SlideShare a Scribd company logo

Online fraud 2009

CPPGroup Plc
CPPGroup Plc

With our love of shopping going online, it is no surprise that fraudsters are turning to the internet. Read more to find out the real risks of online identity theft whilst shopping online.

1 of 14
Download to read offline
Online Fraud A CPP white paper June 2009
Contents 1.1 Foreword 1. Industry Facts 1.3 Research methodology 1.4 Key Findings - Nearly half of consumers have made no improvements to their personal or home security in the last 12 months - “It won’t happen to me” and saving money are the main reasons people are not updating their internet protection - Vast majority of consumers think internet security is vital - Seven out of ten consumers targeted by online fraudsters in the last 12 months - A third of consumer can’t identify a fraudulent e-mail - Big increase in the level of unsolicited spam reported 1.5 Conclusion 1.6 Avoiding online fraud 1.7 Further Information 1.8 About CPP Online Fraud June 2009
Introduction 3 1.1 Foreword With more online retailers than ever before and more of us using the internet to shop online, it is no surprise that fraudsters are turning to the internet as a channel to defraud consumers. In the UK it is conservatively estimated the number of people banking online has soared by 500 per cent during the past seven years to just over 21 million people in 2007. Indeed, the growth of the online channel for retailers has prompted organisations like CNP is fraud APACS, the UK payments association, to launch specific online safety awareness campaigns like ‘Be Card Smart Online.’ over the The proliferation of card fraud is largely due to the increase in card-not-present fraud (CNP), telephone, which increased 13% to £328.4m in 2008 and now accounts for over 50% of total card fraud. CNP is fraud over the telephone, via mail order or on the internet – although the figures are not available broken down, the majority of this fraud is via the internet. via mail Furthermore, because the banks’ own systems have proven very difficult to attack and order or on penetrate, criminals have turned their attention to getting information directly from online banking customers themselves. As a consequence online banking fraud losses increased 132% to £52.5m in 2008 – the largest percentage increase of any type of card fraud recorded. the internet Criminals attack consumers via the internet in a variety of ways including phishing and malware or Trojan e-mails. Phishing e-mails pretend to be from a customer’s bank, urging the recipient to click on a link that takes them to a fake website identical to that of their bank before being asked to verify personal security information. These e-mails look genuine and will often include advice on how to avoid fraud. Malware or Trojan viruses are a relatively new type of computer virus first seen in mid-2004, which can be installed on a computer without the user’s knowledge. Previously these were used to inject harmful Online Fraud June 2009
4 software to damage the computer; however, they now install spyware such as keyloggers to steal information. Keyloggers work by recording keystrokes or websites people visit, in order to capture passwords and other sensitive personal information. Hidden away, they are invisible to the user and do not disrupt the computer’s operating system, which leaves the user oblivious to the ‘Trojan horse’ feeding the fraudster sensitive information. Although phishing attacks soared by over 180%, with over 20,000 phishing frauds in the first six months of 2008, online banking customers are increasingly being targeted by malware attacks. Malware is the main reason why the industry continues to remind customers to ensure they have up-to-date anti-virus software installed and ensure their computer’s firewalls are active. There has also been a parallel increase in ‘smishing’ where fraudsters use SMS text messages to extract sensitive information from their victims by cashing in on the rise of mobile phone marketing by banks and other companies. It is also the reason CPP conducted this research to look at consumer behaviour and whether it is enough to protect themselves against this growing type of fraud. The central message is banking customers need to remain wary of online scams such as unsolicited e- mails claiming to be from their bank, and only use a fully protected PC, with regularly updated anti-virus software and a firewall installed and switched on. Even the protection industry has a battle to stay abreast of the fraudsters however. One of the reasons why we are seeing so many fraudulent e-mails is because the anti-virus software industry struggles to keep up with the scamming. Originally hackers and creators of malware did it for the infamy - just so people would know who they were and what they were capable of. But once they realised how lucrative it could be, the amount of fraudulent e-mails and spam has gone through the roof. It will be interesting to look at the interim card fraud figures published in October 2009 and whether the online banking fraud losses will have increased further and at the expense of There were other types of fraud. over 20,000 phishing frauds in the first six months of 2008 Online Fraud June 2009
5 1. Industry Facts The proliferation of online threats continues and it is contributing to the raise in online banking fraud losses. - More than 20,600 phishing incidents in the first six months of 2008, compared to 7,200 in the same period of 2007 - Online banking losses totalled £52.3m, in 2008, up 132% on 2007 - Phone, internet and mail order fraud totalled £328.4m, up 13% on 2007 - Total card fraud losses totalled £609.9m, up 14% on 2007 Source: APACS – the UK’s payments association 2008 - Major stories in the media include a recruitment business that was hit by an extensive phishing scam that saw 1.3 million details downloaded to servers in the Ukraine in 2007 - Get Safe Online reported criminal websites selling personal information for as little as £5 per piece of data or £80 for an entire package - According to Panda Security 10 million internet users worldwide were hit with identity fraud related malware in 2008 - The consolidation of UK banks has lead to an increase in phishing e-mails as fraudsters look to exploit confusion caused by mergers and takeovers - Fraudsters are now targeting the physical location of computers to lure people with false news reports i.e. customising the story to make it as though appear it happened locally and make people click on the more ‘credible’ malware link 1.3 Research Methodology CPP commissioned research in May 2009 to establish how widespread web scams are and how many consumers have been targeted in the past year. Unfortunately, this problem is likely to get worse as the recession takes hold. The ultimate aim was to quantify the level of online risk across the country and the extent to which consumers can identify fraudulent e-mail scams and whether people are putting the right precautions in place to protect themselves. A representative sample of 1,563 UK credit and debit card holders aged 18+ were questioned by Tickbox.net/Opinion Matters. The report also draws on figures from APACS, the UK’s payment association. Online Fraud June 2009
