View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

UK web users would hand over passwords to strangers: survey

Faronics research reveals shocking lack of security awareness among UK web users

By Steve Evans

One-third of UK web users would hand over a password, bank account number or their mother’s maiden name via email or social networks to someone they don’t know, a new survey has revealed.

The survey, carried out by security and computer management firm Faronics, revealed that while 71% of people are worried about the amount of personal information held online about them, 32% would still hand over confidential information.

It is social networks that engender the most trust, despite the fact that they are rapidly becoming a favoured attack vector for cyber criminals, Faronics VP of marketing Bimal Parmar told CBR.

Speaking to CBR at the InfoSec conference in London, he said that many users will trust people they don’t know when using sites like LinkedIn as they could be on the lookout for new job opportunities. One-third of respondents admitted to accepting contact requests on LinkedIn from people they don’t know. Just 15% of Facebook users admitted doing the same.

As Parmar points out there has been a huge amount written and spoken about Facebook’s security issues, but the same cannot be said of LinkedIn. Nearly half (46%) of Facebook users said they are customised their privacy settings on the site but just 20% of LinkedIn users said the same.

But what does this mean for businesses? Parmar said Faronics has noticed an increase in the number of spear phishing attacks that use a compromised social network account as a starting point.

"Cyber criminals now spend a lot of time preparing their attacks," he told CBR. "They will carefully select their target using information freely available on LinkedIn and then focus the attack on them. If the target sees a link from a friend on Facebook or LinkedIn they are more likely to click it, without knowing that account has been compromised."

Content from our partners
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape
Green for go: Transforming trade in the UK

The research also revealed a shocking lack of awareness from many people about online threats and their effectiveness.

Over half (51%) of respondents claimed they are not at risk of cyber fraud and 28% believing the information they post on social network sites holds no value to a cyber criminal. Only 21% of the respondents had even heard of spear phishing, the survey revealed. Spear phishing is when a targeted email is sent to a specific person within an organisation with the aim of breaching corporate security.

"As more cybercriminals employ social engineering tactics that tap into basic human psychology, even the smallest bits of information – such as birthdays, job roles, supplier information, travel plans or details of hobbies – can be used to form a convincing email that the victim could believe originated from a trusted source," added Parmar. "All the target has to do is open the email, click on a link or download an attachment for spyware, keyloggers or other malware to be dropped onto the computer and open the entire corporate network to fraud."

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU