BY ONG BOON KIAT

NINE out of 10 consumers in Singapore fear the safety of personal information stored on social networking websites, according to a survey by security firm RSA released last week. Singapore topped the 22 countries surveyed, with 91 per cent of users 'concerned' about personal information being accessed or stolen on social networking websites - significantly higher than the worldwide average of 70 per cent.

And 81 per cent of Singapore users - also highest among the countries surveyed - said they are 'less likely' to submit personal information on social networking websites. These findings reflected the high level of awareness of Singapore consumers to phishing threats, said Jeffrey Kok, corporate sales engineer at RSA. Over 80 per cent of Singapore respondents were aware of phishing threats, with 74 per cent 'very concerned'.

Mr Kok told BizIT the findings showed that 'while Singapore users are very savvy about social networking and find staying connected online to be imperative for social or professional reasons, they are conflicted about posting details about themselves because of an increasingly dangerous threat environment'. Phishing is the attempt to steal personal or sensitive information by fraudsters and criminals posing as trusted sources in an electronic communication. Social networking websites like Facebook, Twitter, LinkedIn and MySpace could be vulnerable to phishing because people who connect over such networks may not necessarily have met in person and thus those accepted into one's network could actually be phishers.

'They develop a 'friendship' with you over time by connecting on similar interests as a ruse to gather personal information about you in order to conduct illegal activities in your name. They can use that information to access your online banking account and conduct transactions,' Mr Kok explained.

He noted that around 20 per cent of online attacks are today targeted at social networking sites. 'This is an alarming rate that continues to grow, especially in Asia where there is a strong Internet culture.'

But banning social networking websites at the workplace is unlikely to be an answer. 'While social networking sites may be vulnerable to phishing scams, they are also being used as business tools to connect employees of a company or even customers of a particular brand,' Mr Kok said. Instead, employees should be cautious about divulging company information, accept only familiar contacts, and refrain from posting details like telephone numbers and addresses on their profile pages, he advised.

Two other eye-catching Singapore findings in the RSA survey were along the same vein.

One showed that 89 per cent of Singapore respondents were 'concerned' about personal information being accessed or stolen on government websites - the highest among all the countries surveyed. This was a surprise given government websites are generally perceived as being fairly secure, Mr Kok said.

Another showed that 99 per cent of online banking users in Singapore were 'concerned' about personal information being accessed or stolen on banking websites. This compares to a global average of 86 per cent.

It is the sixth year that RSA, the security division of EMC, has conducted its annual study. Over 4,500 Web-savvy adults from 22 countries - including over 1,000 from Asia - were polled this year on their opinions and attitudes on the online security risks they face.

A key trend that emerged is the increase of successful phishing attacks, which duped six times as many people globally last year than in 2007, when only 5 per cent fell prey. Two Asian nations reported the highest and the lowest number of respondents who claimed to have been victims of phishing attacks. China topped the chart at 50 per cent, while Japan was the lowest at 6 per cent. Singapore was close to the global average of 29 per cent, at 27 per cent. The emergence of phishing offshoots contributed to this trend, RSA said.

It highlighted three new attack methods - vishing, where fraudsters pose as trusted sources and request personal or financial information over the phone; smishing, where text messages are used to achieve the same outcome; and spear phishing, which targets an organisation or specific group of people.

Spear phishing, also known as whaling, often targets high-net-worth individuals or executives with access to sensitive corporate information.

This article was first published in The Business Times.