With our love of shopping going online, it is no surprise that fraudsters are turning to the internet. Read more to find out the real risks of online identity theft whilst shopping online.
2. Contents
1.1 Foreword
1. Industry Facts
1.3 Research methodology
1.4 Key Findings
- Nearly half of consumers have made no improvements to their
personal or home security in the last 12 months
- “It won’t happen to me” and saving money are the main reasons
people are not updating their internet protection
- Vast majority of consumers think internet security is vital
- Seven out of ten consumers targeted by online fraudsters
in the last 12 months
- A third of consumer can’t identify a fraudulent e-mail
- Big increase in the level of unsolicited spam reported
1.5 Conclusion
1.6 Avoiding online fraud
1.7 Further Information
1.8 About CPP
Online Fraud June 2009
3. Introduction 3
1.1 Foreword
With more online retailers than ever
before and more of us using the
internet to shop online, it is no
surprise that fraudsters are turning to
the internet as a channel to defraud
consumers. In the UK it is
conservatively estimated the number
of people banking online has soared
by 500 per cent during the past
seven years to just over 21 million
people in 2007.
Indeed, the growth of the online channel for retailers has prompted organisations like
CNP is fraud APACS, the UK payments association, to launch specific online safety awareness
campaigns like ‘Be Card Smart Online.’
over the The proliferation of card fraud is largely due to the increase in card-not-present fraud (CNP),
telephone,
which increased 13% to £328.4m in 2008 and now accounts for over 50% of total card
fraud. CNP is fraud over the telephone, via mail order or on the internet – although the
figures are not available broken down, the majority of this fraud is via the internet.
via mail Furthermore, because the banks’ own systems have proven very difficult to attack and
order or on
penetrate, criminals have turned their attention to getting information directly from online
banking customers themselves. As a consequence online banking fraud losses increased
132% to £52.5m in 2008 – the largest percentage increase of any type of card fraud recorded.
the internet Criminals attack consumers via the internet in a variety of ways including phishing and
malware or Trojan e-mails. Phishing e-mails pretend to be from a customer’s bank, urging
the recipient to click on a link that takes them to a fake website identical to that of their
bank before being asked to verify personal security information. These e-mails look genuine
and will often include advice on how to avoid fraud. Malware or Trojan viruses are a
relatively new type of computer virus first seen in mid-2004, which can be installed on a
computer without the user’s knowledge. Previously these were used to inject harmful
Online Fraud June 2009
4. 4
software to damage the computer; however, they now install spyware such as keyloggers
to steal information. Keyloggers work by recording keystrokes or websites people visit, in
order to capture passwords and other sensitive personal information. Hidden away, they
are invisible to the user and do not disrupt the computer’s operating system, which leaves
the user oblivious to the ‘Trojan horse’ feeding the fraudster sensitive information.
Although phishing attacks soared by over 180%, with over 20,000 phishing frauds in the
first six months of 2008, online banking customers are increasingly being targeted by
malware attacks. Malware is the main reason why the industry continues to remind
customers to ensure they have up-to-date anti-virus software installed and ensure their
computer’s firewalls are active.
There has also been a parallel increase in ‘smishing’ where fraudsters use SMS text
messages to extract sensitive information from their victims by cashing in on the rise of
mobile phone marketing by banks and other companies.
It is also the reason CPP conducted this research to look at consumer behaviour and
whether it is enough to protect themselves against this growing type of fraud. The central
message is banking customers need to remain wary of online scams such as unsolicited e-
mails claiming to be from their bank, and only use a fully protected PC, with regularly
updated anti-virus software and a firewall installed and switched on.
Even the protection industry has a battle to stay abreast of the fraudsters however. One of
the reasons why we are seeing so many fraudulent e-mails is because the anti-virus
software industry struggles to keep up with the scamming. Originally hackers and creators
of malware did it for the infamy - just so people would know who they were and what they
were capable of. But once they realised how lucrative it could be, the amount of fraudulent
e-mails and spam has gone through the roof.
It will be interesting to look at the interim card fraud figures published in October 2009 and
whether the online banking fraud losses will have increased further and at the expense of
There were other types of fraud.
over 20,000
phishing
frauds in the
first six
months
of 2008
Online Fraud June 2009
5. 5
1. Industry Facts
The proliferation of online threats continues and it is contributing to the raise in online
banking fraud losses.
