In an effort to raise awareness of banking scams among older customers, Santander has trained an 86-year-old up as an ethical hacker, able to send out phishing emails and breach public WiFi hotspots in a little over quarter of an hour.
Earlier this year, Santander roped in former Strictly Come Dancing head judge Len Goodman to promote its Scam Avoidance School (SAS), an in-branch initiative designed to help the over 60s beat fraudsters.
Around 12,000 people attended the free lessons. Now, for the next stage of its campaign, Santander has paired network security expert Marcus Dempsey with SAS graduate Alec Daniels to demonstrate how easily crooks can set up their scams.
Around three quarters of Brits have been targeted by phishing emails, a fact that is partly explained by how easy they are to initiate.
Self-confessed computer novice Daniels, learned how to write and distribute a mock phishing email in only 13 minutes. He managed this with little help from Dempsey, instead using instructions freely available via an online search to write an email from a fictitious company, asking recipients for their bank account information and supplying a fraudulent link.
Then, he managed to capture and intercept web traffic from a willing participant's laptop while they were connected to an open Wi-Fi network - designed to replicate those found on the high street.
Alec, under instruction, set up a rogue access point - frequently used by attackers to activate what is known as a “man in the middle” attack - to begin eavesdropping on traffic. He achieved all of this in in just three minutes and 40 seconds.
Santander is hoping that this experiment will raise awareness of how insecure public WiFi can be. Its research shows that 41% of people regularly use public WiFi hotspots to access the internet on phones and computers to carry out financial transactions, whether that’s to check bank balances, make online purchases or manage money transfers.
Of those, over one in 10 admit to logging on to unsecure WiFi networks several times each and every day, increasing their chances of getting hacked.
Says Dempsey: “Unsecured public WiFi networks can be easy pickings for criminals. By inputting passwords, bank details and confidential information into online banking or shopping websites over a public WiFi, people could be unknowingly putting their finances and identities in the hands of hackers.
"Perhaps even easier than hacking WiFi is sending scam correspondence, particularly phishing emails."