14% of people globally have fallen victim to online fraud that cost them money, according to the F-Secure Digital Lifestyle Survey 2013. Out of all the countries we surveyed, it seems people in the US and Malaysia had experienced the highest levels of fraud online, with 20% in those countries reporting they have been victims. Brazil, Australia and the UK followed closely behind, with 19%, 18% and 17%.
The lowest levels were in Belgium and Finland, with only 9% in each of those countries having lost money to online fraud.
In fact, European countries in general reported lower levels of online fraud that other countries, which could also explain why Europeans express less concern about online safety and potential fraud than Brazilians, Americans, Malaysians, and others. In Europe, 68% of people are concerned about being victims of fraud when shopping online, and 61% of people when banking online. In the rest of the countries surveyed, however, the numbers are 87% and 84% respectively.
Globally, more people are concerned about online safety when using computers than when using mobile devices and tablets. 69% of consumers are concerned about whether they are safe when using a computer or laptop for things like browsing, shopping, reading, mailing and gaming. 54% are concerned when using mobile devices, and only 43% with tablets.
What about you? How concerned are you about being frauded when going about your daily online activities? Which activities concern you the most?
Here are some tips to avoid becoming a victim:
[Image by strzelec via Flickr]
If you're in business, you have enemies -- and they're trying to get into your network. For-profit malware authors after baking information or files for extortion want in. Script-kiddies want in because mayhem is their game. And if you're large enough, criminals seeking data about your customers for espionage want in too. "For instance, if you're a law firm," F-Secure Labs Senior Researcher Jarno Niemelä said in a recent webinar, "your clients might be interesting." And it's not just the clients of lawyers, who may be "interesting". He noted companies that specialize in car rental, car leasing, cleaning and catering all have customers that are attractive targets for your enemies. In order for an attack to be successful, the attacker must first get information about his or her targets. And the worst part is we may be letting our enemies in. Here are the 5 most common methods that is done: 1. Email. Spam is designed to hit anyone and only needs to work a tiny fraction of the time. A spear phishing attack was designed to get you. 2. Hacked websites. Like a lion hiding in a savannah, the best attackers infect a website you're likely to visit -- naughty and not naughty -- and wait for you to become their prey. 3. Search Engine Poisoning. Criminals target a specific search term and tries to drive an infected site up the Google rankings. 4. Traffic Injection. These more advanced attacks hijack your traffic and send it to a router controlled by the enemy. Once you've become the victim of a man-in-the-middle attack any web site you visit could be infected just for you. 5. Social engineering. What your enemy lacks in technical savvy, s/he could make up with the ability to fool you. 6. Affiliate marketing. Some criminals -- and intelligence agencies -- simply buy their victims in bulk. Jarno calls it "the digital slave trade". Of course, these aren't the only ways into your network. Jarno also explained how offline attacks through external drives, for instance, can provide access. But these are the six most likely ways your enemies will find their way in your network. And you should have some idea what they're up to, since their success depends on your mistakes. Cheers, Sandra
At Re:publica 2015, our Chief Research Officer Mikko Hypponen told the main stage crowd that the world's top scientists are now focused on the delivery of ads. "I think this is sad," he said. [youtube https://www.youtube.com/watch?v=pbF0sVdOjRw?rel=0&start=762&end=&autoplay=0] To give the audience a sense of how much Twitter knows about its users, he showed them the remarkable targeting the microblogging service offers its advertisers. If you use the site, you may be served promoted tweets based on the following: 1. What breakfast cereal you eat. 2. The alcohol you drink. 3. Your income. 4. If you suffer from allergies. 5. If you're expecting a child. And that's just the beginning. You can be targeted based not only on your recent device purchases but things you may be in the market for like, say, a new house or a new car. You can see all the targeting offered by logging into your Twitter, going to the top right corner of the interface, clicking on your icon and selecting "Twitter Ads". Can Twitter learn all this just based on your tweets and which accounts follow? No, Mikko said. "They buy this information from real world shops, from credit card companies, and from frequent buyer clubs." Twitter then connects this information to you based on... your phone number. And you've agreed to have this happen to you because you read and memorized the nearly 7,000 words in its Terms and Conditions. Because everyone reads the terms and conditions. Full disclosure: We do occasionally promote tweets on Twitter to promote or digital freedom message and tools like Freedome that block ad trackers. It's an effective tool and we find the irony rich. Part of our mission is to make it clear that there's no such thing as "free" on the internet. If you aren't paying a price, you are the product. Aral Balkan compares social networks to a creepy uncle" that pays the bills by listening to as many of your conversations as they can then selling what they've heard to its actual customers. And with the world's top minds dedicated to monetizing your attention, we just think you should be as aware of advertisers as they are as of you. Most of the top URLs in the world are actually trackers that you never access directly. To get a sense of what advertisers learn every time you click check out our new Privacy Checker. Cheers, Jason
