Wednesday, May 10, 2006
New Research into Online Threats Underscores the Need for Widespread Consumer Education
Results from a recent survey of UK consumers’ attitudes toward identity theft have shown that many underestimate the probability of the crime occurring. A joint Harvard University–UC Berkeley study, meanwhile, has demonstrated just how susceptible even a sophisticated Web user can be to a phishing attack, often the precursor to identity theft.
Education campaigns are the key to raising awareness. When even the savviest of Web users can’t recognize a crafty phishing attack, imagine how often average computer users might fall prey to online identity theft schemes. We need to undertake a massive, Apollo project–scale education effort to turn the tide.
Recently reported research suggested that only one third of UK consumers know that their risk of falling prey to identity theft is one in 1,000. British firm MyCallcredit’s survey also revealed that nearly 25 percent of respondents drastically underestimated their risk by as much as 15 times less than their actual risk.
Meanwhile, findings from a study titled “Why Phishing Works” conducted by researchers at Harvard University and UC Berkeley suggested that phishers fool even sophisticated Web users. “Good” (i.e., polished) phishing sites were effective, in fact, at fooling 90 percent of the study’s participants.
The authors of “Why Phishing Works” then collaborated to isolate the factors behind the efficacy of phishing attacks. They concluded that users’ lack of knowledge of—or an inattention to—common security indicators helped to make phishing attacks effective. In addition, “typejacking,” a tactic that replaces the key characters of a legitimate organization’s domain name with similar key characters (e.g., the use of the Arabic numeral “1” in place of the lowercase letter “l”), and other visually deceiving practices also seemed to be effective at duping users.
Is it any wonder why we need to educate consumers about the dangers they face? The task before us is monumental. Identity theft and the computer threats that facilitate this crime have been prominent in the public consciousness for years now. And yet the levels of awareness and savvy needed to thwart scammers are sorely lacking.
Fortunately, stopping identity thieves before they even have a chance to commit their crime is pretty straightforward. Comprehensive education for consumers will do it. The challenge resides in summoning the will to invest in that education, a worthy investment of time and energy.