UK web users would hand over passwords to strangers: survey


by Steve Evans| 24 April 2012

Faronics research reveals shocking lack of security awareness among UK web users

One-third of UK web users would hand over a password, bank account number or their mother's maiden name via email or social networks to someone they don't know, a new survey has revealed.

The survey, carried out by security and computer management firm Faronics, revealed that while 71% of people are worried about the amount of personal information held online about them, 32% would still hand over confidential information.

It is social networks that engender the most trust, despite the fact that they are rapidly becoming a favoured attack vector for cyber criminals, Faronics VP of marketing Bimal Parmar told CBR.

Speaking to CBR at the InfoSec conference in London, he said that many users will trust people they don't know when using sites like LinkedIn as they could be on the lookout for new job opportunities. One-third of respondents admitted to accepting contact requests on LinkedIn from people they don't know. Just 15% of Facebook users admitted doing the same.

As Parmar points out there has been a huge amount written and spoken about Facebook's security issues, but the same cannot be said of LinkedIn. Nearly half (46%) of Facebook users said they are customised their privacy settings on the site but just 20% of LinkedIn users said the same.

But what does this mean for businesses? Parmar said Faronics has noticed an increase in the number of spear phishing attacks that use a compromised social network account as a starting point.

"Cyber criminals now spend a lot of time preparing their attacks," he told CBR. "They will carefully select their target using information freely available on LinkedIn and then focus the attack on them. If the target sees a link from a friend on Facebook or LinkedIn they are more likely to click it, without knowing that account has been compromised."

The research also revealed a shocking lack of awareness from many people about online threats and their effectiveness.

Over half (51%) of respondents claimed they are not at risk of cyber fraud and 28% believing the information they post on social network sites holds no value to a cyber criminal. Only 21% of the respondents had even heard of spear phishing, the survey revealed. Spear phishing is when a targeted email is sent to a specific person within an organisation with the aim of breaching corporate security.

"As more cybercriminals employ social engineering tactics that tap into basic human psychology, even the smallest bits of information - such as birthdays, job roles, supplier information, travel plans or details of hobbies - can be used to form a convincing email that the victim could believe originated from a trusted source," added Parmar. "All the target has to do is open the email, click on a link or download an attachment for spyware, keyloggers or other malware to be dropped onto the computer and open the entire corporate network to fraud."

Post a comment

Comments may be moderated for spam, obscenities or defamation.

Join our network

756 people like this.
0 people follow this.

Security Intelligence

Suppliers Directory

Privcy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.