Over 90% of Commonwealth citizens are unaware email passwords are a top target for criminals

Get Safe Online research reveals high level of global anxiety around cybercrime

Survey of over 5,000 people finds that the public are split on WhatsApp’s safety

Only 3% of respondents said they never thought about online scams and cybercrime

More than nine in ten adults (93%) across 22 Commonwealth nations are unaware that email passwords and access to personal and business email accounts are the top target for criminals and other malicious actors, according to new research from Get Safe Online.

Instead, bank accounts were classed as the most important log-in details for professional hackers, despite the breadth of personal information our email accounts provide.

The organisation surveyed more than 5,200 adults online in February ahead of its Global24 event, which goes live today, 10 March, in cooperation with the UK Foreign, Commonwealth & Development Office (FCDO).

Top tips and case studies about how to stay safe online from across the globe will be shared throughout the 24 hour period on the organisation’s social media channels.

The pinnacle of this years’ Global24 will be a strategic conference with participation from cybersecurity experts and local governmental stakeholders from the 24 countries that Get Safe Online operates within. Senior representatives from the Pacific, Caribbean and Africa will gather to discuss key findings from the research and share knowledge and practice on how best to prevent online crime amongst their citizens.

The conference will be opened by His Excellency, Omar Daair, British High Commissioner to Rwanda.

Panelists from the Pacific region include Suetena Loia, Assistant CEO at the Ministry of Communications and Information Technology, Samoa, John Jack, Deputy Chief Information Officer at the Prime Minister’s Office, Vanuatu and Tajeshwari Devi, Officer-inCharge of Commission, Online Safety Commission of Fiji.

Contributions will also be made by Anju Mangal of the World Wide Web Foundation. “We want to promote 'one voice and one Pacific' when highlighting cyber safety for everyone in our region,” stated Ms Mangal.

“Pacific countries need to have a strong and unified approach and ensure that inputs from civil society, private and public sector, governments, academic institutions and marginalised groups are taken into consideration to tackle complex cyber safety and cybersecurity issues.”

The findings and results of this Commonwealth led conference will be collaborated into a Get Safe Online Global24 White Paper which will be launched later this month.

The timing of the Global24 event and research is particularly significant due to the COVID-19 pandemic and the work and learn-from-home restrictions many nations have faced or are now facing for the first time, as we are witnessing in the Pacific region.

With COVID-19 accelerating digital transformation, many more people around the world have now started using PCs, laptops and other internet-enabled devices for everyday tasks.

Online platforms and services use email as a way of providing security and access to private documents, credentials, and other important information, from bank account details to memberships. This is often supplemented by Two Factor Authentication, where a user is asked to confirm access to a platform or portal through their email account. email accounts therefore sit at the intersection between many people’s real and digital lives.

This also means that they are a desirable target for cybercriminals and other malicious actors, who try and hack, phish or scam their way into people’s lives and bank accounts via their email. But despite email passwords acting as a gateway to a vast amount of personal information, only 7% of respondents thought them to be a top target.

Instead, more than three quarters of respondents (78%) said bank accounts were the main priority for hackers and 5% considered social media accounts to be a key target. The following case study provides an insight into the far-reaching damage fraudulent email access can cause. Case Study: Attempted Fraud through Facebook/WhatsApp (Fiji) Sai lives in Suva, the capital of Fiji and works as a full time cleaner for a local company.

Last year she was approached on Facebook by a person wanting to know her better. “We met online, on Facebook and he asked me if I can be friends with him,” Sai said. “After a few weeks then I accept his friendship, so we started chatting online.”

They communicated for several weeks before the person suggested they switch to WhatsApp so that they could talk more easily online.

Sai innocently agreed and provided the person with her phone contact, her place of employment and even how much she earned per month. After about a month, the person online told Sai he wanted to marry her.

“I was excited, and I was so happy that, I mean for me it was a joke then I didn’t even realize that he going to go that far,” Sai said. “So yeah, I was happy when he told me he going to come over and marry me and take me overseas to be with him.”

The person said he was sending her a gift, a box of extremely valuable items including US$50,000 in cash. Sai was very excited but a little suspicious of his generosity.