This is the first in a series of posts about Cyber Defense that happened to real people in real life, costing very real money. A rainy, early spring day was slowly getting underway at a local council office in a small town in Western Poland. It was a morning like any other. Nobody there expected that this unremarkable day would see a series of events that would soon affect the entire community... Joanna Kaczmarek, a Senior Specialist in the council’s Accounting Department, rushed into her office a little late, but in a good mood nonetheless. Before getting down to work, she brewed herself a cup of coffee and played some music on her computer. Several days earlier, she had finally installed a music app on her PC so she could listen to her favourite tunes while she worked. This had taken some effort though, as she had needed administrator’s access to her computer. It took a lot of pleading and cajoling, but after a week the IT guy finally gave in. Joanna had no idea that she was opening a dangerous gap in the council’s IT system. That morning, Joanna launched, as she had countless times before, a government issued budget management application. With a few clicks, she made a transfer order for nearly twenty thousand zloty. The recipient of the money was a company that had won the contract for the renovation of a main road in the town. The whole operation took seconds. Two days later, the owner of the company phoned Joanna, asking about the advance he was supposed have received. “I can’t get the work started without that money”, he complained in an annoyed voice. Joanna was a little surprised and contacted the bank. The bank confirmed the operation, saying that there was nothing suspicious about it. Joanna, together with the Head of the IT Department, carefully ran back over the events of the day of the transfer. They found nothing out of the ordinary, so started checking what was happening on Joanna’s computer around the time before the transfer date. They soon found something: nearly a week prior to the date of the missing transfer, Joanna had received an email from the developer of the budget management software. For Joanna, the message hadn’t raised any red flags; the email contained a reminder about a software update and looked very legitimate. It contained the developer’s contact data, logo and telephone number. Everything was in order… Everything except for a change of one letter in the sender’s address. Joanna hadn’t noticed – a “t” and an “f” look so alike when you read quickly, don’t they? Unaware of the consequences, Joanna followed the link that was to take her to the update website. With just one click of her mouse she started a snowball of events that ultimately affected each and every resident of the town. Instead of the “update”, she downloaded dangerous spyware onto her computer. In this way, the cybercriminals who orchestrated the attack learnt that the woman was a Senior Specialist in the Accounting Department and was responsible for transferring money, including EU funds. The thieves lured Joanna into a digital trap, tricking her into installing software that replaced bank account numbers “on the fly”. As she was processing the transaction, the hackers replaced the recipient’s account details with their own, effectively stealing the money. Joanna would have been unable to install the fake update if she hadn’t obtained the administrator’s rights she’d needed for her music app. All she had wanted was to listen to some music while she worked. If only she had known what the consequences would be... After the attack was discovered, the Police launched an investigation. Joanna was just one of many victims. Investigators discovered that the malware infection was likely to have targeted computers used by local government workers in hundreds of municipalities across Poland. Law enforcement authorities haven’t officially disclosed how much money was stolen, but given the fact that losses may have been underreported, the estimated figures are in the millions of zlotys. On the top of that, Joanna’s town had to wait months for the completion of the roadwork. This was one of the largest mass cyber-attacks against local government in Poland. It certainly won’t be the last one... For small and medium sized enterprises, the average financial loss as the result of a cyber security incident is on average 380 000€. The risk and the lost is real. Don’t be an easy target. We help businesses avoid becoming an easy victim to cyber attacks by offering best in class end-point protection and security management solutions trusted by millions.