- More than 20,600 phishing incidents in the first six months of 2008, compared
to 7,200 in the same period of 2007
- Online banking losses totalled £52.3m, in 2008, up 132% on 2007
- Phone, internet and mail order fraud totalled £328.4m, up 13% on 2007
- Total card fraud losses totalled £609.9m, up 14% on 2007
Source: APACS – the UK’s payments association 2008
- Major stories in the media include a recruitment business that was hit by an
extensive phishing scam that saw 1.3 million details downloaded to servers in
the Ukraine in 2007
- Get Safe Online reported criminal websites selling personal information for as
little as £5 per piece of data or £80 for an entire package
- According to Panda Security 10 million internet users worldwide were hit with
identity fraud related malware in 2008
- The consolidation of UK banks has lead to an increase in phishing e-mails as
fraudsters look to exploit confusion caused by mergers and takeovers
- Fraudsters are now targeting the physical location of computers to lure people
with false news reports i.e. customising the story to make it as though appear it
happened locally and make people click on the more ‘credible’ malware link
1.3 Research Methodology
CPP commissioned research in May 2009 to establish how widespread web scams are
and how many consumers have been targeted in the past year. Unfortunately, this problem
is likely to get worse as the recession takes hold. The ultimate aim was to quantify the level
of online risk across the country and the extent to which consumers can identify
fraudulent e-mail scams and whether people are putting the right precautions in place to
protect themselves.
A representative sample of 1,563 UK credit and debit card holders aged 18+ were
questioned by Tickbox.net/Opinion Matters.
The report also draws on figures from APACS, the UK’s payment association.
Online Fraud June 2009
6. 6
1.4 Key Findings
Nearly half of consumers have made no improvements to their personal
or home security in the last 1 months
While nearly half of consumers (48%) have not made any improvements to their personal
or home security in the last 12 months, nearly a third (29%) of consumers have renewed
their internet security packages and 20% added additional security to their home PC.
Somewhat surprising, consumers aged 55+ are most likely to have renewed their internet
security (32%) and added additional security to their home PC (26%). Those aged 35-44
are least likely (48%) to have made any overall improvements to their security in the last
twelve months closely followed by those aged 25-34 (47%).
Q: What improvements have you made to your personal or home security in the last 12 months?
Online Fraud June 2009
7. 7
‘It won’t happen to me’ and saving money are the main reasons people are
not updating their internet protection
Despite the risk of online fraud and the increase in phishing e-mails and malware attacks,
just under half (45.3%) will not be renewing their internet protection over the next 12 months.
When asked why they did not plan to do so, a third gave no reason, but 27% said they
saw no need as they had never been a victim of online fraud, 19% said they were making
cut-backs and 12% said they didn’t know how to do it. Interestingly men are more likely to
be motivated by making financial cut-backs in the current recession and because they
have never been a victim of online fraud, whereas woman are more likely not to have
renewed their internet protection because they don’t know how to do it.
Q: Which of the following are reasons why you will not be renewing your Internet protection over the next
twelve months?
‘It won’t
happen to
me’ and
saving
money are
the main
reasons
people are
not updating
their internet
protection
Online Fraud June 2009
8. 8
Vast majority of consumers think internet security is vital
Despite just under half (45.3%) not intending to renew their internet protection during the
next twelve months, a massive 80% believe internet security is vital. The other 20% said it
was either an unnecessary cost, too techie or they didn’t understand it.
Older consumers (55+) were most likely (85%) to say internet security is vital whereas
younger consumers aged 16-24 are least likely (65%) to consider it important. Regionally
all areas consider internet security important with only 11% variance between Edinburgh
who considered it most important (85%) and Newcastle who thought it least important (74%).
Q: Which one of the following statements do you most agree with?
Older
consumers
(55+) were
most likely
(85%) to say
internet
security is
vital
Online Fraud June 2009
9. A massive 77% of consumer targeted by online fraudsters
Helping to drive awareness of the online threat, a massive 77% of consumers have
received a fake e-mail from seemingly legitimate banks in the last 12 months and 70%
have received bogus online pleas for money overseas. Furthermore, 67% were confirmed
winners of sham competitions.
Because fraudsters typically target millions of consumers in the hope of defrauding a few,
there is little variance between genders and regionally. However, those aged 55+ were
most likely (83%) to report receiving fake e-mails from their banks, opposed to 56% of
those aged 16-24. The likely explanation of this is either older people are more likely to be
targeted because they are more trusting, or the younger demographic expect to receive
such scams online and therefore they have less impact.
As a consequence of the majority of us being bombarded from numerous online threats,
it is not surprising that 68% think they are at risk from unsolicited e-mails, 59% from
computer viruses, 45% computer worms and 41% from having their personal data stolen.
Demographically, the perception of risk decreases the younger the consumer.
Q: Have you experienced any of the following in the past year?
