This is despite nearly half using mobile phones for internet banking and one in three for online shopping – and all against a backdrop of an 80 per cent increase in phishing attacks directed at mobile devices globally during the past year.
Cyber-attacks can be anything from phishing emails, which could result in a fraudster taking over an online account, a fraudster accessing personal details and then using them elsewhere to commit fraud, to session hijacking attacks where a user’s browsing is interrupted by a hacker, monitored or even hijacked.
This year has proved a tipping point for smartphones and tablets. The rapid rise in demand for online banking and retail combined with very little security on devices has created a massive opportunity for cyber criminals leaving many people and businesses extremely vulnerable. There are approximately five billion connected devices globally, serving a billion online bank accounts and contributing $13trillion to global ecommerce sales and transactions. With so much at stake, the opportunities for fraudsters are countless and we need to do more – as an industry and as individuals – to protect ourselves.
Our survey of 2,000 UK adults showed that the vast majority of people recognise the need for safeguarding their PCs and laptops against online fraud threats, with 93 per cent claiming to have security or antivirus software installed. However when it comes to mobile devices, tablets or smartphones, it is a different story and many people are still vulnerable with little or no protection. This is reflected by the estimated 25 million unique strains of malware, resulting in an 80 per cent annual increase in phishing attacks, and 600 million customer information records hacked.*
Victims of cyber-crime
Our analysis found that one in six UK adults who own a device, have already fallen foul to a cyber-attack within the past year. Laptops and PCs continue to prove the most vulnerable devices to attack with a majority (83%) of users having fallen victim to cyber-crime. But more than a fifth (21%) suffered a smartphone attack and almost one in six (17%) suffered a tablet attack.
The findings come at a time when smartphones and tablets have become an integral part of daily life, providing instant access to websites, apps and games, but also creating huge opportunities for fraudsters. Use of tablet computers to access the internet among adults has almost doubled from 16 per cent in 2012 to 30 per cent in 2013, and nearly two-thirds (59%) of consumers access the internet through a mobile phone – up by six per cent since 2012.
Our research showed nearly half (45%) of smartphone or tablet users have used either device to check their online bank balance, while a third (33%) have paid for an item using an online app, and more than a quarter (27%) have transferred money to another person using an online banking app. Other uses include providing mobile ID verification (14%) and applying for financial services (12 per cent).
While this offers excellent convenience with organisations providing highly secure processes for accessing their services via mobile devices, fraudsters can still take advantage of devices which do not have adequate security installed and it is vital people take steps to safeguard their own position simply by being aware of potential threats.
The growth in online and mobile for retail transactions and online banking has meant that validating identities online has become increasingly complex for businesses. Organisations need to adapt their systems to not only provide the online service that their customers want but at the same time protect customers and their business from fraud.
Device intelligence is one way businesses can verify and authenticate customers using their device information. Every time a customer logs into a bank website, retail or commercial site, the technology is designed to flag inconsistencies and potential fraudulent activity to help reduce cases of fraud and protect both the individual and the business.
Biggest security threats
When asked what was perceived to be the biggest security threat to smartphones, laptops and / or tablets, 30 per cent of UK adults said malware (malicious software being put onto their device to access their information). Other perceived security threats included a data breach (details being stolen from an organisation the user does business with) at 16 per cent, theft (physical theft of a device) at 11 per cent and phishing (being tricked into giving their personal details on email or over the phone) at 10 per cent.
Reasons for not having security software
The survey findings suggest it is not that users don’t recognise the seriousness of online security; in fact, two-fifths (41%) of device owners think they are vulnerable to security threats and viruses. Instead, 12 per cent say they hadn’t taken any preventative measures on their smartphone or tablet because they thought they were automatically provided with protection from their mobile service provider. A further eight per cent believe fraud protection software is too expensive and eight per cent thought they were protected by the organisation they had made a transaction with. Only around a third (29%) of respondents claimed they didn’t have anti-virus software installed because they weren’t aware they needed it.
So how can you better protect your mobile device and your personal information?
Smartphones can hold a wealth of information, from cached passwords to online accounts and apps, contacts and other personal information. As we move into the holiday season and online shopping increases, people should try to follow these best practices to ensure they are protected:
1. Always use a home screen lock on your mobile device.
2. Don’t store account names and passwords or digital pictures of your passport.
3. Remember that public Wi-Fi networks are riskier than private networks, so be careful with the information you access and share when out and about.
4. Your email account is linked to many other accounts and can hold a large amount of personally-identifiable information. Beware of phishing – if an email seems suspicious, don’t open it or click on any links within the email. A legitimate company will never ask for your account details via email. If contacts have received emails from you that you did not send, change all your online passwords immediately.
5. Social media sites can reveal your date of birth, maiden name, email address and enough information to help a fraudster identify possible PIN and/or passwords. Consider how much you really need to share.
Anyone who thinks they have become victims of identity fraud should notify the police, contact their bank and check their credit report. The Experian’s Victims of Fraud service is available as a benefit of your Experian CreditExpert subscription and has a dedicated team on hand to give expert advice and support tailored to victims’ particular circumstances.
*Sources: Experian 41st Parameter, Gartner, IDC and Bloomberg.