The only figure that is larger than the 81 percent of home PCs that lack critical security applications such as anti-virus, anti-spyware or firewall software is the 83 percent of home PC users who falsely believe they are safe from online theft of information and identity, according to AOL’s latest Online Safety study.
The survey indicated phishing attacks — bogus e-mails that sites masquerade as legitimate correspondence and link to bogus sites — impact one in four Americans each month, with one in five knowing a friend or family member victimized by identity theft.
What was perhaps most troubling about the latest AOL/National Cyber Security Alliance (NCSA) Online Safety Study is the revelation that 70 percent of consumers who receive phony e-mails believe they are from legitimate companies, rather than the online criminals who cast wide phishing nets to snare enough consumers to make the crime profitable.
Attackers and Scams Advance
AOL, which conducted interviews with adult dialup and broadband PC users, reported that only 42 percent of respondents even knew what the term “phishing” meant.
“Phishers are getting better at tricking consumers into revealing their bank account and financial information, and most Americans can’t tell the difference between real e-mails and the growing flood of scams that lead to fraud and identity theft,” said a statement from AOL Senior Vice President and Chief Trust Officer Tatiana Platt.
The company also pointed to some security improvements, indicating that firewall use was up with Microsoft’s XP Service Pack 2 update, and a nearly 20 percent drop in the number of PCs with spyware or adware on them.
False Sense of Security
Still, AOL said while more than 80 percent of home computers lack one of the three protective technologies it described as critical — anti-virus, anti-spyware, and firewall — the bulk of users, 83 percent, thought they were protected.
“There is a major perception gap,” said NCSA Executive Director Ron Teixeira in a statement. “Even though most consumers think they are protected, this study shows the opposite. Far too many people still lack the three fundamental protections they need to stay safe online.”
Teixeira added with increased broadband, always-on Internet connections, more of the sensitive information stored on PCs will be at risk.
Large Potential Pool
Webroot Vice President of Threat Research Richard Stiennon told TechNewsWorld the survey numbers reflect the healthy, growing opportunity for criminals to steal sensitive information.
“All you need is one patsy to commit significant crime,” Stiennon said.
He also referred to more advanced “pharming” attacks that surreptitiously re-direct Web browsers to bogus sites, even though the legitimate company’s URL may be displayed for the user.
Stiennon also questioned the AOL survey’s figure of only one in four Americans receiving phishing e-mails per month, suggesting it was reflective of the low awareness among consumers.
“I’d say it’s more like 95 percent of everybody,” he said.
Up to Vendors
Stiennon argued the onus for better security when it comes to Internet use is on software and service providers.
“Everyone who has any sort of transactional capability on the Internet should take steps to protect consumers,” he said.
For example, companies such as Paypal — a favorite company to spoof in phishing attempts to steal information or money — must institute stronger measures against fraud and abuse, he said.
Growth and Convergence
VeriSign iDefense senior engineer Ken Dunham told TechNewsWorld the increase in attacks on consumers, which is likely to continue, is largely a product of a larger, less-savvy Internet user population.
Dunham explained while history’s Internet user was a more technically sophisticated individual, the growth of the Web has come with more ease-of-use.
“Today, it’s point and click, and it’s going to get worse because of the increasing population of the Internet,” he said.
Dunham added that attacks and methods are being blended and becoming more persistent with the use of so-called “rootkits,” which hide files and processes and contribute to the number of “always-infected” PCs.
“There’s money to be made, and I think we’re in the early days of exploitation,” he said. “People are just starting to realize the scope of the problem.”