An IT security firm’s report suggests that while the number of online adults who have experienced cybercrime has decreased, the average cost per victim has risen by 50 percent. Such are findings from the 2013 Norton Report.
Stephen Trilling, Chief Technology Officer, Symantec, said: “Today’s cybercriminals are using more sophisticated attacks, such as ransomware and spear-phishing, which yield them more money per attack than ever before. With the findings from the Norton Report that 49
An IT security firm’s report suggests that while the number of online adults who have experienced cybercrime has decreased, the average cost per victim has risen by 50 percent. Such are findings from the 2013 Norton Report.
Stephen Trilling, Chief Technology Officer, Symantec, said: “Today’s cybercriminals are using more sophisticated attacks, such as ransomware and spear-phishing, which yield them more money per attack than ever before. With the findings from the Norton Report that 49pc of consumers use their personal mobile device for both work and play, this creates entirely new security risks for enterprises as cybercriminals have the potential to access even more valuable information.”
The report also found that while nearly half of all smartphone users care enough about their devices to sleep with them, they are not protecting them. Some 48 percent of smartphone and tablet users do not take even the basic precautions such as using passwords, having security software or backing up files from their mobile devices. This carelessness places them, and their digital identities, at risk.
“If this was a test, mobile consumers would be failing,” said Marian Merritt, Internet Safety Advocate, Symantec. “While consumers are protecting their computers, there is a general lack of awareness to safeguard their smartphones and tablets. It’s as if they have alarm systems for their homes, but they’re leaving their cars unlocked with the windows wide open.”
About the Norton Report
The Norton Report (formerly the Norton Cybercrime Report) is based on self-reported experiences of more than 13,000 adults across 24 countries, aimed at understanding how cybercrime affects consumers, and how the adoption and evolution of new technologies impacts consumers’ security. Visit www.symantec.com
Norton Report Methodology
Between July 4, 2013 and August 1, 2013, Edelman Berland conducted online interviews with 13,022 adults, aged 18 to 64 from 24 countries (Australia, Brazil, Canada, China, Colombia, Denmark, France, Germany, India, Italy, Japan, Mexico, Netherlands, New Zealand, Poland, Russia, Saudi Arabia, Singapore, South Africa, Sweden, Turkey, United Arab Emirates, United Kingdom, United States of America). The margin of error for the total sample of adults (n=13,022 is 0.9pc at the 95pc level of confidence. 1000 adult respondents were interviewed in each of USA and India, 500 in other countries. The global data has been weighted to ensure all countries have equal representation of n500 adults. of consumers use their personal mobile device for both work and play, this creates entirely new security risks for enterprises as cybercriminals have the potential to access even more valuable information.”
The report also found that while nearly half of all smartphone users care enough about their devices to sleep with them, they are not protecting them. Some 48 percent of smartphone and tablet users do not take even the basic precautions such as using passwords, having security software or backing up files from their mobile devices. This carelessness places them, and their digital identities, at risk.
And Marian Merritt, Internet Safety Advocate, Symantec, said: “If this was a test, mobile consumers would be failing,. While consumers are protecting their computers, there is a general lack of awareness to safeguard their smartphones and tablets. It’s as if they have alarm systems for their homes, but they’re leaving their cars unlocked with the windows wide open.”
About the Norton Report
The Norton Report (formerly the Norton Cybercrime Report) is based on self-reported experiences of more than 13,000 adults across 24 countries, aimed at understanding how cybercrime affects consumers, and how the adoption and evolution of new technologies impacts consumers’ security. Visit www.symantec.com
Norton Report Methodology
Between July 4, 2013 and August 1, 2013, Edelman Berland conducted online interviews with 13,022 adults, aged 18 to 64 from 24 countries (Australia, Brazil, Canada, China, Colombia, Denmark, France, Germany, India, Italy, Japan, Mexico, Netherlands, New Zealand, Poland, Russia, Saudi Arabia, Singapore, South Africa, Sweden, Turkey, United Arab Emirates, United Kingdom, United States of America). The margin of error for the total sample of adults (n=13,022 is 0.9pc at the 95pc level of confidence. 1000 adult respondents were interviewed in each of USA and India, 500 in other countries. The global data has been weighted to ensure all countries have equal representation of n500 adults.