Online Fraud June 2009
10. 10
A third of consumer can’t identify a fraudulent e-mail
In line with the increasing sophistication of phishing e-mails and fraudulent pop-up
windows, 33% do not think they would be able to spot a fake e-mail. The days of receiving
phishing e-mails with basic spelling mistakes or from a Nigerian prince wanting to deposit
£50m into your account are long past. Demographically, those aged 45-54 years old are
least likely to identify a fraudulent e-mail (47%). Those aged 16-34 years old are the most
confident they could spot a fraudulent e-mail (62%).
Encouragingly 84% of consumers who receive a fraudulent e-mail delete it immediately
and 21% report it to their antivirus protection supplier. Worryingly, however, and contrary
to all advice, 9% of consumers would open the e-mail putting themselves at risk from
malware viruses designed to capture sensitive financial information like passwords and
account numbers. More concerning, nearly a third (27%) of 16-24 year olds would open
the e-mail to see what the e-mail was about, as opposed to only 3% of consumers aged
55 and over – clearly more education is required.
Q: Are you certain you’d be able to spot a fake email? (by age)
84% of
consumers
who receive
a fraudulent
e-mail
delete it
immediately
Online Fraud June 2009
11. 11
Big increase in the level of unsolicited spam
Echoing many of the news stories in the media, 64% of consumers say they have received
more unsolicited e-mails in the last 12 months compared to the year before. Women
report to receiving more fraudulent e-mails last year then men (67% vs. 60%), but it is the
youngest age group (16-24) who say they have received more spam in the last 12 months
(70%). This may be due to the fact they are more likely to organise their social lives and
buy gadgets and applications online.
Regionally, all cities reported seeing a big uplift in unsolicited e-mails, but in Belfast a huge
93% of consumers reported receiving more spam in the last 12 months.
When asked how they identify how their computer’s security has been compromised by a
virus, most (largely incorrectly) reported slower processing speed, screen freezes, error
messages and pop ups. 21% said they wouldn’t know what signs to look for. Interesting
only 3.5% (largely correctly) said malware is designed to show no obvious sign it has
infected a computer in order to quietly extract as much sensitive information as possible.
Women are slightly less aware than men that malware is designed to show no obvious
sign (2.7% vs. 4.8%).
Q: Do you think that you are receiving more unsolicited emails in the last 12 months? (by City)
Online Fraud June 2009
12. 1
1.5 Conclusion
There is no doubt that the internet is a safe and convenient channel to shop and conduct
online banking. However, it is only safe if consumers are vigilant and follow some basic
security rules that will make it much harder for the fraudsters to succeed.
What is This report tells us that UK consumers are being targeted by fraudsters online via phishing
and malware e-mails; designed to extract sensitive financial information and infect our
clear is that computers for the same reason. Despite seven out of ten consumers being targeted by
online fraudsters in the last 12 months, nearly half of consumers have made no improvements
fraudsters
to their personal security even though an overwhelming majority saying it is vital.
Driving this behaviour is a feeling that it will not happen to me, wanting to save money in
will continue difficult economic times and a lack of knowledge.
to use the What is clear is that fraudsters will continue to use the internet to defraud people and this
report shows a big increase in the level of unsolicited e-mails over the last 12 months.
With a third of consumers not able to identify fraudulent e-mails, consumers need to be
internet to very vigilant when looking out for fraudsters trying to access their accounts and fool
people into handing over security information such has user names, passwords and
defraud sensitive information.
people Consumers need to recognise the dangers of online fraud and reverse the fraud trend that
saw an increase of 132% last year. A consumer education programme would clearly help
reverse this trend and differentiate the lead organisation.
1.6 Avoiding Online Fraud
Michael Lynch is an identity fraud expert at CPP and offers the following advice to
consumers to help protect them from identity fraud. Michael is responsible for the UK
Identity Protection portfolio at CPP Group Plc (CPP).
Michael has been with CPP for 14 years. His experience in financial services extends to
customer service, new product and market development and affinity relationships.
During his time at CPP, Michael has helped bring to market the UK’s market leading
service, Identity Protection, which now protects over one million UK consumers from the
consequences of this rapidly growing crime. In addition, Michael had used his expertise to
create a commercial identity theft product aimed at protecting businesses of all sizes. He
has also developed a strong understanding of consumer perception and reaction to identity
theft and its consequences. Michael has also been responsible for breaking some major
identity theft stories in the media including the availability of fraudulent documents online,
car cloning, junk mail and postal theft. Committed to forging industry co-operation to
reduce the opportunities for identity theft he is leading the call for consumers to change their
behaviour to counter what is becoming an increasingly sophisticated and intrusive crime.
Michael is media trained across print and broadcast and is available for media interviews
on the issue of identity fraud.
