Notes

Cyber Attacks Against Financial Services Cost Consumers £8bn in 2016, Research Reveals

Online financial services and lending companies are increasingly being targeted by fraudsters and costing consumers millions of pounds around the world last year alone, according to research.

Cyber attacks against online lending companies and alternative payment systems increased 122pc last year, according to Threat Metrix, a security company that monitors more than 20bn online transactions a year.

The fraud is estimated to have cost consumers as much as £8bn in 2016, the company said.

Paid content

The spike in fraud comes as online financial services are growing in popularity. A combination of greater trust and ease of use means customers are increasingly opting to use digital businesses. In the UK, financial services transactions online grew by 10pc last year.

But this uptick has made the industry a prime target for cyber attacks, ThreatMetrix said after detecting 80m attacks on the financial sector using fake or stolen credentials in 2016.

Cyber crime | Most common UK online offences
These are the ten most common cyber-crimes in the UK, with number of cases reported in the year to June 2016

1. Bank account fraud – 2,356,000
Criminals trick their way to get account details. For example: “Phishing” emails contain links or attachments that either take you to a website that looks like your bank’s, or install malware on your system. A 2015 report by Verizon into data breach investigations has shown that 23pc of people open phishing emails.

2. Non-investment fraud – 1,028,000
AKA Ponzi schemes. Examples include penny stocks, pension liberation, and investment in commodities, such as wine or art, that later prove worthless

3. Computer virus – 1,340,000
Unauthorised software damages or takes control of your machine. For example: “Ransomware” encrypts your files and pictures then demands a payment to restore your access to it

4. Hacking – 681,000
Criminals exploit security weaknesses to illegally access other machines or networks. They steal sensitive data or subvert machines for their own purposes, such as sending spam or launching other cyber attacks

5. Advance fee fraud – 117,000
The victim is promised access to a great deal of money in return for a smaller upfront payment. For example, the classic “Nigerian Prince” emails scam

6. Other fraud – 116,000
One example is “solicitor scams”, where a solicitor’s website is hacked, then clients asked to divert large payments into the criminals’ bank accounts.

7. Harassment and stalking – 18,826
Threats, abuse and online bullying – what’s commonly been termed “trolling” on social media

8. Obscene publications – 6,292
Pornography that meets the definition of the Obscene Publications Act, thus generally involving some form of physical abuse

9. Child sexual offences – 4,184
Assault, grooming, indecent communication, coercing a child to witness a sex act. These crimes may be being under-reported

10. Blackmail – 2,028
This includes threats to publish intimate photographs online
Source: Office for National Statistics

"Due to its surge in popularity, and fast transaction cycles, online lending has become a prime target for cyber criminals," said Vanita Pandey, vice president of strategy at ThreatMetrix. "Online lenders are under increasing pressure to adopt smarter authentication methods to accelerate genuine loans and prevent fraud."

The most common crime in the UK spotted by the researchers was identity theft using data stolen in high-profile breaches, such as those against Yahoo and LinkedIn. ThreatMetrix said the majority of fraudulent attacks appear to have originated in developing countries including Brazil, Egypt, Ghana, Jordan, Nigeria and Macedonia.

As cyber crime becomes a regular challenge for businesses, separate research from Timico has revealed the scale of damage ransomware attacks can inflict on British companies.

A survey of 1,000 companies who have been victims of a ransomware attack, when cyber criminals lock all the files in a system and demand payment, revealed such breaches on average knock systems down for a full week, costing up to £2,000 a day in lost revenue.

Of the affected businesses, more than 250 paid over £5,000 for the safe return of their data. One third couldn't access their information for a month after the attack, while 15pc said it was never recoverable.

"These research findings clearly show that the speed of a ransomware attack is almost instant, while the effects on the organisation can be far reaching," said Nabeil Samara, chief digital officer at Timico.

"It’s critical that all organisations, no matter what size, acknowledge the increasing and evolving threat of ransomware as attacks become ever more frequent and instill a policy, that is regularly updated, to educate staff on what to do if the business comes under attack."