Inaugural digital safety report indicates there’s still plenty of work to be done to protect Dutch netizens

As many as 1.2 million Dutch citizens were hit by cybercrime in the past year, according to a survey by CBS, the Netherlands’ national statistics agency.

Published earlier this month, the inaugural Digital Safety and Criminality report indicates that those aged 18 to 25 are most likely to suffer from internet-enabled crimes, including phishing, ‘hacking’, and identity theft.

Among the under 25s, 12% of internet users had fallen victim to cybercrime over the past year. Interestingly, older people were much less likely to be targeted, as the number of crimes fell sharply among those aged 55 and over.

“Young people are most often victims, as they are the ones more likely to do things online that have financial or personal consequences,” said Dr Alea Fairchild, a research fellow at The Constantia Institute, a Benelux-based think-tank.

Back to basics

In its study of 38,000 Dutch citizens, CBS found that 4.6% of internet users suffered financial loss, primarily through phishing or online scams.

Identity fraud was said to affected 1% of respondents. Of those surveyed, 0.7% reported a ‘sexual offence’, while a further 1.4% were victims of non-sexual incidents, such as cyberstalking and bullying.

“In past years, ransomware and bitcoin mining were increasingly popular, but we are currently observing less technical threats,” Wesley Neelen, ethical hacker at KPN Security, told The Daily Swig.

“The practice of defrauding individuals via means of social engineering takes less technical skill and has a low chance of being caught. We have also seen an increase in payment-related fraud.”

Neelen added that cybercriminals are switching from using marketplace platforms to text messaging to attract victims.

Security concerns

The majority of Dutch cybercrime victims do not report incidents to the police. A quarter of victims suffering fraud or other financial loss reported the crime, but only 3% of hacking victims did so.

Victims felt that reporting would make little difference, or that the offence was not serious enough.

“If the crime is hacking, then victims may feel that the responsibility to protect themselves should have been their own,” said Dr Fairchild.

The survey also asked the Dutch for their views on internet safety. As many as 42% admitted they were worried about misuse of their personal or bank details.

But just three in 10 said they always checked that a website was ‘secure’ (using https) before handing over personal details. Just 14.6% said they change their passwords frequently.

“Mobile apps, in particular, are exposing consumers to cybercrime, mainly because people are not aware of the information they are sharing, or the risks this poses,” said Arno Zwegers, security practice lead for Avanade Netherlands, a digital and cloud services firm.

“Another concerning trend is fake websites, which are being used to trick consumers into divulging sensitive information, believing they are transacting with a reputable brand.”

NCSC guidance

The Dutch research fits with findings from last year’s IOCTA report from Europol.

Although ransomware was once again named as the biggest malware threat in 2018, social engineering and online retail fraud continue to affect both consumers and businesses.

For their part, the Dutch authorities, have been ramping up the guidance they give to businesses.

Recently, the Netherlands’ National Cyber Security Centre (NCSC) issued new guidelines for using TLS instead of the depreciated SSL encryption standard.

“The main thing that businesses can do to protect consumers is limiting the amount of information they collect,” Zwegers told The Daily Swig.

“Many businesses will only allow consumers to apply for services if they store their credit card details, for example, or hand over their social security number.

“In most cases this information is simply not necessary, and only makes consumers dependent companies to protect their sensitive information.”

RELATED Dutch police aim to divert youngsters from cybercrime