6 1.4 Key Findings Nearly half of consumers have made no improvements to their personal or home security in the last 1 months While nearly half of consumers (48%) have not made any improvements to their personal or home security in the last 12 months, nearly a third (29%) of consumers have renewed their internet security packages and 20% added additional security to their home PC. Somewhat surprising, consumers aged 55+ are most likely to have renewed their internet security (32%) and added additional security to their home PC (26%). Those aged 35-44 are least likely (48%) to have made any overall improvements to their security in the last twelve months closely followed by those aged 25-34 (47%). Q: What improvements have you made to your personal or home security in the last 12 months? Online Fraud June 2009
7 ‘It won’t happen to me’ and saving money are the main reasons people are not updating their internet protection Despite the risk of online fraud and the increase in phishing e-mails and malware attacks, just under half (45.3%) will not be renewing their internet protection over the next 12 months. When asked why they did not plan to do so, a third gave no reason, but 27% said they saw no need as they had never been a victim of online fraud, 19% said they were making cut-backs and 12% said they didn’t know how to do it. Interestingly men are more likely to be motivated by making financial cut-backs in the current recession and because they have never been a victim of online fraud, whereas woman are more likely not to have renewed their internet protection because they don’t know how to do it. Q: Which of the following are reasons why you will not be renewing your Internet protection over the next twelve months? ‘It won’t happen to me’ and saving money are the main reasons people are not updating their internet protection Online Fraud June 2009
8 Vast majority of consumers think internet security is vital Despite just under half (45.3%) not intending to renew their internet protection during the next twelve months, a massive 80% believe internet security is vital. The other 20% said it was either an unnecessary cost, too techie or they didn’t understand it. Older consumers (55+) were most likely (85%) to say internet security is vital whereas younger consumers aged 16-24 are least likely (65%) to consider it important. Regionally all areas consider internet security important with only 11% variance between Edinburgh who considered it most important (85%) and Newcastle who thought it least important (74%). Q: Which one of the following statements do you most agree with? Older consumers (55+) were most likely (85%) to say internet security is vital Online Fraud June 2009
A massive 77% of consumer targeted by online fraudsters Helping to drive awareness of the online threat, a massive 77% of consumers have received a fake e-mail from seemingly legitimate banks in the last 12 months and 70% have received bogus online pleas for money overseas. Furthermore, 67% were confirmed winners of sham competitions. Because fraudsters typically target millions of consumers in the hope of defrauding a few, there is little variance between genders and regionally. However, those aged 55+ were most likely (83%) to report receiving fake e-mails from their banks, opposed to 56% of those aged 16-24. The likely explanation of this is either older people are more likely to be targeted because they are more trusting, or the younger demographic expect to receive such scams online and therefore they have less impact. As a consequence of the majority of us being bombarded from numerous online threats, it is not surprising that 68% think they are at risk from unsolicited e-mails, 59% from computer viruses, 45% computer worms and 41% from having their personal data stolen. Demographically, the perception of risk decreases the younger the consumer. Q: Have you experienced any of the following in the past year? Online Fraud June 2009
10 A third of consumer can’t identify a fraudulent e-mail In line with the increasing sophistication of phishing e-mails and fraudulent pop-up windows, 33% do not think they would be able to spot a fake e-mail. The days of receiving phishing e-mails with basic spelling mistakes or from a Nigerian prince wanting to deposit £50m into your account are long past. Demographically, those aged 45-54 years old are least likely to identify a fraudulent e-mail (47%). Those aged 16-34 years old are the most confident they could spot a fraudulent e-mail (62%). Encouragingly 84% of consumers who receive a fraudulent e-mail delete it immediately and 21% report it to their antivirus protection supplier. Worryingly, however, and contrary to all advice, 9% of consumers would open the e-mail putting themselves at risk from malware viruses designed to capture sensitive financial information like passwords and account numbers. More concerning, nearly a third (27%) of 16-24 year olds would open the e-mail to see what the e-mail was about, as opposed to only 3% of consumers aged 55 and over – clearly more education is required. Q: Are you certain you’d be able to spot a fake email? (by age) 84% of consumers who receive a fraudulent e-mail delete it immediately Online Fraud June 2009
11 Big increase in the level of unsolicited spam Echoing many of the news stories in the media, 64% of consumers say they have received more unsolicited e-mails in the last 12 months compared to the year before. Women report to receiving more fraudulent e-mails last year then men (67% vs. 60%), but it is the youngest age group (16-24) who say they have received more spam in the last 12 months (70%). This may be due to the fact they are more likely to organise their social lives and buy gadgets and applications online. Regionally, all cities reported seeing a big uplift in unsolicited e-mails, but in Belfast a huge 93% of consumers reported receiving more spam in the last 12 months. When asked how they identify how their computer’s security has been compromised by a virus, most (largely incorrectly) reported slower processing speed, screen freezes, error messages and pop ups. 21% said they wouldn’t know what signs to look for. Interesting only 3.5% (largely correctly) said malware is designed to show no obvious sign it has infected a computer in order to quietly extract as much sensitive information as possible. Women are slightly less aware than men that malware is designed to show no obvious sign (2.7% vs. 4.8%). Q: Do you think that you are receiving more unsolicited emails in the last 12 months? (by City) Online Fraud June 2009