“He said that I have to accept the gift. So, I told him OK, send the gift.”

The gift though proved to be difficult to get. In order to release the gift box from customs where it was supposedly being held in Fiji, Sai was told she would have to pay $1000 to pay for the shipment. She was provided with what she thought was a courier document and given a name and a phone number. Since she didn’t have the money, she approached her employer to borrow the money.

When he heard the details of the story, the employer was suspicious about Sai’s online friend. He asked her to check on the person and the courier company.

Both the person and the package that was supposed to be in customs turned out to be fake. “It’s a common type of scam that’s been happening to Fiji through the use of the messaging app WhatsApp,” said Savenaca Siwatibau, a Digital Forensics officer with the Fiji Police Force.

“When a person has realised that they have been scammed the first thing they should do is contact the nearest police or law enforcement post or station.”

Fortunately, Sai did not pay any money to the fraudster “I didn’t pay anything,” she said. “I keep on asking him and he keep on telling me that the package is there I have to pay the money to this Chinese guy, which I didn’t.” Her experience with the attempted scam has left her more careful and suspicious of those who approach her online. “I feel sad, ashamed of myself,” admitted Sai.

She vowed never again to accept Facebook friend requests from people she didn’t know. Although many respondents failed to identify the key access point for cyber criminals, most are aware of the threat.

When asked if they worried about cybercrime and scams, the vast majority of respondents (88%) said they were concerned, with one in five (21%) admitting they think about the issue all the time and more than two-thirds (67%) revealing that they think about it some of the time.

Just 3.5% of people said they did not think about the issue.

Beyond emails, cybercriminals have used increasingly sophisticated techniques during the pandemic to prey on the public, including posing as delivery companies or government organisations through text or messaging apps.

With WhatsApp being used more and more for scamming the public, Get Safe Online asked respondents whether they thought the platform was safe.

The public were divided on the issue. While more than 28% said they believed the Meta-owned platform was safe, a further 27% said it was not. And over four out of ten (43%) of those surveyed admitted they did not know.

Tony Neate, CEO of Get Safe Online, said: “Our emails are at the heart of our digital lives. With the mass adoption of digital technology during the pandemic across the globe, it now means email is at the centre of our lives more than ever.

“Unfortunately, cybercriminals take advantage of the vulnerable and those who may be new to digital technology, in order to gain access to their email accounts so they can steal private information, access other important platforms like an online banking account or cause general harm.

“We are hugely grateful for the support of the Foreign, Commonwealth & Development Office and our country partners across the globe in helping us to exchange ideas, advice and best practice as to how to keep our communities safe and effectively communicate good advice.

“The scams and tricks cybercriminals use have become increasingly sophisticated, particularly during the pandemic and it is crucial that we are aware of the risks and protect ourselves from the ever-present threat.”

Selection of anonymous feedback from respondents “The increasing need for passwords means I am unable to remember them all.

I use a cloudbased password safe but am not confident that it is secure.” “I am so worried about cybersecurity that I do not buy anything online, nor do any banking.

“Ongoing awareness exercises are important especially now that island seniors have been coming online and with increase[ing] use since COVID-19.

I'll be happy to be an Ambassador on my island.

“I personally feel that everything is accessible by a scammer, and therefore any way they can access they will and whatever way possible.

“[We] need to educate the vulnerable, particularly the elderly who were educated and grew up before the age of personal computers and mobile phones, iPads etc.”

Will Middleton, Cyber Director for the Foreign, Commonwealth & Development Office, said: “As the COVID-19 pandemic has rapidly accelerated digital transformation across the Commonwealth, it’s more important than ever that the international community works together to ensure that people all over the world can use the internet safely, securely and with confidence.

We’ve made great progress so far but Get Safe Online’s survey reveals there is much more to be done. That’s why the FCDO is delighted to be partnering with Get Safe Online and supporting its Global24 event.

With top cyber security tips shared across the 24-hour period and 24 Commonwealth countries brought together to share best practice, Global24 is a collective effort to make the online world a safer place for all.