Will another campaign week really change attitudes to online security?
This week marks the start of ‘Get Safe Online Week'.
Describing itself as ‘an annual event to raise awareness of internet safety issues', the campaign group, formed of government departments, security vendors, online services and law enforcement, said that its objective is to encourage everyone to take some time out of their week to learn more about internet safety and to make sure that their computer is properly protected.
Writing in its report, Baroness Pauline Neville-Jones, minister of state for security and counter terrorism, said: “The internet continues to provide great opportunities for every one of us. Both the threats and opportunities associated with the internet are likely to increase significantly over the next five to ten years, as our dependence on online communication and transactions increases. Therefore staying safe online becomes more important than ever.
“It is essential that Government and industry continue to work together to raise awareness still further of these basic security and policy issues. Only by working in close partnership can we effectively tackle burgeoning online crime. I am therefore very pleased to support the Get Safe Online initiative in bringing together, for a sixth year, government bodies, law enforcement agencies and the private sector to tackle the safety needs of the UK's internet users.”
In its first piece of research released this week, it found that one in four UK web users are targeted via cold calls where fake anti-virus software is attempted to be downloaded. Managing director of Get Safe Online, Tony Neate, said: “Not only is this big business for criminals, but it also represents a shift in their approach. Rather than exploiting our lack of awareness, they are now exploiting the fact that most of us know how important (genuine) anti-virus software is.”
Fraser Howard, principal virus researcher at SophosLabs, said: “The concept behind these latest scams is simple: the criminals are using support centres to contact users and trick them into believing they have a problem with their computer. In so doing, users may be scammed into paying for unnecessary support or software, perhaps even giving the criminals remote access to their computer in the process.
“The scripts being used by the call centre may well be pure comedy to the tech-savvy, but the simple fact is that a lot of regular users are likely to fall for it. It only took me a few minutes of searching to find others who had received the same calls as myself, and within discussion forums there were numerous posts from individuals who had been tricked into parting with their credit card details.
“Should we be surprised at this latest development in scareware distribution? I do not think so. Malware distribution has been a business for a good while now, and where the financial rewards are sufficient, some investment in ‘sales' is clearly justifiable.
We have seen scareware attacks evolve from simple mass-spammed attachments to more cunning web-based attacks. The search engine optimisation (SEO) attacks are particularly cunning in that they abuse the very services that we all rely on and trust. Using call centres to cold call victims lacks that finesse, but it is somewhat inevitable, sadly.
“Improved security (particularly widespread adoption of URL filtering) makes it harder for the even the most cunning of web-based attacks to succeed. The telephone cuts right through that and exploits the weakest link in the chain, the user.”
Now after the recent ‘National Identity Fraud Protection Week' it could be argued that another week of activity is hardly going to make major headlines, after all how many times can you hit end-users with the ‘don't download bad stuff' mallet? Even though this campaign is backed by Government and it does release some statements on online safety throughout the year, is one campaign for only one week out of 52 really enough to change attitudes?
I expect that there may be headlines and guidelines on how users should use security software and secure passwords over the coming days, but come next Monday will it be a case that end-users will go back to old and more user-friendly habits?
Baroness Pauline Neville-Jones says that ‘it is essential that Government and industry continue to work together to raise awareness still further of these basic security and policy issues', but as Sophos UK country manager Ciaran Rafferty told SC Magazine recently, a £650 million investment into investigating cyber crime should be used as part of an education project and ‘used to tell people how sophisticated cyber security is'.
Perhaps then people will get it and until then, campaigns may be only preaching to the converted.