1 1.5 Conclusion There is no doubt that the internet is a safe and convenient channel to shop and conduct online banking. However, it is only safe if consumers are vigilant and follow some basic security rules that will make it much harder for the fraudsters to succeed. What is This report tells us that UK consumers are being targeted by fraudsters online via phishing and malware e-mails; designed to extract sensitive financial information and infect our clear is that computers for the same reason. Despite seven out of ten consumers being targeted by online fraudsters in the last 12 months, nearly half of consumers have made no improvements fraudsters to their personal security even though an overwhelming majority saying it is vital. Driving this behaviour is a feeling that it will not happen to me, wanting to save money in will continue difficult economic times and a lack of knowledge. to use the What is clear is that fraudsters will continue to use the internet to defraud people and this report shows a big increase in the level of unsolicited e-mails over the last 12 months. With a third of consumers not able to identify fraudulent e-mails, consumers need to be internet to very vigilant when looking out for fraudsters trying to access their accounts and fool people into handing over security information such has user names, passwords and defraud sensitive information. people Consumers need to recognise the dangers of online fraud and reverse the fraud trend that saw an increase of 132% last year. A consumer education programme would clearly help reverse this trend and differentiate the lead organisation. 1.6 Avoiding Online Fraud Michael Lynch is an identity fraud expert at CPP and offers the following advice to consumers to help protect them from identity fraud. Michael is responsible for the UK Identity Protection portfolio at CPP Group Plc (CPP). Michael has been with CPP for 14 years. His experience in financial services extends to customer service, new product and market development and affinity relationships. During his time at CPP, Michael has helped bring to market the UK’s market leading service, Identity Protection, which now protects over one million UK consumers from the consequences of this rapidly growing crime. In addition, Michael had used his expertise to create a commercial identity theft product aimed at protecting businesses of all sizes. He has also developed a strong understanding of consumer perception and reaction to identity theft and its consequences. Michael has also been responsible for breaking some major identity theft stories in the media including the availability of fraudulent documents online, car cloning, junk mail and postal theft. Committed to forging industry co-operation to reduce the opportunities for identity theft he is leading the call for consumers to change their behaviour to counter what is becoming an increasingly sophisticated and intrusive crime. Michael is media trained across print and broadcast and is available for media interviews on the issue of identity fraud. Online Fraud June 2009
13 Top tips to avoid falling victim to online fraud - Install a trusted anti-virus system and firewalls on your computer and keep them up-to-date. Usually a message will appear on your screen when updates need downloading. - Do not click on any link in an unsolicited e-mail, even if it seems genuine. If you are not sure type in the web address and contact the bank using an advertised phone number or directory enquiries. - Do not engage in any dialogue with the fraudster by replying to phishing e-mails and providing bogus information or letting the sender know it is a scam. Doing so puts you and your PC at risk. - Do not give out PIN numbers or passwords to anyone online either, or over the telephone. Because fraudsters start with very limited information, phishing e- mails are usually addressed to “Dear Customer” rather than to your name. - Remember banks will never contact you by e-mail to ask you to enter passwords or any other sensitive information by clicking on a link or visiting a website. Phishing e-mails are sent out completely at random in the hope of reaching a live e-mail address of a customer with an account at the bank being targeted - Only make online transactions on secure websites that begin ‘https’ or display a padlock in the corner of your web browser. - Register your payment cards Verified by Visa or MasterCard SecureCode. It adds another layer to online security and makes it harder to fall victim to online fraud. - Always log out after shopping online and save the confirmation e-mail as a record of your order. - If you are a victim of online banking fraud, you have protection through the Banking Code, which states that unless you have acted fraudulently or without reasonable care you will not be liable for losses caused by someone else. - Avoid carrying out transactions on public or shared computers. Do not give out PIN 1.7 For further information please contact: numbers or Nick Jones PR and Communications Manager passwords CPP Group Plc Holgate Park York YO26 4GA to anyone Tel 0104 544 387 E-Mail nick.jones@cpp.co.uk Web www.cppgroup.com Online Fraud June 2009
14 CPP is an award 1.8 About CPP winning organisation: The CPP Group Plc (CPP) is an international marketing services business offering bespoke - Named in the customer management solutions to multi-sector business partners designed to enhance Sunday Times 008 PricewaterhouseCoopers their customer revenue, engagement and loyalty, whilst at the same time reducing cost to Profit Track 100 deliver improved profitability. - Finalists in the National This is underpinned by the delivery of a portfolio of complementary Life Assistance Business Awards, 3i Growth products, designed to help our mutual customers cope with the anxieties associated with Strategy category, 008 the challenges and opportunities of everyday life. - Finalist in the National Whether our customers have lost their wallets, been a victim of identity fraud or looking Business Awards, Business for lifestyle perks, CPP can help remove the hassle from their lives leaving them free to of the Year category, 007 enjoy life. Globally, our Life Assistance products and services are designed to simplify the and Highly Commended in 008 complexities of everyday living whether these affect personal finances, home, travel, personal data or future plans. When it really matters, Life Assistance enables people to live - Named in the Sunday Times life and worry less. 006, 007 and 008 HSBC Top Track 50 companies Established in 1980, CPP has 11 million customers and more than 200 business partners across Europe, North America and Asia Pacific and employs 2,000 employees who handle - Regional winner of the National Training Awards, 16 million consumer sales and service conversations each year. 007 In 2008, Group revenue was £259.5 million, an increase of more than 15 per cent over the - Winner of the BITC Health, previous year. This is more than five times the sales level of 2000. Work and Well-Being Award, 007 What We Do: - Highly Commended in the CPP provides a range of assistance products and services that allow our business partners UK National Customer to forge closer relationships with their customers. Service Awards, 006 We have a solution for many eventualities, including: - Winner of the Tamworth Community Involvement - Insuring our customers’ mobile phones Award, 006. Finalist in - Protecting the payment cards in our customers’ wallets and purses, should 008 these be lost or stolen - Highly Commended in The Press Best Link Between - Providing assistance and protection if a customer’s keys are lost or stolen Business and Education, 005 - Providing advice, insurance and assistance to protect customers against the and 006. Winner in 007 insidious crime of identity fraud - Award Finalist in the National Business Awards, - Offering advice to people considering legal action and cover for the costs Innovation category, 005 involved in taking action on a range of legal issues - Award finalist for the 003 - Providing discounts on everyday lifestyle commodities The Royal Bank of Scotland Sunday Times Business - Monitoring the credit status of our customers Awards - Recognised as one of the Growth Plus Europe 500 For more information on CPP visit: www.cppgroup.com companies Online Fraud June 2009

