Consumer behaviors and cyber risks of holiday shopping in 2020

While consumers are aware of increased risks and scams via the internet, they still plan to do more shopping online – and earlier – this holiday season, McAfee reveals.

holiday shopping cyber risks

Thirty-six percent of Americans note they are hitting the digital links to give gifts and cheer this year, despite 60% feeling that cyber scams become more prevalent during the holiday season.

While more than 124 million consumers shopped in-store during the 2019 Black Friday to Cyber Monday holiday weekend, the survey indicates consumers have shifted direction due to global events this year, opening their risk to online threats as they live, work, play, and buy all through their devices.

The survey shows shopping activity in general has increased, with 49% stating they are buying online more since the onset of COVID-19. 18% of consumers are even shopping online daily, while 34% shop online 3-5 days a week.

Online cybercrime continues to increase

The research team recently found evidence that online cybercrime continues to increase, observing 419 threats per minute in Q2 2020, an increase of almost 12% over the previous quarter.

With activity set to rise from both consumers and criminals, there is an added concern of whether consumers are taking security threats as seriously as they should – with key differences seen across generational groups:

  • 79% of those 65+ in age believe there is a greater cyber risk due to COVID-19 while 70% of those 18-24 state the same
  • 27% of respondents ages 18-24 report checking if emailed or text messaged discounts and deals sent to them are authentic

“Many are wondering what this year’s holiday season will look like as consumer shopping behaviors continue to evolve and adapt to the challenges faced throughout 2020,” said Judith Bitterli, VP of Consumer Marketing, McAfee.

“With results showing the growing prevalence of online shopping, consumers need to be aware of how cybercriminals are looking to take advantage and take the necessary steps to protect themselves- and their loved ones- this holiday season.”

This juxtaposition of increased online activity from both consumers and cybercriminals serves as the perfect catalyst for misdeeds, especially as 36% of consumers note that while they are aware of risks, they plan to increase their holiday online shopping. This less-than-cautious approach is further seen when respondents are offered deals or discounts, with 43% checking to see if Black Friday or Cyber Monday emails and text messages sent are authentic and trustworthy.

Consumers purchasing more online gift cards this year

Additionally, as the National Retail Federation (NRF) reports 54% of consumers wish to receive gift cards this holiday season, the survey proved that 35% of respondents plan to fulfill this request by purchasing more online gift cards this year.

With this alignment set to occur, there are potentially negative implications as 25% of respondents automatically assume gift card links are safe and don’t always take the necessary steps to ensure legitimacy.

In order to stay safe this holiday season, it is advised to:

  • Employ multi-factor authentication to double check the authenticity of digital users and add an additional layer of security to protect personal data and information.
  • Browse with caution and added security using a tool to block malware and phishing sites via malicious links.
  • Protect your identity and important personal and financial details using an identity theft protection tool, which also includes recovery tools should your identity be compromised.

Explosion in digital commerce pushed fraud incentive levels sky-high

A rise in consumer digital traffic has corresponded with a rise in fraud attacks, Arkose Labs reveals. As the year progresses and more people than ever are online, historically ‘normal’ online behavioral patterns are no longer applicable and holiday levels of digital traffic continue to occur on a near daily basis.

fraud attacks 2020

Fraudsters are exploiting old fraud modeling frameworks that fail to take today’s realities into account, attempting to blend in with trusted traffic and carry out attacks undetected.

“As the world becomes increasingly digital as a result of COVID-19, fraudsters are deploying an alarming volume of attacks, and continually devising new and more sophisticated ways of carrying out their attacks,” said Vanita Pandey, VP of Marketing and Strategy at Arkose Labs.

“The high fraud levels that accompany high traffic volumes are likely here to stay, even after the pandemic ends. It’s crucial that businesses are aware of the top attack trends so that they can be more vigilant than ever to successfully identify and stop fraud over the long-term.”

Bot attacks and credential stuffing skyrocket

Q3 of 2020 saw its highest ever levels of bot attacks. 1.3 billion attacks were detected in total, with 64% occurring on logins and 85% emanating from desktop computers.

Due to the widespread availability of usernames, email addresses and passwords from years of data breaches, as well as easy access to automated tools to carry out attacks at scale, credential stuffing emerged as a main driver of attack traffic. 770 million automated credential stuffing attacks were detected and stopped by Arkose Labs in Q3.

