survey, carried out by security and computer management firm Faronics, revealed that while 71% of people are worried about the amount of personal information held online about them, 32% would still hand over confidential information.
It is social networks that engender the most trust, despite the fact that they are rapidly becoming a favoured attack vector for cyber criminals, Faronics VP of marketing Bimal Parmar told CBR.
Speaking to CBR at the InfoSec conference in London, he said that many users will trust people they don’t know when using sites like LinkedIn as they could be on the lookout for new job opportunities. One-third of respondents admitted to accepting contact requests on LinkedIn from people they don’t know. Just 15% of Facebook users admitted doing the same.
As Parmar points out there has been a huge amount written and spoken about Facebook’s security issues, but the same cannot be said of LinkedIn. Nearly half (46%) of Facebook users said they are customised their privacy settings on the site but just 20% of LinkedIn users said the same.
But what does this mean for businesses? Parmar said Faronics has noticed an increase in the number of spear phishing attacks that use a compromised social network account as a starting point.
"Cyber criminals now spend a lot of time preparing their attacks," he told CBR. "They will carefully select their target using information freely available on LinkedIn and then focus the attack on them. If the target sees a link from a friend on Facebook or LinkedIn they are more likely to click it, without knowing that account has been compromised."
The research also revealed a shocking lack of awareness from many people about online threats and their effectiveness.
Over half (51%) of respondents claimed they are not at risk of cyber fraud and 28% believing the information they post on social network sites holds no value to a cyber criminal. Only 21% of the respondents had even heard of spear phishing, the survey revealed. Spear phishing is when a targeted email is sent to a specific person within an organisation with the aim of breaching corporate security.
"As more cybercriminals employ social engineering tactics that tap into basic human psychology, even the smallest bits of information – such as birthdays, job roles, supplier information, travel plans or details of hobbies – can be used to form a convincing email that the victim could believe originated from a trusted source," added Parmar. "All the target has to do is open the email, click on a link or download an attachment for spyware, keyloggers or other malware to be dropped onto the computer and open the entire corporate network to fraud."
