News

One in Four Computer Users Hit by Phishing Attempts Each Month, According to Major In-Home Computer Safety Study (30/12/2005)

Second Annual AOL/NCSA Online Safety Study Finds 81% of Home Computers Lack Key Protections Against Viruses, Spyware, Hackers

Identity Theft Risk High As Consumers Turn to Online Holiday Shopping

Phishing attacks aimed at identity theft now affect roughly one in four Americans (23%) each month, according to the second annual AOL/National Cyber Security Alliance (NCSA) Online Safety Study. Additionally, more than two-thirds of consumers (70%) who received such scam e-mails thought they were from legitimate companies, putting them at high risk of losing sensitive personal information to identity thieves or criminals. The AOL/NCSA Online Safety Study is the largest study of its kind, sending technical experts into hundreds of typical homes to examine personal computers for known security risks and threats. Highlighting the growing risk from phishing attacks, one in five respondents (18%) taking part in the study said a friend or family member had already fallen victim to an online identity theft scam. And, demonstrating the growing need for consumer education on this threat, the survey revealed that only 42% were familiar with the term "phishing," and of those, just 57% could accurately define it. Most phishing emails appeared to come from legitimate companies -- like banks or credit card companies -- and tried to convince consumers to surrender personal information like credit card numbers or passwords.

"Phishers are getting better at tricking consumers into revealing their bank account and financial information, and most Americans can't tell the difference between real e-mails and the growing flood of scams that lead to fraud and identity theft." said Tatiana Platt, Senior Vice President and Chief Trust Officer for AOL. "Consumers need to be aware of the risk, and they need to use critical protections like anti-virus software, spyware protection, and a firewall to help protect them from online threats."

The study found that 81% of home PCs lack at least one of the three critical protections -- updated computer virus software, spyware protection, and a secure firewall -- necessary to help guard against viruses, spyware, hackers, and other threats. More than half (56%) of the participants either had no anti-virus protection or had not updated it within the last week, almost half (44%) did not have a properly-configured firewall, and four in ten (38%) lacked spyware protection. Yet, despite these findings, the large majority of users (83%) falsely believed that they were safe from online threats.

"There is a major perception gap: Even though most consumers think they are protected, this study shows the opposite. Far too many people still lack the three fundamental protections they need to stay safe online -- current anti-virus software, spyware protection, and a secure firewall," Ron Teixeira, executive director, National Cyber Security Alliance. "As we move into a broadband world, where consumers have an always-on connection to the Internet, these core protections are even more vital. This is particularly troubling, given that more than two-thirds of those surveyed say they keep sensitive information on their PCs."

These findings come as consumers get ready to spend billions over the Internet this holiday season. According to Jupiter Research, online shopping is expected to top $26 billion for the year (an 18% increase over 2004), with millions of consumers putting financial and personal information online.

Half of Wireless Consumers Lack Basic Protection

In addition, the study found that while more homes are connecting to the Internet using wireless networks, too few of them are properly set up to keep out intruders. More than one out of four homes had a wireless network (26%), and nearly half of these homes (47%) failed to encrypt their connection, a safety precaution needed to protect wireless networks from outside intruders.

Despite Gaps, Some Progress in Improving Security

On the positive side, the survey found that home computer users have made some progress in improving specific areas of their security. The percent of homes with properly-configured firewall protection jumped from 28% to 56%, as Microsoft rolled out its Windows XP SP2 update with a default-on firewall, and the percent with recently-updated anti-virus software on their computers rose from 33% to 44%. Meanwhile, the percent of home PCs with spyware or adware programs on their computer dropped from 80% to 61% this year, while the percent with active viruses fell from 19% to 12%.

"Although we have made some strides in helping consumers protect themselves, the threats are growing broader and more dangerous, so the risk of failure can be that much more catastrophic," said Platt. "When a single virus, a simple scam or hidden spyware program can shut down your computer or cause a person to lose their bank account, their family pictures, or all of their personal records, it is vital that consumers take every possible step to protect themselves. You can't lock just a few of the windows in your house and expect to stay safe from thieves."

Other Key Findings

-- Three-quarters (74%) of respondents use their computers for sensitive transactions such as banking, stock trading, or reviewing personal medical information.

-- More than two-thirds (68%) keep sensitive information on their home computers like personal correspondence, resumes or professional records, or health or financial information.

-- More than half (55%) say they have been infected by a virus in the past.

-- The percent of computers with an active file-sharing program fell by more than half from 23% to 11%.

-- Homes with children were more likely to have spyware or adware on the computer. More than two-thirds (69%) of homes with children under age 18 had spyware/adware, vs. 58% of households without kids.

-- Seven in ten (70%) users now say that they use a pop-up blocker (vs. 47% last year)

METHODOLOGY

The 2005 AOL-NCSA Online Safety Study was conducted through in-person interviews and technical analyses with a typical sample of 354 dial-up and broadband adult computer users, at least 18 years of age, from September 19 to October 28, 2005. The sample included 225 broadband users (64 percent) and 129 dial-up users (36 percent). The survey also included a sub-sample of 100 households that were asked to turn off all spam filtering software and retain all e-mails received for a two-week period. Technicians reviewed each of the thousands of e-mail received by those households to evaluate phishing threats. About The National Cyber Security Alliance

A not-for-profit 501(c)(3) organization, the National Cyber Security Alliance (NCSA) is a central clearinghouse for cyber security awareness and education for home users, small businesses, and the education community. A public-private partnership, NCSA sponsors include the Department of Homeland Security, Federal Trade Commission, and many private-sector corporations and organizations.

www.staysafeonline.org