For ecommerce, every day is Black Friday

The rise in digital traffic for most of 2020 means businesses have been dealing with holiday season levels of traffic since March. With every day now resembling Black Friday, some retailers are better equipped to handle the onslaught of holiday season traffic and fraud.

However, it remains to be seen if a holiday sales bump will occur this year, given already record high traffic levels for many ecommerce businesses.

While much of 2019 saw a marked shift from automated attacks to human sweatshop-driven attacks, automated attacks dominated much of 2020, with Q3 seeing a particularly high spike. This trend is likely to revert back to more targeted attacks in Q4, as during the holiday shopping season fraudsters typically employ low-cost attackers to commit attacks that require human nuance and intelligence.

Europe emerges as the top attacking region

Nearly half of all attacks in Q3 of 2020 originated from Europe, with over 10 million sweatshop attacks coming from Russia and 7 million coming from the United Kingdom.

Many European countries, such as the United Kingdom, France, Italy and Germany, are among those whose GDP shrunk the most since the global pandemic began. A surge in attacks from nations suffering the biggest dips in economic output highlights the economic drivers that spur fraud.

Pandey said, “COVID-19 has sent the world into turmoil, upending digital traffic patterns and introducing long-lasting consequences. Habits formed during 2020 – namely conducting commerce, school, work and even socializing entirely online – will be difficult to let go of, so fraud teams must be capable of quickly cutting through digital traffic noise and spotting even the most subtle signs of attacks. In particular, using targeted friction to deter malicious activity will be key in the months and years ahead.”

Disinformation campaigns can spread like wildfire on social media

76% of Americans believe they’ve encountered disinformation firsthand and 20% say they’ve shared information later shown to be incorrect or intentionally misleading, according to a research released by NortonLifeLock.

disinformation campaigns

Disinformation, or false information intended to mislead or deceive people, is commonly spread by social media users and bots – automated accounts controlled by software – with the intent to sow division among people, create confusion, and undermine confidence in the news surrounding major current events, such as the 2020 U.S. presidential election, COVID-19 and social justice movements.

“Social media has created ideological echo-chambers that make people more susceptible to disinformation,” said Daniel Kats, a senior principal researcher at NortonLifeLock Labs.

“Disinformation campaigns can spread like wildfire on social media and have a long-lasting impact, as people’s opinions and actions may be influenced by the false or misleading information being circulated.”

Fact-checking stop the spread of disinformation

No matter who or what posts the information, fact-checking is a best practice for consumers to help stop the spread of disinformation. According to the online survey of more than 2,000 US adults, 53% of Americans often question whether information they see on social media is disinformation or fact.

86% of Americans agree that disinformation has the ability to greatly influence someone’s opinion, but 58% acknowledge that disinformation could influence them.

Although 82% of Americans are very concerned about the spread of disinformation, 21% still say social media companies do not have the right to remove it from their platform, with Republicans being almost twice as likely as Democrats to feel this way (25% vs. 13%).

“From disinformation campaigns to deepfakes, it’s becoming increasingly difficult for people to tell real from fake online,” added Kats. “It’s important to maintain a healthy dose of skepticism and to fact check multiple sources – especially before sharing something – to help avoid spreading disinformation.”

OPIS

Additional findings

  • More than a third of Americans don’t know the true purpose of disinformation. Only 62% of Americans know that disinformation is created to cause a divide or rift between people; 72% of both Republicans and Democrats believe disinformation is created for political gain.
  • 79% of Americans believe social media companies have an obligation to remove disinformation from their platforms, with the majority of Democrats (87%), Republicans (75%) and Independents (75%) supporting this.
  • Democrats and Republicans disagree on who spreads disinformation the most, with Republicans most commonly stating news media outlets are most likely to spread disinformation (36%), and Democrats stating it’s U.S. politicians (28%).
  • Disinformation has taken a toll on relationships, with many Americans having argued with someone (36%), unfriended/unfollowed someone on social media (30%), or taken a break from social media altogether (28%) because of disinformation.

37% of remote employees have no security restrictions on corporate devices

ManageEngine unveiled findings from a report that analyzes behaviors related to personal and professional online usage patterns.

security restrictions devices

Security restrictions on corporate devices

The report combines a series of surveys conducted among nearly 1,500 employees amid the pandemic as many people were accelerating online usage due to remote work and stay-at-home orders. The findings evaluate users’ web browsing habits, opinions about AI-based recommendations, and experiences with chatbot-based customer service.

