A fresh survey has found that a vast majority of Brits are still struggling to accurately identify phishing and smishing attempts and are also not adept at differentiating between genuine and spam emails and messages.
As part of the survey, Computer Disposals Limited presented 1,000 Brits a set of ten emails and asked them to spot spam emails and those that they thought were genuine. Following the survey's completion, CDL found that only 44% of people taking the quiz were able to identify the authentic emails, and only 5% of respondents answered all 10 questions correctly.
What this means is that a large number of participants labelled genuine emails as spam ones, indicating that erring on the side of caution and not responding to genuine emails could lead to people missing important messages from banks, businesses, and online contacts.
The survey also revealed that 56% of people are still not able to correctly identify spam emails, despite various efforts by government agencies, companies, and consumer groups to raise awareness about how to spot phishing emails. This indicates that the British public may continue to remain vulnerable to various phishing campaigns, including those leveraging the COVID-19 pandemic or shopping fests like Black Friday.
Another interesting outcome of the survey was that a majority of Brits still rely on soft indicators, such as the brand, rather than strong indicators like mail address, personal information, and other trust factors. "Messages purporting to be from trusted sources and websites that we use every day, such as Facebook, appear to receive less scrutiny than messages from sources people use less frequently," CDL observed.
Online scammers seem to have exploited this trend remarkably well. A survey of 1,000 British consumers by security firm DomainTools in 2018 revealed that phishing scams leveraging trusted brand names duped one in five British consumers. Of those who were duped, 20% said their computers were infected with a virus, 15% had their personal information stolen, and 6% were tricked into purchasing a fake product.
16% of British consumers also told DomainTools that they were unsure whether they had clicked on a scam email, thereby suggesting that the number of people affected by phishing scams could be much higher than believed.
A similar survey carried out by DomainTools in 2017 revealed that the brands most likely to be leveraged for phishing scams included Amazon (88%), Argos (46%) and Tesco (35%) and that 24% of their customers had their computers infected with viruses, 20% had their credit card details or personal information stolen, and another 8% lost money on deals that never existed.
"The issue here reinforces that people will blindly click on links if they believe it has come from a trusted resource. People are trusting, and criminals take advantage of this by preying on their emotions and having massive success, mainly due to people not querying messages. It’s important that they stop and think before clicking," said Stephen Burke, Founder & CEO of Cyber Risk Aware.
Commenting on the study conducted by Computer Disposals Limited, Troy Gill, manager of security research at Zix, said that this exercise highlights why the human element can only be the very last line of defense against phishing attacks.
"Many current phishing attacks are leveraging well known and reputable services to host their phishing sites. We have seen a large increase in abuse of storage.googleapis.com, onedrive.live.com, appspot, sharepoint.com just to name a few.
"Utilising these sites to host the malicious links in messages helps attackers to disarm the well-trained employee as, even upon inspection, the site appears to be legitimate. Many of these are so convincing they can fool even the savviest user. This is, of course, what makes prevention and mitigation of these attacks so critical," he added.