To raise awareness
Do you ever log on to a public WiFi hotspot to check on your bank balance, transfer money or maybe make online purchases? If the answer to these questions is yes, then according to Santander, your personal or online banking security could be compromised in just minutes.
As part of Santander’s campaign to raise consumer awareness of how to avoid scams, Santander challenged SAS graduate 86 year old Alec Daniels from Hampshire, to write and distribute a pretend phishing email, as well as hack into a public WiFi hotspot, despite having little knowledge of computers.
Working with network security expert Marcus Dempsey, Alec used information and guides easily available online and completed both tasks in 16 minutes 40 seconds. These are two of the most common means fraudsters use to get an individual’s bank account details.
Research by Santander shows that 41 per cent of those surveyed(2) regularly use public WiFi hotspots to access the Internet on their phones and computers to carry out financial transactions, whether that’s to check bank balances, make online purchases or manage money transfers. Of those, over one in 10 admit to logging on to unsecure WiFi networks several times each and every day, increasing their chances of getting hacked.
The project follows on from the bank’s Scam Avoidance School (SAS)(3) earlier in the year where around 12,000 over 60s (including Alec) attended free lessons run on how to avoid scams.
Alec’s First Test: Devise and distribute a scam phishing email
Despite having little knowledge of operating computers, Alec learned how to write and distribute a mock phishing email in only 13 minutes. He achieved this with minimal input from the expert, instead using instructions freely available via an online search.
The email Alec wrote claimed to be from the fictitious company MoneySpark, asking recipients for their bank account information and supplying a fraudulent link. Given that phishing emails are so quick and easy to make regardless of technical ability, it goes some way to explain how 74 per cent have been targeted this way.
Alec’s Second Test: hack a public Wi-Fi hotspot
With research from Santander revealing that 36 per cent don’t have any concerns about the security of their data when using public WiFi, the bank also wanted to raise awareness of just how effortlessly hackers can compromise these hotspots.
In the controlled experiment Alec managed to capture and intercept web traffic from a willing participant’s laptop while they were connected to an open Wi-Fi network – designed to replicate those found on the high street. Alec, under instruction, set up a rogue access point – frequently used by attackers to activate what is known as a “man in the middle” attack – to begin eavesdropping on traffic. He achieved all of this in in just 3 minutes and 40 seconds.
Chris Ainsley, Head of Fraud Strategy at Santander UK, commented: “Our experiment demonstrates just how easy it is for criminals to send phishing emails and hack WiFi hotspots.
We have seen the devastating results that fraud and scams can have on our customers and how much damage can be done if hackers get hold of even a small amount of personal detail.
“It’s great to have Alec on board to help out – having talked about scams with thousands of over 60s through our SAS it is good to get him involved to help spread the word. Raising awareness and educating people on how to protect themselves is vital to effectively tackling the criminals who ruin people’s lives.”