The Office for National Statistics has reveled the annual figures from The Crime Survey for England and Wales, revealing an estimated 3.6 million cases of fraud and two million computer offences in a year. This is the first time these statistics have been included in the report, with ONS spokesperson John Flatley stating that the figures demonstrate how crime has changed, with fraud “now the most commonly experienced offence”
IT security experts from Kaspersky Lab and Varonis commented below.
David Emm, Principal Security Researcher at Kaspersky Lab:
“We are pleased to see that fraud and computer misuse estimates have been incorporated for the first time within headline CSEW estimates. For one thing, we see a blurring between traditional, real world crime and virtual crime; criminals are happy to blend their techniques across the two and so ‘cyber’ can no longer be seen as a separate compartment of crime. For example, fraudulent computer service calls, which often start with a phone call suggesting consumers check their computer, are more than just a phone scam: they have a serious impact on any device connected to the internet and the data stored on it.
It is important to note that an accurate year-on-year comparison from the ONS, to demonstrate the growth of fraudulent cybercrime, will not be possible until January 2018. However, we agree that bank and credit account fraud is one of the most problematic areas with the continuing rise of e-commerce. Incidents that affect people’s pockets are always more likely to be reported; but it’s important that consumers do report all cybercrime so we can have an accurate view of reality in next years’ report and can understand what areas of cyber safety need attention.
To avoid falling victim to fraudulent activity online, Kaspersky Lab recommends that consumers do the following:
- Do not click on any links received from unknown people or on suspicious links sent by your friends on social networking sites or via e-mail. They can be malicious; created to download malware to your device or to lead you to phishing webpages aimed at harvesting user credentials.
- Install a security solution on all your devices (and make sure it is up to date), with built-in technologies designed to prevent financial fraud. For example, Safe Money technology in Kaspersky Lab’s solutions creates a secure environment for financial transactions on all levels.
- Apply security updates to your operating system and applications as soon as they become available, to prevent cybercriminals from using software flaws to install their own code silently on your computer.
- Do not enter your credit card details on unfamiliar or suspicious sites, to avoid passing them into cybercriminals’ hands. If these websites are offering advantageous deals that look too good to be true, they most likely belong to criminals. Fake websites may look just like the real ones.
- Use unique, complex passwords for all online accounts and don’t share them with anyone – even your nearest and dearest.”
David Gibson, VP at Varonis:
“It’s not surprising that fraud and computer misuse have risen more than 8%, according to the Crime Survey for England. Unauthorised access to personal information by insiders and outside attackers that hijack insider accounts and systems is rampant because most organisations do not adequately restrict insider access to this data, have little to no oversight of its use, and therefore cannot detect or stop abuse until it’s too late. A recent Ponemon study sponsored by Varonis found that 62% of employees say they have access to company data they probably shouldn’t see and only 25% monitor all employee and third party email and file activity. With the upcoming General Data Protection Regulation taking effect in May of 2018, the personal information of EU citizens scattered across documents and spreadsheets must be found, flagged and protected to stay compliant and avoid a breach and its accompanying public notifications and fines.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.