Meanwhile this period last year the IT security product firm McAfee recorded mobile threats for Android over the 900,000 mark in the lead up to Christmas, before dropping by nearly 50pc to under 500,000 in the first few months of the year. This trend is set to continue this Christmas with the amount of mobile-specific threats likely to peak to even higher numbers. In addition the first week of December sees cybercriminals open ‘the spam floodgates’ luring online shoppers with promises of amazing deals, false delivery notifications, personalised season’s greetings cards, credit card offers and more.
Samantha Swift at McAfee said: “As the UK gears up for the busiest online shopping days, it’s important that consumers realise that the potential for identity theft and fraud increases when sharing personal information and bank details using smartphones, tablets and PCs that are under protected. Understanding the mindsets of cyber crooks and being aware of how they try to take advantage of consumers can help ensure that we use our devices the way they were intended – to enhance our lives, not jeopardise them.”
To help consumers remain wary of greedy ‘grinches’ as they surf the web for holiday deals and seek out gifts, McAfee has identified this year’s top “12 Scams of Christmas”.
Scams of Christmas 2013
1) Not-So-Merry Mobile Apps—Official-looking software for Christmas shopping, including those that feature celebrity or company endorsements, could be malicious, designed to steal or send out your personal data. A recent report from McAfee identified a new family of mobile malware that allows a cybercriminal to get around the digital signature required to validate apps on Android devices.
2) Holiday Mobile SMS Scams—A widespread piece of malicious code known as FakeInstaller, tricks Android users into thinking it is a legitimate installer for an application and then quickly takes advantage of the unrestricted access to smartphones, sending SMS messages to premium rate numbers without the user’s consent. No doubt Android handsets will be popular this Christmas, so consumers should ensure their gift also comes with appropriate security software.
3) Hot Holiday Gift Scams—Advertisements that offer deals on must-have items, such as these Playstation 4 and Xbox scams on Facebook, might be too good to be true. Clever crooks will post dangerous links and phony contests on social media sites to entice viewers to reveal personal information or download malware onto their devices.
4) Seasonal Travel Scams—Phony travel deal links and notifications are common, as are hackers waiting to steal your identity upon arrival. Around 1,000 holiday scams took place in Britain last year, costing holidaymakers more than £1.5million, according to the National Fraud Intelligence Bureau (NFIB).
5) Dangerous E-Seasons Greetings—Legitimate-looking e-cards wishing friends “Season’s Greetings” can cause unsuspecting users to download “Merry Malware” such as a Trojan or other virus after clicking a link or opening an attachment.
6) Deceptive Online Games—Before your kids are glued to their newly downloaded games, be wary of the games’ sources. Many sites offering full-version downloads of Grand Theft Auto, for example, are often fake and laden with malware, and integrated social media pages can expose gamers, too.
7) Shipping Notifications Shams—Phony shipping notifications can appear to be from a mailing service alerting you to an update on your shipment, when in reality, they are scams carrying malware and other harmful software designed to infect your computer or device. With an estimated 20,000 click-and-collect points across the UK this Christmas and increasingly flexible delivery options, consumers should be on guard against cyber crooks capitalising on delivery notification.
8) Bogus Gift Cards—An easy go-to gift for the holidays, gift cards can be promoted via deceptive ads, especially on Facebook, Twitter, or other social sites, that claim to offer exclusive deals on gift cards or packages of cards and can lead consumers to purchase phony ones online.
9) Holiday SMiShing—During the holidays, SMiShing is commonly seen in gift card messages, where scammers pose as banks or credit card companies asking you to confirm information for “security purposes”.
10) Fake Charities—Donating to charities is common this time of year for many looking to help the less fortunate. However, cybercriminals capitalise on this generosity, especially during natural disaster events, and set up fake charity sites and pocket the donations – for example, this email scam made the fraudster behind it £214k.
11) Romance Scams—with more than 9 million Britons now using a number of dating sites, it can be difficult to know exactly who the person is behind the screen. Many messages sent from an online friend can include phishing scams, where the person accesses your personal information such as usernames, passwords, and credit card details.
12) Phony E-Tailers—The convenience of online shopping does not go unnoticed by cyber scrooges. With so many people planning to shop online, scammers set up phony e-commerce sites to steal your money and personal data. In October this year, it was revealed that one in every five consumers looking for a bargain online were getting duped by phony retail sites.