“This research illuminates the challenges of unsupervised employee behaviors, and the need for behavioral analytics tools to help ensure business security and productivity,” said Rajesh Ganesan, vice president at ManageEngine.

“While IT teams have played a crucial role in supporting remote work and business continuity during the pandemic, now is an important time to evaluate the long-term effectiveness of current strategies and augment data analytics to IT operations that will help sustain seamless, secure operations.”

Risky online behaviors could compromise corporate data and devices

63% of respondents report that their organization has provided them with a corporate device to utilize while working remotely.

Interestingly, 37% of those respondents also say that there are no security restrictions on these corporate devices. Therefore, risky online activities such as visiting unsecured websites, sharing personal information, and downloading third-party software could pose potential threats.

For example, 54% said they would still visit a website after receiving a warning about potential insecurities. This percentage is also significantly higher among younger generations – including 42% of people 18-24 years and 40% of 25-34 years.

Remote work has its hiccups, but IT teams have been responsive

79% of respondents say they experience at least one technology issue weekly while working from home. The most common issues include slowed functionality and download speeds (40%) and reliable connectivity (25%).

However, IT teams have been committed to solving these challenges. For example, 75% of respondents say it’s been easy to communicate with their IT teams to resolve these issues. Chatbots, AI, and automation are becoming increasingly more effective and trusted.

76% said their experience with chatbot-based support has been “excellent” or “satisfactory,” and 55% said their issue was resolved in a timely manner. As it relates to artificial intelligence, 67% say they trust these solutions to make recommendations for them.

The increasing comfort with automation technologies can help IT teams support both front and back-end business functions, especially during times of increased online activities due to the pandemic.

Employees increasingly masking online activities

This year’s shift to a near 100% WFH workforce by the Global 5000 has significantly changed the behaviors of trusted insiders, a DTEX Systems report reveals.

masking online activities

Key findings include a 450% increase in employees circumventing security controls to intentionally mask online activities and 230% increase in behaviors that indicate intent to steal data.

The data was collected during interviews with hundreds of customers and Global 5000 organizations representing a diverse sample set of businesses that varied by size, industry, and geography.

“Our findings indicate that in 2020 the equilibrium of employee security and trust has been broadly disrupted and is currently in chaos,” said Mohan Koo, CTO at DTEX Systems.

“Trusted insiders once thought to be reliable and responsible are changing their behaviors and increasing the risk of data loss, external attack and regulatory compliance violations for their employers.”

Key findings

56% of companies reported remote workers actively bypassed security controls to intentionally obfuscate online activity. This is more than 4.5 times higher than 2019 which represents a 450% increase in the first eight months of 2020.

  • More than 70% of the escalated incidents visible to the security and HR teams included at least one attempt to circumvent a second security control to exfiltrate data without detection.
  • Companies reported remote workers most commonly attempted to intentionally bypass the corporate VPN to mask their online activities.

72% of companies surveyed saw data theft attempts by a departing employee wanting to take protected IP with them or a new employee looking to inject IP from a previous employer. This represents an increase of 2.3 times, or 230%, over similar behaviors seen in 2019.

Over 40% of incidents proactively detected flight risk behavior as well as abnormal reconnaissance or data aggregation activities.

The growth in premeditated data theft attempts and intentional activity masking behaviors by employees strongly suggests that companies are facing a heightened risk of data loss as virtual employment models become the norm, furloughs are extended and reduction-in-force actions continue.

The findings in this report highlight the lack of adoption and ineffectiveness of network and endpoint cybersecurity, employee monitoring and data loss prevention tools and suggest that organizations need to prioritize the human-element and workforce behavior in relation to data, process and machines as a pillar of their next-generation security and IT technology strategies.

People spend a little less time looking at fake news headlines than factual ones

The term fake news has been a part of our vocabulary since the 2016 US presidential election. As the amount of fake news in circulation grows larger and larger, particularly in the United States, it often spreads like wildfire. Subsequently, there is an ever-increasing need for fact-checking and other solutions to help people navigate the oceans of factual and fake news that surround us.

fake news headlines

Help may be on the way, via an interdisciplinary field where eye-tracking technology and computer science meet. A study by University of Copenhagen and Aalborg University researchers shows that people’s eyes react differently to factual and false news headlines.

