Joining us today is Adrienne Hall, senior director of the Trustworthy Computing Group at Microsoft.
DDJ: Adrienne, can you tell us about the Security Survey that Microsoft recently conducted? What was the goal? Who was surveyed?
AH: Microsoft conducted its consumer security survey in May 2007 to highlight the top types of online fraud attacks that consumers face and their limited awareness on how to avoid these threats. The survey was conducted by Harris Interactive, which polled 2,482 U.S. adults (ages 18 years and up) who use the Internet. Overall, the survey results revealed the intense lack of knowledge that most people have about the scope of the problem and the increased need for Microsoft to articulate ways consumers can avoid these crimes.
DDJ: What were the key findings from the survey?
AH: The key findings of the survey illustrate how unknowledgeable people are about online fraud. Nearly one out of every five people surveyed has been a victim of at least one Internet scam, and 81 percent of those admitted that they did something that led to the crime, such as opening an email that appeared to be from a legitimate person or company. About three in five (59 percent) admitted they had little to no knowledge of current online threats and scams, and nearly half (45 percent) have opened an email message from someone or a company they didn't know. Additionally, despite claiming to be more knowledgeable about current Internet scams, men are more likely to be victims. 69 percent of women claimed they have never been a victim of an Internet scam, compared with just 63 percent of men.
DDJ: What are the major online threats and cybercrime techniques being used today?
AH: In the past year, Microsoft has witnessed a major shift take place online where hackers are no longer hacking computers to find vulnerabilities in a program for notoriety, but are now doing it to steal people's personal information and money. Microsoft has found that some of the biggest threats facing consumers online are targeted attacks, sometimes called "social engineering attacks," which occur when a person is tricked into taking action or divulging confidential information online because they believe they are communicating with someone they trust. Our survey found that about two-thirds of cybervictims (67 percent) were victims of targeted phishing scams that range from fake bank Web sites to e-mail claiming they had won the lottery and simply needed to provide their financial information to collect the prize money. Also, nine out of 10 adults online (90 percent) said they were at least somewhat knowledgeable of the "update your account now" scam from criminals posing as banks and credit card companies, but one-third (35 percent) of cybervictims admitted that they still fell victim to that specific scam.
DDJ: In terms of the results, what surprised you the most?
AH: Most surprising to us was the fact that more than half of those surveyed (58 percent) admitted that they had little to no knowledge of current online threats and scams. Unfortunately, this lack of knowledge is why people continue to fall victim to these crimes. To us, this clearly illustrates the scope of the problem and the increased need to communicate frequently and articulate ways to avoid these crimes, such as: keep personal information private, only download files from sites that you know and trust, avoid using public computer networks, delete spam e-mail, use strong passwords and treat links and attachments in e-mail and instant messages with care. Regarding spam e-mail and spotting fraudulent mail, I always say "If it looks too good to be true, it probably is." Applying these steps can help ensure safer and more enjoyable experiences online.
DDJ: Is there a web site that readers can visit for more information?
AH: Absolutely, Microsoft suggests that readers visit www.microsoft.com/protect for more information about how to protect their PCs, themselves and their families online.