Recommended

Mobile and SIM data - quantifying the risk - 2011
Mobile and SIM data - quantifying the risk - 2011Mobile and SIM data - quantifying the risk - 2011
Mobile and SIM data - quantifying the risk - 2011CPPGroup Plc
 
Hacking - how accessible is it?
Hacking - how accessible is it?Hacking - how accessible is it?
Hacking - how accessible is it?CPPGroup Plc
 
Facebook white paper2011
Facebook white paper2011Facebook white paper2011
Facebook white paper2011CPPGroup Plc
 
Stop Fraud
Stop FraudStop Fraud
Stop Fraud- Mark - Fullbright
 
Anti social neighbours survey
Anti social neighbours surveyAnti social neighbours survey
Anti social neighbours surveyCPPGroup Plc
 
CPP contactless and mobile payments white paper 2011
CPP contactless and mobile payments white paper 2011CPP contactless and mobile payments white paper 2011
CPP contactless and mobile payments white paper 2011CPPGroup Plc
 
Uk wireless network hijacking 2010
Uk wireless network hijacking 2010Uk wireless network hijacking 2010
Uk wireless network hijacking 2010CPPGroup Plc
 
Uk lost and stolen cards 2010
Uk lost and stolen cards 2010Uk lost and stolen cards 2010
Uk lost and stolen cards 2010CPPGroup Plc
 

Recommended

Mobile and SIM data - quantifying the risk - 2011
Mobile and SIM data - quantifying the risk - 2011Mobile and SIM data - quantifying the risk - 2011
Mobile and SIM data - quantifying the risk - 2011CPPGroup Plc
 
Hacking - how accessible is it?
Hacking - how accessible is it?Hacking - how accessible is it?
Hacking - how accessible is it?CPPGroup Plc
 