Eyes spend a bit less time on fake news headlines

Researchers placed 55 different test subjects in front of a screen to read 108 news headlines. A third of the headlines were fake. The test subjects were assigned a so-called ‘pseudo-task’ of assessing which of the news items was the most recent. What they didn’t know, was that some of the headlines were fake. Using eye-tracking technology, the researchers analyzed how much time each person spent reading the headlines and how many fixations the person per headline.

“We thought that it would be interesting to see if there’s a difference in the way people read news headlines, depending on whether the headlines are factual or false. This has never been studied. And, it turns out that there is indeed a statistically significant difference,” says PhD fellow and lead author Christian Hansen, of the University of Copenhagen’s Department of Computer Science.

His colleague from the same department, PhD fellow Casper Hansen, adds: “The study demonstrated that our test subjects’ eyes spent less time on false headlines and fixated on them a bit less compared with the headlines that were true. All in all, people gave fake news headlines a little less visual attention, despite their being unaware that the headlines were fake.”

The computer scientists can’t explain for the difference, nor do they dare make any guesses. Nevertheless, they were surprised by the result.

The researchers used the results to create an algorithm that can predict whether a news headline is fake based on eye movements.

Could support fact-checking

As a next step, the researchers would like to examine whether it is possible to measure the same differences in eye movements on a larger scale, beyond the lab – preferably using ordinary webcams or mobile phone cameras. It will, of course, require that people allow for access to their cameras.

The two computer scientists imagine that eye-tracking technology could eventually help with the fact-checking of news stories, all depending upon their ability to collect data from people’s reading patterns. The data could come from news aggregator website users or from the users of other sources, e.g., Feedly and Google News, as well as from social media, like Facebook and Twitter, where the amount of fake news is large as well.

“Professional fact-checkers in the media and organizations need to read through lots of material just to find out what needs to be fact-checked. A tool to help them prioritize material could be of great help,” concludes Christian Hansen.

Are you sure you would never fall for a phishing scam?

We believe we are less likely than others are to fall for phishing scams, thereby underestimating our own exposure to risk, a cybersecurity study has found. The research also reports that this occurs, in part, because we overlook data, or “base rate information,” that could help us recognize risk when assessing our own behavior yet use it to predict that of others.

fall for a phishing scam

Together, the results suggest that those who are not informed of the risk that, for instance, work-from-home situations pose to online security may be more likely to jeopardize the safety of themselves and those they work for.

COVID-19 wreaking havoc on cyber health

COVID-19 has had a devastating impact on the physical and mental health of people around the globe. Now, with so many more working online during the pandemic, the virus threatens to wreak havoc on the world’s “cyber health,” the researchers note.

“This study shows people ‘self-enhance’ when assessing risk, believing they are less likely than others to engage in actions that pose a threat to their cyber security–a perception that, in fact, may make us more susceptible to online attacks because it creates a false sense of security,” says Emily Balcetis, an associate professor in New York University’s Department of Psychology, who authored the study.

“This effect is partially explained by differences in how we use base rate information, or actual data on how many people are actually victimized by such scams,” adds co-author Quanyan Zhu, a professor at NYU’s Tandon School of Engineering.

“We avoid it when assessing our own behavior, but use it in making judgments about actions others might take. Because we’re less informed in assessing our actions, our vulnerability to phishing may be greater.”

Through March, more than two million U.S. federal employees had been directed to work from home – in addition to the millions working in the private sector and for state and local governments. This overhaul of working conditions has created significantly more vulnerabilities to criminal activity – a development recognized by the Department of Homeland Security.

Its Cybersecurity and Infrastructure Security Agency issued an alert in March that foreshadowed the specific cyber vulnerabilities that arise when working from home rather than in the office.

How people perceive their own vulnerabilities in relation to others

In their study, the researchers sought to capture how people perceive their own vulnerabilities in relation to others’.

To do so, they conducted a series of experiments on computers screens in which subjects were shown emails that were phishing scams and were told these requests, which asked people to click links, update passwords, and download files, were illegitimate.

To tempt the study’s subjects, college undergraduates, they were told complying with the requests would give them a chance to win an iPad in a raffle, allow them to have their access restored to an online account, or other outcomes they wanted or needed.

Half of the subjects were asked how likely they were to take the requested action while the other half was asked how likely another, specifically, “someone like them,” would do so.

On the screen that posed these questions, the researchers also provided the subjects with “base rate information”: The actual percentage of people at other large American universities who actually did the requested behavior (One, for instance, read: “37.3% of undergraduate students at a large American university clicked on a link to sign an illegal movie downloading pledge because they thought they must in order to register for classes”).