Online Fraud June 2009
13. 13
Top tips to avoid falling victim to online fraud
- Install a trusted anti-virus system and firewalls on your computer and keep
them up-to-date. Usually a message will appear on your screen when updates
need downloading.
- Do not click on any link in an unsolicited e-mail, even if it seems genuine. If you
are not sure type in the web address and contact the bank using an advertised
phone number or directory enquiries.
- Do not engage in any dialogue with the fraudster by replying to phishing e-mails
and providing bogus information or letting the sender know it is a scam. Doing
so puts you and your PC at risk.
- Do not give out PIN numbers or passwords to anyone online either, or over the
telephone. Because fraudsters start with very limited information, phishing e-
mails are usually addressed to “Dear Customer” rather than to your name.
- Remember banks will never contact you by e-mail to ask you to enter passwords
or any other sensitive information by clicking on a link or visiting a website.
Phishing e-mails are sent out completely at random in the hope of reaching a live
e-mail address of a customer with an account at the bank being targeted
- Only make online transactions on secure websites that begin ‘https’ or display
a padlock in the corner of your web browser.
- Register your payment cards Verified by Visa or MasterCard SecureCode. It adds
another layer to online security and makes it harder to fall victim to online fraud.
- Always log out after shopping online and save the confirmation e-mail as a
record of your order.
- If you are a victim of online banking fraud, you have protection through the
Banking Code, which states that unless you have acted fraudulently or without
reasonable care you will not be liable for losses caused by someone else.
- Avoid carrying out transactions on public or shared computers.
Do not give
out PIN 1.7 For further information please contact:
numbers or Nick Jones
PR and Communications Manager
passwords CPP Group Plc
Holgate Park
York YO26 4GA
to anyone Tel 0104 544 387
E-Mail nick.jones@cpp.co.uk
Web www.cppgroup.com
Online Fraud June 2009
14. 14
CPP is an award 1.8 About CPP
winning organisation:
The CPP Group Plc (CPP) is an international marketing services business offering bespoke
- Named in the
customer management solutions to multi-sector business partners designed to enhance
Sunday Times 008
PricewaterhouseCoopers
their customer revenue, engagement and loyalty, whilst at the same time reducing cost to
Profit Track 100 deliver improved profitability.
- Finalists in the National This is underpinned by the delivery of a portfolio of complementary Life Assistance
Business Awards, 3i Growth products, designed to help our mutual customers cope with the anxieties associated with
Strategy category, 008 the challenges and opportunities of everyday life.
- Finalist in the National Whether our customers have lost their wallets, been a victim of identity fraud or looking
Business Awards, Business for lifestyle perks, CPP can help remove the hassle from their lives leaving them free to
of the Year category, 007
enjoy life. Globally, our Life Assistance products and services are designed to simplify the
and Highly Commended
in 008
complexities of everyday living whether these affect personal finances, home, travel,
personal data or future plans. When it really matters, Life Assistance enables people to live
- Named in the Sunday Times life and worry less.
006, 007 and 008 HSBC
Top Track 50 companies Established in 1980, CPP has 11 million customers and more than 200 business partners
across Europe, North America and Asia Pacific and employs 2,000 employees who handle
- Regional winner of the
National Training Awards,
16 million consumer sales and service conversations each year.
007 In 2008, Group revenue was £259.5 million, an increase of more than 15 per cent over the
- Winner of the BITC Health, previous year. This is more than five times the sales level of 2000.
Work and Well-Being
Award, 007 What We Do:
- Highly Commended in the CPP provides a range of assistance products and services that allow our business partners
UK National Customer to forge closer relationships with their customers.
Service Awards, 006
We have a solution for many eventualities, including:
- Winner of the Tamworth
Community Involvement - Insuring our customers’ mobile phones
Award, 006. Finalist in
- Protecting the payment cards in our customers’ wallets and purses, should
008
these be lost or stolen
- Highly Commended in The
Press Best Link Between - Providing assistance and protection if a customer’s keys are lost or stolen
Business and Education, 005
- Providing advice, insurance and assistance to protect customers against the
and 006. Winner in 007
insidious crime of identity fraud
- Award Finalist in the
National Business Awards, - Offering advice to people considering legal action and cover for the costs
Innovation category, 005 involved in taking action on a range of legal issues
- Award finalist for the 003 - Providing discounts on everyday lifestyle commodities
The Royal Bank of Scotland
Sunday Times Business - Monitoring the credit status of our customers
Awards
- Recognised as one of the
Growth Plus Europe 500 For more information on CPP visit:
www.cppgroup.com
companies
Online Fraud June 2009