Paul Ayers, VP EMEA at data security company Vormetric has warned that hackers are actively engaged in stealing credit card data, personally identifiable information (PII), critical intellectual property (IP), and other legally protected information to retail to the highest bidder. He said: “The threat landscapes have drastically changed from just a few years ago, with targeted attacks and advanced persistent threats (APTs) now common occurrences. All web traffic should be looked at with caution and, when we see spikes around specific events, it becomes harder to ensure nothing slips through in the general noise.
“That noise will be nothing short of deafening this weekend, if widely-forecasted online shopping figures are in fact to materialise. While some have been more vocal than others about their level of preparedness, organisations everywhere will be under increasing pressure not only to cope with the surge in demand, but also to ensure that this extra data traversing their networks is indeed adequately defended. This will be no mean feat, and in many ways, Mega Monday will sort the chaff from the wheat and result in many cyber security lessons being learned the hard way.
“While the fact there is PCI protected payment data involved only adds to the sense of urgency, it must be acknowledged that all businesses today need to have a robust security strategy in place that not only defends data at its source, but also alerts to anomalous behaviour or suspicious activity as and when it arises in order to prevent a breach. Only by having the right data security controls in place can a business emerge from a bonanza like Mega Monday with reputation and hard-earned profit intact.”
And tips from Tracy Bernasconi, Managed Risk Services, CyberSource – a payment and fraud management company owned by Visa.
Learn from the past
Before making any changes to your fraud strategy, take some time to review any trends from last Christmas. Did you have a problem reviewing orders in time? Were any particular products more susceptible to fraud?
If so, then make sure you are taking the correct precautions to ensure this doesn’t happen again. It’s not uncommon for fraudsters to target a specific retailer annually, so use your chargeback history to see what type of fraud you are being targeted with and identify any high risk areas.
Identify your priorities
After analysing previous fraud trends, you can begin to assess your priorities for the current season. Whether that’s reducing fraudulent orders, accepting more at Christmas, or a combination of the two – once you’ve established your goal, then you can put a plan in place to achieve it.
Your fraud strategy needs to accommodate any expected increase in turnover so considering turnover forecasts is also essential, particularly if you have a review process in place. For example if you manually review 10 per cent of all orders and currently process 10,000 orders a month – that’s 1,000 orders to review. However, if you expect your order volume to treble over Christmas, that’s 3,000 to review – a figure that may not be viable.
Review your rules
Shoppers spend more at Christmas and at different times of day, therefore your peak season fraud rules need to be adjusted accordingly. This could be raising the value of orders that are sent for review to cater for higher value orders, or relaxing velocity rules to cope with an increase in orders.
Similarly, look at “good” customer criteria, if a customer has been through the review process several times using the same email address, do you need to review the order? Auto-accepting these orders could save valuable time and enable staff to focus on higher risk orders.
Also, ensure rules are changed to reflect any past fraud trends. For example if last year fraud originated from Ireland, then make certain rules are tightened and all orders from this location are reviewed.
Think about the wider picture
eCommerce is not the only avenue for fraudsters looking to exploit peak season trading; peak season fraud can also originate via call centres. If fraudsters don’t get through online, they may try calling as a way to bypass the system (IP addresses can’t be checked over the phone).
So, if you have a call centre sales channel then take the time to educate staff about historic fraud trends and tell tale signs. This can be enhanced by maintaining an open and regular communication with your acquirer and conducting regular fraud analysis. Most have daily fraud reports which can be the difference between identifying a high scale fraud attack in progress as opposed to afterwards.
Don’t run out of time
With a number of rules and factors to contend with, it’s not always possible to cover all bases. We all know there are delivery deadlines at Christmas and you don’t want to be left with 1,000 orders to review an hour before the cut off time. By simply asking review staff to come in a bit earlier on days approaching the deadline you can ensure all orders are processed in time. Or if that’s not possible, then prioritise the biggest financial risks first – the high value items. A fraudulent order on a high value item can leave a big dent in your profits. So why not filter orders by amount, ensuring that those that can do the most damage in chargebacks are taken care of first.
Don’t be scared
It may seem like a lot to contend with, but don’t panic – there is always help available. From identifying past trends, to defining your priorities and required rule changes, partnering with a trusted advisor in the payment sector can provide you with the guidance and support you need each step of the way.
By following these steps ahead of the busy period, you can be confident that you can grow your sales, whilst minimising the risk of fraud this Christmas.
CyberSource is a payment and fraud management company that is owned by Visa: visit – http://www.cybersource.com/en-EMEA/
