"We naturally take steps to protect our physical property, so it makes sense that we do the same for our online profile."
There is no denying the scale of the threat that online scams pose to our financial security and day-to-day peace of mind. As more of our activities are conducted through online platforms, we’ve reached the stage where nearly every consumer has a digital profile of some sort. This proliferation excites criminals and provides fertile ground, as most of us do not have the appropriate protection in place to secure our digital footprint. A recent surge in attempted frauds means we are all exposed to more phishing attacks, cold calls and SMS follow-ups, complex identity theft and insidious social engineering scams.
The UK’s National Cyber Security Centre’s Active Cyber Defence programme claimed it mitigated over 700,000 online scams last year. And According to Action Fraud data, £1.7 billion was lost to scams in the last year, with UK customers losing £78 million, to something as seemingly “niche” as cloned firm fraud.
Part of the reason for this rise is linked to the smokescreen offered by the chaos around the Covid-19 pandemic. Online tools have been vital in facilitating business communications, transactions, and a general sense of community during the multiple UK lockdowns. There has been widespread adoption of technology by people who would normally be reticent in using – and depending on – such solutions. With more people hurriedly increasing their digital footprint out of necessity, they are now freshly exposed to online scams because they are frequently unfamiliar with the basic steps needed to protect their personal information.
This observation was recently corroborated by YouGov research commissioned by Individual Protection Solutions (IPS Community). Based on a nationally representative survey of UK consumers, it was revealed that 34% of those aged over 55-years-old chose scams as the threat that makes them feel most vulnerable. Among the 18-24s, a fifth (21%) say that online security is their top fear – beating other security fears like personal (25%), home (18%) and personal property (12%).
Although figures from both the National Crime Agency and Action Fraud tell us that billions are lost to scammers in the UK every year, IPS Community’s research revealed that most British people (54%) admit they spend nothing (i.e. zero pounds) protecting their personal information online.
Of those that do, only 20% of the over 55s spend up to £9.99 per month with just 5% of 18–24-year-olds spending that much. Given the extent of the threats posed by online scams, the fact that half the UK population spends nothing at all on their online security is incredible. If people knew that a stolen password from one website could help a scammer potentially access a bank account, we think they are much more likely to take some essential steps to beef up their protection. Afterall, we naturally take steps to protect our physical property, so it makes sense that we do the same for our online profile.
So, what strategies should be employed to ensure everyone has some basic protection from online scams?
To begin with, it is important to undertake an audit of your existing digital profile to understand just how secure you are. There are free tools available if you dig around. For example, IPS recently launched StopScamScore, a uniquely personalised audit and recommendation tool that does this. Once the easy-to-understand questions have been answered an individual’s key online vulnerabilities are highlighted and bespoke advice on how to address them is emailed to them. Importantly, none of the questions require Personally Identifiable Information to be handed over.
A common challenge with online security is how to best manage passwords. Simply put, the majority of data breaches are the result of weak password security – and the easiest way in for a criminal. The average person now manages between 70 to 80 online accounts with passwords. Having unrelated, unique and strong passwords for each account is near impossible, yet people tend to use one or two core password “stems” for all of these accounts. The risks are obvious – just one data breach and a scammer could easily have access to all of someone’s personal and financial details.
An industry has grown up around Password Management. Players like LastPass, DashLane and Norton offer software for computers and mobile devices that auto-generates, remembers and manages super secure passwords so that subscribers don’t have to. It’s a habit that quickly takes the stressful load off managing such important information.
With cyber safety, the threat is always evolving. Scams are becoming more and more sophisticated, with scammers keenly aware of how to take advantage of those who are not adequately prepared to protect their personal data. This is a growing area of activity for organised crime in countries where criminals feel confident they sit outside the reach of UK law. The spike in cryptocurrency scams is a testament to this point. With public interest in cryptocurrencies rising, scammers are taking advantage of this interest through fake coin giveaways. They are also impersonating traders and offering to facilitate fraudulent trades. All these tactics are part of the new generation of scams that the British public needs to be made aware of and advised on how to avoid them.
Ultimately, we need to super-charge public awareness and interest in bolstering their own online security. While the IPS Community research shows that people are indeed aware of the threats posed, this awareness must translate into action. People have to take ownership of their own risks and accept it can’t all be done in one magic step. What we need to see is greater cooperation between government, big brands, smaller private businesses and other community organisations to ensure more people know what to do. We must better explain how they can protect themselves and their families from online scams and achieve peace of mind through knowing that they’ve done the right thing.