Social Networking Joins Online Banking as Consumer Security Concern
Social networking sites continue to draw new users by the millions, but they also attract fraudster attacks that decrease consumers' willingness to share information online.
Those end users want better security protection, according to the sixth annual online consumer security survey by RSA, the security division of EMC.
RSA, a major provider of identity assurance and access controls to the financial services industry, based its report on responses from 4,539 active Internet users between the ages of 18 and 65. Residing in 22 countries around the world, the respondents were interviewed in October 2009 by InfoSurv Inc.
Social networking sites, such as Facebook and Twitter, are particularly attractive targets to cyber-criminals and still present a learning curve to legitimate end users, according to Seth Geftic, senior manager of identity protection and verification at RSA in Bedford, Mass.
"Social networking in and of itself creates a concern because the point there is to contact friends, meet new people and interact with an Internet audience," he said, "but people haven't learned yet how to really gauge their level of trust here as they have in real life or in an online banking environment."
People are much more likely to click on a shortened URL on a Twitter page or from a Facebook friend than from a complete stranger, Geftic said.
"That lowers the level of suspiciousness when looking at things on the Internet and it gives fraudsters the ability to more successfully launch phishing attacks and malware," he said. The problem also extends to new methods of attack, such as "smishing," which uses the text-messaging channel.
The online community is not unaware of these problems. On the contrary, 81% of the respondents who use social networking Web sites were concerned about the safety of their personal information online, RSA said.
The problem is that while awareness of phishing attacks continues to increase, so does the sophistication of the attackers.
Indeed, the survey found that consumer awareness of phishing attacks doubled between 2007 and 2009, but that the number of consumers who fell for the attacks increased sixfold during the same period of time.
"This increase can be attributed to more-advanced tactics and greater sophistication such as improved writing and Web design skills on the part of fraudsters," the report said.
Geftic noted that while consumers worldwide have long been aware of the threats posed by Trojans and other malware on Web sites in the "shadier corners" of the Internet, they are now learning that the same threats can exist in more legitimate sites, such as those of popular entertainers.
And, perhaps of particular note to credit unions, the survey found that consumer awareness in the safety of online banking continues to be high, with 86% of the respondents saying they were concerned about that channel. That compares with 64% for health care portals and 68% for government Web sites.
"As a result of these concerns well more than half of all consumers are less likely to share information and interact on Web sites," the report said.
The survey also found that 90% of active Internet users feel some form of stronger security beyond a user name and password should be implemented at the Web sites they interact with on a regular basis, including health care, government and social networking sites.
Additionally, a majority of Internet users said they are willing to have their financial institutions actively monitor their transactions.
"That surprised me a lot, and it was pretty high across the globe," Geftic said.
Consumer education and active tools such as transaction monitoring remain two key tools in the fight against online fraud, said Christopher Young, senior vice president of products at RSA.
"We found that offering stronger security at online sites inspires consumer confidence and increases the likelihood that they will be willing to interact with and submit personal information to those sites," Young said.