The researchers then deployed an innovative methodology to determine if the subjects used this “base rate information” in reporting the likelihood that they and “someone like them” would comply with the requested phishing action.

Using eye-tracking technology, they could determine when the subjects actually read the provided information when reporting their own likelihood of falling for phishing attempts and when reporting the likelihood of others doing the same.

Subjects less likely to rely on “base rate information”

Overall, they found that the subjects thought they were less likely than are others to fall for phishing scams – evidence of “self-enhancement.” But the researchers also discovered that the subjects were less likely to rely on “base rate information” when answering the question about their own behavior yet more likely to use it when answering the question about how others would act.

“In a sense, they don’t think that base rate information is relevant to their own personal likelihood judgments, but they do think it’s useful for determining other people’s risk,” observes Balcetis.

“The patterns of social judgment we observed may be the result of individuals’ biased and motivated beliefs that they are uniquely able to regulate their risk and hold it at low or nonexistent levels,” Blair Cox, the lead researcher on the paper and scientist in NYU’s Department of Psychology, adds. “As a result, they may in fact be less likely to take steps to ensure their online safety.”

Is your smartphone pushing you to overshare?

The device people use to communicate online – a smartphone, desktop, or tablet – can affect the extent to which they are willing to overshare intimate or personal information about themselves, according to University of Pennsylvania researchers.

smartphone overshare

Do smartphones alter what people are willing to disclose about themselves?

A study suggests that they might.

The research indicates that people are more willing to reveal personal information about themselves online using their smartphones compared to desktop computers. For example, Tweets and reviews composed on smartphones are more likely to be written from the perspective of the first person, to disclose negative emotions, and to discuss the writer’s private family and personal friends.

Likewise, when consumers receive an online ad that requests personal information (such as phone number and income), they are more likely to provide it when the request is received on their smartphone compared to their desktop or laptop computer.

Why do smartphones have this effect on behavior?

Co-author Shiri Melumad explains that “Writing on one’s smartphone often lowers the barriers to revealing certain types of sensitive information for two reasons; one stemming from the unique form characteristics of phones and the second from the emotional associations that consumers tend to hold with their device.”

First, one of the most distinguishing features of phones is the small size; something that makes viewing and creating content generally more difficult compared with desktop computers. Because of this difficulty, when writing or responding on a smartphone, a person tends to narrowly focus on completing the task and become less cognizant of external factors that would normally inhibit self-disclosure, such as concerns about what others would do with the information.

Smartphone users know this effect well – when using their phones in public places, they often fixate so intently on its content that they become oblivious to what is going on around them.

The second reason people tend to be more self-disclosing on their phones lies in the feelings of comfort and familiarity people associate with their phones. Melumad adds, “Because our smartphones are with us all of the time and perform so many vital functions in our lives, they often serve as ‘adult pacifiers’ that bring feelings of comfort to their owners.”

The downstream effect of those feelings shows itself when people are more willing to disclose feelings to a close friend compared to a stranger or open up to a therapist in a comfortable rather than uncomfortable setting.

As Co-author Robert Meyer says, “Similarly, when writing on our phones, we tend to feel that we are in a comfortable ‘safe zone.’ As a consequence, we are more willing to open up about ourselves.”

The analysis: Smartphone pushing you to overshare?

The data to support these ideas is far-ranging and includes analyses of thousands of social media posts and online reviews, responses to web ads, and controlled laboratory studies. For example, initial evidence comes from analyses of the depth of self-disclosure revealed in 369,161 Tweets and 10,185 restaurant reviews posted on TripAdvisor, with some posted on PCs and some on smartphones.

Using both automated natural-language processing tools and human judgements of self-disclosure, the researchers find robust evidence that smartphone-generated content is indeed more self-disclosing. Perhaps even more compelling is evidence from an analysis of 19,962 “call to action” web ads, where consumers are asked to provide private information.

Interacting with firms

Consistent with the tendency for smartphones to facilitate greater self-disclosure, compliance was systematically higher for ads targeted at smartphones versus PCs.

The findings have clear and significant implications for firms and consumers. One is that if a firm wishes to gain a deeper understanding of the real preferences and needs of consumers, it may obtain better insights by tracking what they say and do on their smartphones than on their desktops.

