Online scams have evolved dramatically from their earliest iterations and now appear more legitimate than ever. The ever-convincing nature of such scams is highlighted by the National Cyber Security Centre (NCSC), which last year saw a 161 per cent increase in offences related to unauthorised access to personal information, including hacking.
In an effort to help protect the public from online scams, the government is today (18 March) launching a new online safety campaign that encourages people to better protect their passwords and personal accounts.
NCSC – a division of the surveillance agency GCHQ – is pushing the public to follow its Cyber Aware advice by creating strong passwords containing three random words and enabling two-step verification to better protect personal credentials.
“By following our Cyber Aware steps to secure online accounts – starting with email – people will dramatically reduce risks, including [of] financial losses and personal data breaches,” said Lindy Cameron, chief executive officer of the NCSC.
“We all have a role to play in our collective cyber security and I urge everyone to follow our Cyber Aware advice to make life even harder for the scammers,” she added.
Though the public has an ability to spot online scams – 10.5 million suspicious emails have been reported to the NCSC over the past two years – many are still falling victim. Lockdown had a particularly pernicious effect: between March 2020 and March 2021, £34.5m worth of Covid-related fraud and cybercrime was recorded.
[See also: “World leaders now understand that cyber is a big issue” – Lindy Cameron on her first year as NCSC CEO]
In fact, fraud is the most commonly experienced crime in England and Wales, accounting for approximately 42 per cent of crimes against individuals. There is currently a parliamentary select committee looking into whether the existing legislation, introduced in 2006, is fit for purpose.
So, is this latest government campaign enough to tackle the scale of the problem? “I suppose one has to start with the basics,” cyber security expert Alan Woodward, visiting professor at the University of Surrey, told Spotlight.
However, he added that strong passwords and two-step verification was really about “stopping people from getting into your account” and that “scamming is a very different thing”.
“The government says this is about preventing scams, but this isn’t really preventing scams; this is more about the basic security hygiene of our online accounts,” said Woodward.
“I think [the government is] perhaps conflating online scams and password hygiene here. Making people aware of different types of scams [needs] a much broader campaign.”
Tackling the problems with online fraudsters themselves is something the government hopes to address in the Online Safety Bill, the latest version of which was unveiled in parliament this week.
However, the proposals in the bill only require online platforms to stop users from seeing user-generated and pre-paid fraudulent advertisements – a drop in the ocean of the digital crimes space.
While the advice to ensure users have strong and effective passwords and two-step verification is useful, it will not prevent people from falling into scammers’ traps.
People “might now be aware of” fraudulent “phishing emails”, said Woodward, but scammers are targeting people through a range of avenues. “You can now get an SMS [text message] with a link in it, and it’s so easy to click on that and suddenly you’re on a site that looks like your bank – but it has nothing to do with it at all.”
In discussions around stopping online scams it is often said fraudsters will always be “one step ahead” of legislation and the tech companies that are keen to clamp down on them. Woodward said that “there is an element of playing ‘whack-a-mole’,” but also that criminals are not “that smart.”
Moving forward, Woodward said that both governments and big tech may need to work in closer proximity to take on those who are running scams. But he added: “One thing I’d say about legislation is that it’s not a panacea – you can’t legislate for everything.
“What you need is the people you’re transacting and dealing with to have processes in place that don’t allow those kinds of scams to happen.”