The latest Scottish Crime and Justice Survey has revealed that 1 in 5 adults using the internet stated that they experienced cyber fraud or computer misuse in the last 12 months - and the majority didn't report these incidents to the police.

For the first time the annual Scottish Crime and Justice Survey (SCJS) has included the topics of cyber crime and online fraud in their outreach for public experiences and attitudes towards crime. The SCJS is a large-scale social survey which includes the responses of over 5,500 adults, providing insights into crimes taking place across Scotland that may not have been reported to police.

 

Experiences with Cyber Crime

Not only did 1 in 5 respondents report experiencing cyber fraud in the last year, but 1 in 20 actually fell victim to more than one threat type. The survey concluded that the most frequently encountered threat was devices being infected by viruses - a common result of falling for phishing attacks - with other highly reported threats including account compromise, stolen card or bank details, and scam emails.


Interestingly, the likelihood of experiencing any type of cyber fraud was lower for respondents aged 60 and over, despite this age group being commonly associated with falling victim to online scams. In fact, the youngest age group in the study - ages 16-24 - were actually the most likely to fall for online scams by a significant stretch. It is worth noting, however, that this younger group were also the most likely to report if their online accounts had been accessed for fraudulent purposes, signifying security awareness in terms of shared responsibility.

 

Impacts and Changed Behaviours 

Users who had experienced the above types of cyber fraud and computer misuse were then asked how these experiences negatively impacted them and how they changed their online behaviours in response.

In each case, with the exception of those affected by card/bank data theft, the majority of users actually experienced no significant impacts. This is of course a very positive finding, but even better is the fact that - even without suffering major consequences - many users still changed their online behaviours following their experience to avoid finding themselves in a potentially worse situation in the future. These behaviour changes differ depending on the threat experienced as displayed below.

 

Victims of Virus Infected Devices

Impacts:

  • 32% - Unable to access device or the internet
  • 13% - Lost confidence using the internet
  • 48% - No impact

Behaviour Changes:

  • 52% - Installed anti-virus software
  • 46% - No longer open emails from unknown senders
  • 43% - Less likely to click on links to unknown websites

 

Victims of Card / Bank Account Data Theft

Impacts:

  • 78% - Lost money, but able to retrieve it in full
  • 17% - Lost confidence in using the internet
  • 11% - No impact

Behaviour Changes:

  • 33% - Less likely to click on links to unknown websites
  • 30% - No longer open emails from unknown senders
  • 33% - No behaviour change

 

Victims of Account Compromise

Impacts:

  • 20%  - Lost confidence in using the internet
  • 11% - Mental health was affected
  • 55% - No impact

Behaviour Changes:

  • 40% - Use different passwords for different websites
  • 36% - Regularly change passwords
  • 30% - No longer open emails from unknown senders

 

Victims of Scam Emails

Impacts:

  • 12% - Lost confidence in using the internet
  • 9% - Lost money, but able to retrieve it in full
  • 74% - No impact

Behaviour Changes:

  • 28% - No longer open emails from unknown senders
  • 25% - Use different passwords for different websites
  • 45% - No behaviour change

 

Business Perspective - The Importance of Developing Online Behaviours

The rise of social engineering and spear phishing doesn't seem to be slowing down any time soon, with these targeted attacks taking advantage of poor security awareness to manipulate users into interacting with malicious links or attachments, giving out confidential data like log-in details, and even approving large financial transfers.

Email gateway protections often fail to detect these attacks due to their highly personalised nature, leaving your employees as a last line of defence.

With a continuous training solution like Barracuda Phishline, users can establish confidence in their ability to identify suspicious activity in online communications, display proactive reporting to help recognise new trends, and stay one step ahead of evolving tactics thanks to the relevant and regularly updated learning content.

Get the White PaperCombating the Threat of User Error &
Security Awareness with Barracuda Phishline