Likewise, because more self-disclosing content is often perceived to be more honest, firms might encourage consumers to post reviews from their personal devices.

But therein lies a potential caution for consumers–these findings suggest that the device people use to communicate can affect what they communicate. This should be kept in mind when thinking about the device one is using when interacting with firms and others.

Online learning surges as people look for ways to be productive at home

People around the world are learning how to work from home and stay productive in response to COVID-19, Udemy reveals.

online learning surges

As remote working becomes the new normal, the findings reveal significantly increased demand globally across every segment:

  • 425% increase in enrollments for consumers
  • 55% increase in course creation by instructors
  • 80% increase in usage from businesses and governments

The state of online learning

Online learning surges as people look for ways to be productive while staying at home. Strong global growth in top-ranking professional skills includes neural networks (61% increase), communication skills (131%), and growth mindset (206%).

Demand also correlates with shelter-in-place orders around the world. For example, the data shows a 130% growth in enrollments in the U.S., 200% in India, 320% in Italy, and 280% in Spain.

  • People in the U.S. are gravitating toward creative skills like Adobe Illustrator (326% increase)
  • The Spanish are focused on investing (262%)
  • People in India are learning business fundamentals (281%) and communication skills (606%)
  • Italians are taking courses on copywriting (418%) and Photoshop (347%)

The state of learning within organizations

COVID-19 has translated into increased reliance on online learning as companies shift to remote work and move away from travel and in-person events and training. There has been an immense surge in enrollments in courses related to telecommuting (21,598% increase) and virtual teams (1,523%), as well as decision making (277%), self discipline (237%), and stress management (235%).

The state of online teaching

There is also an increase in course creation as experts around the world are looking to share their knowledge as well as supplement their income through online teaching. Categories with the highest surge in new courses include office productivity (159% increase), health and fitness (84%), IT & Software (77%), and personal development (61%).

Why people talk a good game about privacy, but fail to follow up in real life?

While most people will say they are extremely concerned with their online privacy, previous experiments have shown that, in practice, users readily divulge privacy information online.

people privacy

A team of Penn State researchers identified a dozen subtle – but powerful – reasons that may shed light on why people talk a good game about privacy, but fail to follow up in real life.

“Most people will tell you they’re pretty worried about their online privacy and that they take precautions, such as changing their passwords,” said S. Shyam Sundar, James P. Jimirro Professor of Media Effects in the Donald P. Bellisario College of Communications and co-director of the Media Effects Research Laboratory (MERL).

“But, in reality, if you really look at what people do online and on social media, they tend to reveal all too much. What we think is going on is that people make disclosures in the heat of the moment by falling for contextual cues that appear on an interface.”

Cues influence people to reveal information online

Sundar said that certain cues analyzed by the researchers significantly increased the chance that people would turn over private information such as social security numbers or phone numbers. The cues exploit common pre-existing beliefs about authority, bandwagon, reciprocity, sense-of-community, community-building, self-preservation, control, instant gratification, transparency, machine, publicness and mobility.

“What we did in this study is identify 12 different kinds of appeals that influence people to reveal information online,” said Sundar. “These appeals are based on rules of thumb that we all hold in our head, called heuristics.”

For example, the rule of thumb that ‘if most others reveal their information, then it is safe for me to disclose as well’ is labeled ‘bandwagon heuristic’ by the study.

“There are certainly more than 12 heuristics, but these are the dominant ones that play an important role in privacy disclosure,” added Sundar, who worked with Mary Beth Rosson, Professor-in-Charge of Human Computer Interaction and director of graduate programs in the College of Information Sciences and Technology.

The researchers explain that heuristics are mental shortcuts that could be triggered by cues on a website or mobile app.

“These cues may not always be obvious,” according to Rosson. “The bandwagon cue, for example, can be as simple as a statement that is added to a website or app to prompt information disclosure,” she added.

“For example, when you go on LinkedIn and you see a statement that says your profile is incomplete and that 70 percent of your connections have completed their profiles, that’s a cue that triggers your need to follow others – which is what we call a bandwagon effect,” said Sundar. “We found that those with a stronger pre-existing belief in ‘bandwagon heuristic’ were more likely to reveal personal information in such a scenario.”

Trust in authority

For the authority cue, Rosson said that a graphic that signals the site is being overseen by a trusted authority may make people comfortable with turning private information over to the company.

“The presence of a logo of a trusted agency such as FDIC or even a simple icon showing a lock can make users of online banking feel safe and secure, and it makes them feel that somewhere somebody is looking after their security,” said Rosson.