Facebook white paper2011
Facebook white paper2011Facebook white paper2011
Facebook white paper2011CPPGroup Plc
 
Stop Fraud
Stop FraudStop Fraud
Stop Fraud- Mark - Fullbright
 
Anti social neighbours survey
Anti social neighbours surveyAnti social neighbours survey
Anti social neighbours surveyCPPGroup Plc
 
CPP contactless and mobile payments white paper 2011
CPP contactless and mobile payments white paper 2011CPP contactless and mobile payments white paper 2011
CPP contactless and mobile payments white paper 2011CPPGroup Plc
 
Uk wireless network hijacking 2010
Uk wireless network hijacking 2010Uk wireless network hijacking 2010
Uk wireless network hijacking 2010CPPGroup Plc
 
Uk lost and stolen cards 2010
Uk lost and stolen cards 2010Uk lost and stolen cards 2010
Uk lost and stolen cards 2010CPPGroup Plc
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsPixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfmarketingartwork
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture CodeSkeleton Technologies
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024Neil Kimberley
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)contently
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024Albert Qian
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsKurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summarySpeakerHub
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next Tessa Mero
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentLily Ray
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations Rajiv Jayarajah, MAppComm, ACC
 
Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data ScienceChristy Abraham Joy
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesVit Horky
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project managementMindGenius
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...RachelPearson36
 

More Related Content

Featured

2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsPixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfmarketingartwork
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024Neil Kimberley
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)contently
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024Albert Qian
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsKurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summarySpeakerHub
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next Tessa Mero
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentLily Ray
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesVit Horky
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project managementMindGenius
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...RachelPearson36
 

Featured (20)

2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPT
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage Engineerings
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture Code
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations
 
Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data Science
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best Practices
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project management
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
 

