REDMOND, Wash., Aug. 14, 2007 — The Internet has changed the way we live: how we learn, follow the news, share memories and entertain ourselves. But many of the experiences that make the Internet so valuable in our daily lives also require us to share information about ourselves that can present certain risks.
Today, the biggest threats facing consumers online are targeted attacks engineered by criminals looking to trick and steal people’s personal information or money. While most consumers claim to be aware of the term “phishing,” many people do not recognize other types of criminal tactics on the Internet and continue to fall prey to these scams.
Microsoft recently commissioned a survey* by market-research firm Harris Interactive to highlight popular online fraud tactics to help inform the public of online risks and how to avoid them. Conducted in May 2007, the survey polled 2,482 U.S. adults (ages 18 years and up) who use the Internet. To learn more about the survey findings and Microsoft’s efforts to help protect people from online fraud, PressPass spoke with Adrienne Hall, senior director of the Trustworthy Computing Group at Microsoft.
PressPass: Can you describe the current state of online crime, as it pertains to consumers?
Hall: In the past year, Microsoft has witnessed a shift in criminal behavior. Online criminals have been focused on finding vulnerabilities or causing mayhem in various ways, and have been motivated by personal interest as a hobby or for notoriety. We are seeing an increasing trend towards stealing people’s personal information and money.
Some of the biggest threats facing people online this year are fraud-related attacks, or cyber-scams, tricks that criminals use to fool people into giving them confidential information or by tricking them into thinking they are dealing with someone they trust. Most consumers say they are aware of the term “phishing” (where a message or Web site content requests action such as entry of personal information) but many do not realize that fraudulent online activity is any targeted attempt by cybercriminals to obtain personal information. Examples of these attempts sent via e-mail include lottery, prize, sweepstakes, Nigerian money offers, requests for information updates to accounts or records that have a recognized name brand or company logo associated with the request.
Unfortunately, the volume and sophistication of criminal threats is expanding rapidly. A study from the Anti-Phishing Working Group, of which Microsoft is a member, found that the number of unique phishing sites detected increased 166 percent between March 2007 and April 2007. Since these online crimes hinge on consumers taking actions that leave them vulnerable, Microsoft commissioned this survey in an effort to educate consumers on existing threats so they can make smart decisions to avoid them.
PressPass: What are some of the key findings in the online fraud survey conducted by Harris Interactive?
Hall: Most surprising to us was the fact that more than half of those surveyed (58 percent) admitted that they had little to no knowledge of current online threats and scams. Unfortunately, this lack of knowledge is why people continue to fall victim to these crimes. Nearly one out of every five online adults (17 percent) has been a victim of at least one Internet scam, and 81 percent of those admitted that they did something that led to the crime, such as opening an e-mail that appeared to be from a legitimate person or company. To us, this clearly illustrates the scope of the problem and the increased need to communicate frequently and articulate ways to avoid these crimes. As a general rule, we always recommend that people “think first, click later.”
PressPass: Were there any interesting differences in the survey results between women and men?
Hall: Yes. We found that online men claim to be more informed of online fraud; 47 percent of men said they are very knowledgeable or knowledgeable of online scams, compared with only 36 percent of women. However, despite claiming to be more knowledgeable, men are more likely than women to be victims of online crime. The survey found that 69 percent of women claimed they have never been a victim of an Internet scam, compared with just 63 percent of men. Despite these differences in self-assessment and experiences, both men and women are much more concerned now about the risks of using the Internet than they were one year ago (71 percent). However, women are more likely than men to be more concerned (78 percent women vs. 63 percent men).
PressPass: How does Microsoft define online safety and security?
Hall: A safe and secure online experience means a person has a high level of confidence and feeling of safety using their computer and the Internet. We’re focused on helping people feel safe and secure in three ways – by protecting your PC, protecting yourself and protecting your family.
First, helping people protect their personal computer is critical because most of the risks that exist online are geared to attack the PC. According to the State of the Net study published by Consumer Reports in September 2006, damages resulting from virus infections totaled US$5.2 billion dollars for consumers, and spyware infections prompted nearly a million people to replace their household computers.
Second, helping people understand how to protect themselves when online is key if you consider that Americans lost about $49.3 billion in 2006 to criminals who stole their identities, according to a report by Javelin Strategy & Research.
Third, helping parents learn how to protect their families is critical because children are online at record numbers and their activities may be the source of serious issues involving personal safety, privacy and theft. A 2005 i-SAFE survey found that almost one-third of children in grades 5-12 have visited an inappropriate Web site and that more than half of kids trust people with whom they chat online, even if they have never met that person. Just as parents teach their kids to look both ways before they cross the street, Microsoft is helping parents engage with their children to apply similar safety rules to protect kids online. Applying the same sorts of family rules and decision making around physical safety, to Internet safety, while keeping lines of communication open, is clearly important.