The researchers said that ingrained trust in authority, or what they call ‘authority heuristic,’ is the reason for disclosure of personal information in such scenarios.

“When interviewed, our study participants attributed their privacy disclosure to the cues more often than other reasons,” said Sundar.

An awareness of major cues that prey on common rules of thumb may make people more savvy web users and could help them avoid placing their private information into the wrong hands.

“The number one reason for doing this study is to increase media literacy among online users,” said Sundar.

He added that the findings could also be used to create alerts that warn users when they encounter these cues.

“People want to do the right thing and they want to protect their privacy, but in the heat of the moment online, they are swayed by these contextual cues,” said Rosson.

“One way to avoid this is to introduce ‘just-in-time’ alerts. Just as users are about to reveal information, an alert could pop up on the site and ask them if they are sure they want to do that. That might give them a bit of a pause to think about that transaction,” she added.

For the study, the researchers recruited 786 people to participate in an online survey. The participants were then asked to review 12 scenarios that they might encounter online and asked to assess their willingness to disclose personal information based on each scenario.

Cybersecurity regulation is not one-size-fits-all

Differences in cultural values have led some countries to tackle the spectre of cyberattacks with increased internet regulation, whilst others have taken a ‘hands-off’ approach to online security – a study shows.

cybersecurity regulation differences

Internet users gravitate towards one of two ‘poles’ of social values. Risk-taking users are found in ‘competitive’ national cultures prompting heavy regulation, whilst web users in ‘co-operative’ nations exhibit less risky behavior requiring lighter regulation.

Researchers at the University of Birmingham used cultural value measurements from 74 countries to predict the Global Cybersecurity Index (GCI), which measures state commitments of countries to cybersecurity regulation.

Cybersecurity regulation differences

Dr. Alex Kharlamov, from Birmingham Law School, and Professor Ganna Pogrebna, from Birmingham Business School, demonstrated that differences in cybersecurity regulation, measured by GCI, stem from cross-cultural differences in human values between countries. They also showed how cultural values mapped onto national commitments to regulate and govern cybersecurity.

In China, where people are more risk taking than American and British web users across five categories of risk behaviors, regulation is far stricter than in the USA, which in turn is tighter than the UK.

Dr. Kharlamov and Professor Pogrebna showed that this corresponded to the countries’ relative positions on the cultural value scale, with China closer to ‘competitive’ than the USA, which in turn is closer to this ‘pole’ than the UK.

Dr. Kharlamov commented: “We spend most of our lives in the digital domain and cyberattacks not only lead to a significant financial damage, but also cause prolonged psychological harm – using social engineering techniques to trick people into doing something they otherwise would not want to do.

“Irresponsible use of digital technologies, such as the Cambridge Analytica case, cause harm to many citizens and tell us that Internet regulation is imminent. It is vital to understand the origins of human behavior online, as well as values and behavioral patterns.”

Risky online behavior

The five categories of risk behavior – cybersecurity, personal data, privacy, cybercrime and negligence – each consisted of six behavioral examples such as:

  • Not using anti-virus or antimalware protection (cybersecurity)
  • Providing private information, such as your email address, to obtain free WiFi in public places such as coffee shops, airports and train stations (personal data)
  • Linking multiple social media accounts such as Twitter, Facebook and Instagram (privacy)
  • Using insecure connections or free WiFi (cybercrime)
  • Letting web browsers remember passwords (negligence)

Professor Ganna Pogrebna said: “Culture shapes the way we govern cyber spaces. Human values lie at the core of the human risk-taking behavior in the digital space, which, in turn has a direct impact on the way in which digital domain is regulated.

“We talk about establishing overarching international online regulation, such as a new International Convention of Human Digital Rights. Yet, it seems the main reason why the international community fails to agree on such regulation has deep cultural underpinning.”

Risky behavior exposes consumers to seasonal security scares

In advance of the peak shopping season, a study from PCI Pal shows that millions of Americans continue to over-indulge in risky behaviors – both online and on the phone, leaving themselves open to seasonal security scares. While 49% of Americans have reportedly been the victims of cybercrime, the study concludes that fears of fraud have not done enough to significantly change consumer behaviors. The data identified the seven seasonal security ‘sins’ more likely to … More

The post Risky behavior exposes consumers to seasonal security scares appeared first on Help Net Security.