Online fraud 2009

  • 1. Online Fraud A CPP white paper June 2009
  • 2. Contents 1.1 Foreword 1. Industry Facts 1.3 Research methodology 1.4 Key Findings - Nearly half of consumers have made no improvements to their personal or home security in the last 12 months - “It won’t happen to me” and saving money are the main reasons people are not updating their internet protection - Vast majority of consumers think internet security is vital - Seven out of ten consumers targeted by online fraudsters in the last 12 months - A third of consumer can’t identify a fraudulent e-mail - Big increase in the level of unsolicited spam reported 1.5 Conclusion 1.6 Avoiding online fraud 1.7 Further Information 1.8 About CPP Online Fraud June 2009
  • 3. Introduction 3 1.1 Foreword With more online retailers than ever before and more of us using the internet to shop online, it is no surprise that fraudsters are turning to the internet as a channel to defraud consumers. In the UK it is conservatively estimated the number of people banking online has soared by 500 per cent during the past seven years to just over 21 million people in 2007. Indeed, the growth of the online channel for retailers has prompted organisations like CNP is fraud APACS, the UK payments association, to launch specific online safety awareness campaigns like ‘Be Card Smart Online.’ over the The proliferation of card fraud is largely due to the increase in card-not-present fraud (CNP), telephone, which increased 13% to £328.4m in 2008 and now accounts for over 50% of total card fraud. CNP is fraud over the telephone, via mail order or on the internet – although the figures are not available broken down, the majority of this fraud is via the internet. via mail Furthermore, because the banks’ own systems have proven very difficult to attack and order or on penetrate, criminals have turned their attention to getting information directly from online banking customers themselves. As a consequence online banking fraud losses increased 132% to £52.5m in 2008 – the largest percentage increase of any type of card fraud recorded. the internet Criminals attack consumers via the internet in a variety of ways including phishing and malware or Trojan e-mails. Phishing e-mails pretend to be from a customer’s bank, urging the recipient to click on a link that takes them to a fake website identical to that of their bank before being asked to verify personal security information. These e-mails look genuine and will often include advice on how to avoid fraud. Malware or Trojan viruses are a relatively new type of computer virus first seen in mid-2004, which can be installed on a computer without the user’s knowledge. Previously these were used to inject harmful Online Fraud June 2009
  • 4. 4 software to damage the computer; however, they now install spyware such as keyloggers to steal information. Keyloggers work by recording keystrokes or websites people visit, in order to capture passwords and other sensitive personal information. Hidden away, they are invisible to the user and do not disrupt the computer’s operating system, which leaves the user oblivious to the ‘Trojan horse’ feeding the fraudster sensitive information. Although phishing attacks soared by over 180%, with over 20,000 phishing frauds in the first six months of 2008, online banking customers are increasingly being targeted by malware attacks. Malware is the main reason why the industry continues to remind customers to ensure they have up-to-date anti-virus software installed and ensure their computer’s firewalls are active. There has also been a parallel increase in ‘smishing’ where fraudsters use SMS text messages to extract sensitive information from their victims by cashing in on the rise of mobile phone marketing by banks and other companies. It is also the reason CPP conducted this research to look at consumer behaviour and whether it is enough to protect themselves against this growing type of fraud. The central message is banking customers need to remain wary of online scams such as unsolicited e- mails claiming to be from their bank, and only use a fully protected PC, with regularly updated anti-virus software and a firewall installed and switched on. Even the protection industry has a battle to stay abreast of the fraudsters however. One of the reasons why we are seeing so many fraudulent e-mails is because the anti-virus software industry struggles to keep up with the scamming. Originally hackers and creators of malware did it for the infamy - just so people would know who they were and what they were capable of. But once they realised how lucrative it could be, the amount of fraudulent e-mails and spam has gone through the roof. It will be interesting to look at the interim card fraud figures published in October 2009 and whether the online banking fraud losses will have increased further and at the expense of There were other types of fraud. over 20,000 phishing frauds in the first six months of 2008 Online Fraud June 2009
  • 5. 5 1. Industry Facts The proliferation of online threats continues and it is contributing to the raise in online banking fraud losses. - More than 20,600 phishing incidents in the first six months of 2008, compared to 7,200 in the same period of 2007 - Online banking losses totalled £52.3m, in 2008, up 132% on 2007 - Phone, internet and mail order fraud totalled £328.4m, up 13% on 2007 - Total card fraud losses totalled £609.9m, up 14% on 2007 Source: APACS – the UK’s payments association 2008 - Major stories in the media include a recruitment business that was hit by an extensive phishing scam that saw 1.3 million details downloaded to servers in the Ukraine in 2007 - Get Safe Online reported criminal websites selling personal information for as little as £5 per piece of data or £80 for an entire package - According to Panda Security 10 million internet users worldwide were hit with identity fraud related malware in 2008 - The consolidation of UK banks has lead to an increase in phishing e-mails as fraudsters look to exploit confusion caused by mergers and takeovers - Fraudsters are now targeting the physical location of computers to lure people with false news reports i.e. customising the story to make it as though appear it happened locally and make people click on the more ‘credible’ malware link 1.3 Research Methodology CPP commissioned research in May 2009 to establish how widespread web scams are and how many consumers have been targeted in the past year. Unfortunately, this problem is likely to get worse as the recession takes hold. The ultimate aim was to quantify the level of online risk across the country and the extent to which consumers can identify fraudulent e-mail scams and whether people are putting the right precautions in place to protect themselves. A representative sample of 1,563 UK credit and debit card holders aged 18+ were questioned by Tickbox.net/Opinion Matters. The report also draws on figures from APACS, the UK’s payment association. Online Fraud June 2009