PressPass: What is Microsoft doing in the consumer online safety space?
Hall: Microsoft continues to make technology investments that offer safer alternatives to consumers through new technologies. For example, we’ve made a number of advancements to better protect our customers online within our new operating system, Windows Vista. Windows Vista has the firewall, automatic updates and anti-spyware built in and turned on by default. Windows Vista also enables customers to easily sign up for whichever anti-virus service they want to use. In addition, for the first time in a Windows operating system, Vista includes built-in parental controls to help families have a safer computing experience.
Microsoft has also delivered Windows Live OneCare — a comprehensive, automatic and self-updating PC care service that continually manages vital computer tasks so people don’t have to worry about protecting and maintaining their computers. This is an all-in-one solution that is really easy to use and simple to figure out how your computer is doing and what has been detected.
If people don’t have Windows Vista, we urge them to follow Microsoft’s Protect Your PC guidance of enabling a firewall, regularly updating their software through automatic updates, and installing anti-virus and anti-spyware software.
PressPass: Can you provide some details on how Microsoft is addressing online safety issues?
Hall: For each of the three online safety areas I just mentioned, protecting your PC, yourself and your family, we address the problem of online safety in three ways — with technology solutions, education and guidance, and by working with law enforcement and other types of partners around the world.
We continue to make many technology investments that offer safer alternatives for consumers. I’ve already mentioned Windows Vista — our most secure operating system to date. And there’s Windows Live OneCare that I mentioned above.
For people who don’t have Windows Vista yet, we have a service that people can download from the Internet at no charge, called Windows Live Family Safety, which provides parental controls settings.
There are many great technology solutions – from Microsoft and other companies – available for people to use. However, technology alone cannot stop the impact of online threats, because fundamentally this is a crime problem. The Internet is an environment that is different than the physical world, although there are certainly similarities and learning that can be applied from all of our collective experiences.
For example, the Internet is more anonymous than the physical world. While one of us may see a person attempting to break into a location on a street, this is not something the average person can see online. The Internet has a level of anonymity that is different than the physical world – people can make up multiple aliases and have several identities or personas that make detection and apprehension more difficult. And third, there are rich targets – data and personal information residing in multiple places.
With these things in mind, it is clear that people need to be educated on the risks and how to avoid them. That is why Microsoft continues to provide consumer education, guidance and tools and resources at no charge on our Web site, www.microsoft.com/protect.
We also recommend consumers follow these simple steps to avoid fraud: keep personal information private, only download files from sites that you know and trust, be extra careful when using public computers, delete spam e-mail, use strong passwords and treat links and attachments in e-mail and instant messages with care. Regarding spam e-mail and spotting fraudulent mail, I always say ‘If it looks to good to be true, it probably is.’ Applying these steps can help ensure safer and more enjoyable experiences online.
As a global leader in our industry, we embrace our duty to work alongside law enforcement agencies to help catch online criminals and make the Internet a safer place. Our Internet Safety Enforcement Program is committed to helping make the Internet safer for online users by building partnerships with government, nonprofit social organizations, law enforcement agencies and other industry leaders to combat the threats consumers face. To date, Microsoft has supported more than 500 enforcement actions worldwide against spammers, phishers, and distributors of spyware and other malicious code, including assisting law enforcement around the world to secure the Internet for consumers.
PressPass: Any final thoughts?
Hall: As our survey illustrated, people need to be constantly updated to the threats that exists and how to avoid online scams. Security threats are an industry-wide issue, and it’s important that the industry works together to stay ahead of criminals and help inform and protect customers. Microsoft is committed to ongoing collaborations with security researchers, independent software vendors, partners and law enforcement to help provide customers with a safer online experience.
The other comment I’d like to make is that good solutions and information are available today – make the most of it to improve your experiences and comfort level online. For people newer to learning about these topics, find experts within your family or friends networks, and keep communicating – people are learning a lot together and enjoying their computer and online experiences the more they uncover.
* This survey was conducted online within the United States by Harris Interactive on behalf of Microsoft Corporation between May 22 and May 24, 2007 among 2,482 adults (aged 18 and over). Figures for region, age within gender, education, household income and race/ethnicity were weighted where necessary to bring them into line with their actual proportions in the population. The data were also weighted to be representative of the online population of U.S. adults on the basis of Internet usage (hours per week) and connection type.
With a pure probability sample of 2,482, one could say with a ninety-five percent probability that the overall results would have a sampling error of +/- 3 percentage points. Sampling error for data based on sub-samples may be higher and would vary. However, that does not take other sources of error into account. This online survey is not based on a probability sample and therefore no theoretical sampling error can be calculated.