• More than 4,500 people express concerns with safety of personal information on the Internet and a desire for better identity protection, in survey from EMC’s security division
• Two in three people reluctant to share on social networks
• Three in 10 people fall prey to phishing attacks; a six-fold increase in just two years

RSA, The Security Division of EMC (NYSE: EMC), announced the results of its 2010 Global Online Consumer Security Survey that polled more than 4,500 consumers regarding their awareness of online threats, concerns with the safety of their personal information online and their willingness to share it, and desire for better identity protection.

To view the multimedia version of this release, visit:
http://www.rsa.com/go/press/RSATheSecurityDivisionofEMCNewsRelease_12010.html

Of the more significant survey findings, consumer awareness of phishing attacks has doubled between 2007 and 2009 and the number of consumers who reported falling prey to this attack increased six times during that same period of time. In addition, while hundreds of thousands of people join social networking websites each day, the survey revealed that nearly two in three (65 per cent) people who belong to these online communities indicated they are less likely1 to interact or share information due to their growing security concerns.

Social networking websites have become a hotbed for online criminals because of their global reach and the participation by hundreds of millions of active users from all walks of life. This makes these communities prime targets for exploitation by criminals who seek to steal personal information through socially engineered attacks. Reflective of this trend, the survey exposed that four out of five (81 per cent) people using social networking websites expressed concern2 with the safety of their personal information online.

“Fraudsters continue to fine-tune their array of tactics that result in millions of computers becoming infected with Trojans and other malware,” said Christopher Young, Senior Vice President at RSA. “These online criminals are adept at social engineering with at-the-ready phishing attacks that are launched within moments of breaking news about popular celebrities, professional athletes or serious global events. In these cases, people are lured to legitimate websites infected with malware as well as complete fakes designed to look like well-known news sources. Within these websites, Trojans can easily be masked as ‘required’ updates to a media player which can result in countless computers becoming infected with malware. While it’s difficult to prevent consumers from visiting these websites, we can do a better job of protecting those who do.”

In a similar RSA survey in 2007, one in three (38 per cent) consumers reported they were aware of the threat of a phishing attack – this figure doubled in two years3, where three in four (76 per cent) consumers have become aware. Additionally, in RSA’s 2010 survey, nine in 10 consumers (89 per cent) reported concerns caused by the threat of phishing.

Despite increased awareness, there have been a growing number of online users that have fallen victim to a phishing attack. In the 2007 RSA survey, only one in 20 (5 per cent) consumers cited they had fallen victim to a phishing scam – this rate increased six-times in 2009 to represent three in 10 (29 per cent) consumers. This increase can be attributed to more advanced communications tactics and greater sophistication such as improved writing and web design skills on the part of the fraudsters. Phishing attacks have also evolved in an attempt to exploit users in different ways and through a broader variety of methods including offshoots known as “vishing,” “smishing” and “spear phishing.”

The sheer volume of phishing attacks launched in recent months is also contributing to these trends. The RSA® Anti-Fraud Command Center recently reported4 the highest-yet detected rates of phishing attacks between August and October 2009, as well as a 17 per cent increase in the total number of attacks between 2008 and 2009.

An increase in consumer knowledge of online threats is further evident of the growth in the number of respondents that expressed awareness of Trojans. In 2007, 63 per cent of consumers stated that they were aware of Trojans and in 2009 that figure climbed to 81 per cent.

Online banking continues to provide significant levels of convenience for consumers, with quick access to chequing and savings accounts, the ability to pay bills automatically, transfer funds and perform other financial transactions. There is dramatic adoption of the use of social networks which people use to form and nurture personal and professional relationships with each other. Finally, healthcare organizations as well as local, state and federal government agencies are bringing the power and convenience of online services to the consumer – offering access to personal healthcare records, driver’s license renewals and payment of tax bills.

The RSA survey revealed that consumers using online banking (86 per cent) websites expressed more concern with the theft of their personal information than those using healthcare portals (64 per cent) and government websites (68 per cent). As a result of these concerns, more than half of all consumers reported that they are less likely to share information and interact on these websites.

Consumers agreed that their identities should be better protected than with just a simple username and password on social networking (59 per cent), healthcare (64 per cent), government (70 per cent) and online banking (80 per cent) websites. Nine in 10 consumers are willing to use a stronger form of security if offered.

For detailed statistics on the survey's findings in Canada, please visit:
http://canada.emc.com/collateral/about/news/csv-wp-1209-canada.pdf

Young continued, “Consumer education and awareness is one of the first lines of defense in the ongoing battle against online crime. Organizations will continue to take advantage of the many benefits offered by the Internet and consumers will seek the convenience offered online – all despite the inherent risks. In order to maximize the full value of what the online world can offer, organizations need to take a layered approach to Internet security in order to best protect their customers’ information.”

• Respondents totaled 4,539 consumers between the ages of 18 and 65
• Conducted in October 2009 by market research firm InfoSurv, Inc.
• Represented 22 countries across North America, South America, Europe and Asia Pacific
• All respondents actively use the Internet

• ¹“Less likely” = “somewhat less likely” + “much less likely”
• ²“Concerned” = “somewhat concerned” + “very concerned”
• ³The 2010 Global Online Consumer Security Survey was conducted in October 2009
• ⁴Source: RSA Monthly Online Fraud Report, November 2009