  • 6. 6 1.4 Key Findings Nearly half of consumers have made no improvements to their personal or home security in the last 1 months While nearly half of consumers (48%) have not made any improvements to their personal or home security in the last 12 months, nearly a third (29%) of consumers have renewed their internet security packages and 20% added additional security to their home PC. Somewhat surprising, consumers aged 55+ are most likely to have renewed their internet security (32%) and added additional security to their home PC (26%). Those aged 35-44 are least likely (48%) to have made any overall improvements to their security in the last twelve months closely followed by those aged 25-34 (47%). Q: What improvements have you made to your personal or home security in the last 12 months? Online Fraud June 2009
  • 7. 7 ‘It won’t happen to me’ and saving money are the main reasons people are not updating their internet protection Despite the risk of online fraud and the increase in phishing e-mails and malware attacks, just under half (45.3%) will not be renewing their internet protection over the next 12 months. When asked why they did not plan to do so, a third gave no reason, but 27% said they saw no need as they had never been a victim of online fraud, 19% said they were making cut-backs and 12% said they didn’t know how to do it. Interestingly men are more likely to be motivated by making financial cut-backs in the current recession and because they have never been a victim of online fraud, whereas woman are more likely not to have renewed their internet protection because they don’t know how to do it. Q: Which of the following are reasons why you will not be renewing your Internet protection over the next twelve months? ‘It won’t happen to me’ and saving money are the main reasons people are not updating their internet protection Online Fraud June 2009
  • 8. 8 Vast majority of consumers think internet security is vital Despite just under half (45.3%) not intending to renew their internet protection during the next twelve months, a massive 80% believe internet security is vital. The other 20% said it was either an unnecessary cost, too techie or they didn’t understand it. Older consumers (55+) were most likely (85%) to say internet security is vital whereas younger consumers aged 16-24 are least likely (65%) to consider it important. Regionally all areas consider internet security important with only 11% variance between Edinburgh who considered it most important (85%) and Newcastle who thought it least important (74%). Q: Which one of the following statements do you most agree with? Older consumers (55+) were most likely (85%) to say internet security is vital Online Fraud June 2009
  • 9. A massive 77% of consumer targeted by online fraudsters Helping to drive awareness of the online threat, a massive 77% of consumers have received a fake e-mail from seemingly legitimate banks in the last 12 months and 70% have received bogus online pleas for money overseas. Furthermore, 67% were confirmed winners of sham competitions. Because fraudsters typically target millions of consumers in the hope of defrauding a few, there is little variance between genders and regionally. However, those aged 55+ were most likely (83%) to report receiving fake e-mails from their banks, opposed to 56% of those aged 16-24. The likely explanation of this is either older people are more likely to be targeted because they are more trusting, or the younger demographic expect to receive such scams online and therefore they have less impact. As a consequence of the majority of us being bombarded from numerous online threats, it is not surprising that 68% think they are at risk from unsolicited e-mails, 59% from computer viruses, 45% computer worms and 41% from having their personal data stolen. Demographically, the perception of risk decreases the younger the consumer. Q: Have you experienced any of the following in the past year? Online Fraud June 2009
  • 10. 10 A third of consumer can’t identify a fraudulent e-mail In line with the increasing sophistication of phishing e-mails and fraudulent pop-up windows, 33% do not think they would be able to spot a fake e-mail. The days of receiving phishing e-mails with basic spelling mistakes or from a Nigerian prince wanting to deposit £50m into your account are long past. Demographically, those aged 45-54 years old are least likely to identify a fraudulent e-mail (47%). Those aged 16-34 years old are the most confident they could spot a fraudulent e-mail (62%). Encouragingly 84% of consumers who receive a fraudulent e-mail delete it immediately and 21% report it to their antivirus protection supplier. Worryingly, however, and contrary to all advice, 9% of consumers would open the e-mail putting themselves at risk from malware viruses designed to capture sensitive financial information like passwords and account numbers. More concerning, nearly a third (27%) of 16-24 year olds would open the e-mail to see what the e-mail was about, as opposed to only 3% of consumers aged 55 and over – clearly more education is required. Q: Are you certain you’d be able to spot a fake email? (by age) 84% of consumers who receive a fraudulent e-mail delete it immediately Online Fraud June 2009
  • 11. 11 Big increase in the level of unsolicited spam Echoing many of the news stories in the media, 64% of consumers say they have received more unsolicited e-mails in the last 12 months compared to the year before. Women report to receiving more fraudulent e-mails last year then men (67% vs. 60%), but it is the youngest age group (16-24) who say they have received more spam in the last 12 months (70%). This may be due to the fact they are more likely to organise their social lives and buy gadgets and applications online. Regionally, all cities reported seeing a big uplift in unsolicited e-mails, but in Belfast a huge 93% of consumers reported receiving more spam in the last 12 months. When asked how they identify how their computer’s security has been compromised by a virus, most (largely incorrectly) reported slower processing speed, screen freezes, error messages and pop ups. 21% said they wouldn’t know what signs to look for. Interesting only 3.5% (largely correctly) said malware is designed to show no obvious sign it has infected a computer in order to quietly extract as much sensitive information as possible. Women are slightly less aware than men that malware is designed to show no obvious sign (2.7% vs. 4.8%). Q: Do you think that you are receiving more unsolicited emails in the last 12 months? (by City) Online Fraud June 2009
  • 12. 1 1.5 Conclusion There is no doubt that the internet is a safe and convenient channel to shop and conduct online banking. However, it is only safe if consumers are vigilant and follow some basic security rules that will make it much harder for the fraudsters to succeed. What is This report tells us that UK consumers are being targeted by fraudsters online via phishing and malware e-mails; designed to extract sensitive financial information and infect our clear is that computers for the same reason. Despite seven out of ten consumers being targeted by online fraudsters in the last 12 months, nearly half of consumers have made no improvements fraudsters to their personal security even though an overwhelming majority saying it is vital. Driving this behaviour is a feeling that it will not happen to me, wanting to save money in will continue difficult economic times and a lack of knowledge. to use the What is clear is that fraudsters will continue to use the internet to defraud people and this report shows a big increase in the level of unsolicited e-mails over the last 12 months. With a third of consumers not able to identify fraudulent e-mails, consumers need to be internet to very vigilant when looking out for fraudsters trying to access their accounts and fool people into handing over security information such has user names, passwords and defraud sensitive information. people Consumers need to recognise the dangers of online fraud and reverse the fraud trend that saw an increase of 132% last year. A consumer education programme would clearly help reverse this trend and differentiate the lead organisation. 1.6 Avoiding Online Fraud Michael Lynch is an identity fraud expert at CPP and offers the following advice to consumers to help protect them from identity fraud. Michael is responsible for the UK Identity Protection portfolio at CPP Group Plc (CPP). Michael has been with CPP for 14 years. His experience in financial services extends to customer service, new product and market development and affinity relationships. During his time at CPP, Michael has helped bring to market the UK’s market leading service, Identity Protection, which now protects over one million UK consumers from the consequences of this rapidly growing crime. In addition, Michael had used his expertise to create a commercial identity theft product aimed at protecting businesses of all sizes. He has also developed a strong understanding of consumer perception and reaction to identity theft and its consequences. Michael has also been responsible for breaking some major identity theft stories in the media including the availability of fraudulent documents online, car cloning, junk mail and postal theft. Committed to forging industry co-operation to reduce the opportunities for identity theft he is leading the call for consumers to change their behaviour to counter what is becoming an increasingly sophisticated and intrusive crime. Michael is media trained across print and broadcast and is available for media interviews on the issue of identity fraud. Online Fraud June 2009
  • 13. 13 Top tips to avoid falling victim to online fraud - Install a trusted anti-virus system and firewalls on your computer and keep them up-to-date. Usually a message will appear on your screen when updates need downloading. - Do not click on any link in an unsolicited e-mail, even if it seems genuine. If you are not sure type in the web address and contact the bank using an advertised phone number or directory enquiries. - Do not engage in any dialogue with the fraudster by replying to phishing e-mails and providing bogus information or letting the sender know it is a scam. Doing so puts you and your PC at risk. - Do not give out PIN numbers or passwords to anyone online either, or over the telephone. Because fraudsters start with very limited information, phishing e- mails are usually addressed to “Dear Customer” rather than to your name. - Remember banks will never contact you by e-mail to ask you to enter passwords or any other sensitive information by clicking on a link or visiting a website. Phishing e-mails are sent out completely at random in the hope of reaching a live e-mail address of a customer with an account at the bank being targeted - Only make online transactions on secure websites that begin ‘https’ or display a padlock in the corner of your web browser. - Register your payment cards Verified by Visa or MasterCard SecureCode. It adds another layer to online security and makes it harder to fall victim to online fraud. - Always log out after shopping online and save the confirmation e-mail as a record of your order. - If you are a victim of online banking fraud, you have protection through the Banking Code, which states that unless you have acted fraudulently or without reasonable care you will not be liable for losses caused by someone else. - Avoid carrying out transactions on public or shared computers. Do not give out PIN 1.7 For further information please contact: numbers or Nick Jones PR and Communications Manager passwords CPP Group Plc Holgate Park York YO26 4GA to anyone Tel 0104 544 387 E-Mail nick.jones@cpp.co.uk Web www.cppgroup.com Online Fraud June 2009
  • 14. 14 CPP is an award 1.8 About CPP winning organisation: The CPP Group Plc (CPP) is an international marketing services business offering bespoke - Named in the customer management solutions to multi-sector business partners designed to enhance Sunday Times 008 PricewaterhouseCoopers their customer revenue, engagement and loyalty, whilst at the same time reducing cost to Profit Track 100 deliver improved profitability. - Finalists in the National This is underpinned by the delivery of a portfolio of complementary Life Assistance Business Awards, 3i Growth products, designed to help our mutual customers cope with the anxieties associated with Strategy category, 008 the challenges and opportunities of everyday life. - Finalist in the National Whether our customers have lost their wallets, been a victim of identity fraud or looking Business Awards, Business for lifestyle perks, CPP can help remove the hassle from their lives leaving them free to of the Year category, 007 enjoy life. Globally, our Life Assistance products and services are designed to simplify the and Highly Commended in 008 complexities of everyday living whether these affect personal finances, home, travel, personal data or future plans. When it really matters, Life Assistance enables people to live - Named in the Sunday Times life and worry less. 006, 007 and 008 HSBC Top Track 50 companies Established in 1980, CPP has 11 million customers and more than 200 business partners across Europe, North America and Asia Pacific and employs 2,000 employees who handle - Regional winner of the National Training Awards, 16 million consumer sales and service conversations each year. 007 In 2008, Group revenue was £259.5 million, an increase of more than 15 per cent over the - Winner of the BITC Health, previous year. This is more than five times the sales level of 2000. Work and Well-Being Award, 007 What We Do: - Highly Commended in the CPP provides a range of assistance products and services that allow our business partners UK National Customer to forge closer relationships with their customers. Service Awards, 006 We have a solution for many eventualities, including: - Winner of the Tamworth Community Involvement - Insuring our customers’ mobile phones Award, 006. Finalist in - Protecting the payment cards in our customers’ wallets and purses, should 008 these be lost or stolen - Highly Commended in The Press Best Link Between - Providing assistance and protection if a customer’s keys are lost or stolen Business and Education, 005 - Providing advice, insurance and assistance to protect customers against the and 006. Winner in 007 insidious crime of identity fraud - Award Finalist in the National Business Awards, - Offering advice to people considering legal action and cover for the costs Innovation category, 005 involved in taking action on a range of legal issues - Award finalist for the 003 - Providing discounts on everyday lifestyle commodities The Royal Bank of Scotland Sunday Times Business - Monitoring the credit status of our customers Awards - Recognised as one of the Growth Plus Europe 500 For more information on CPP visit: www.cppgroup.com companies Online Fraud June 2009