Today, Intel Security released the findings of their phishing quiz which tested consumer knowledge of, and ability to detect, phishing emails. The quiz presented 10 emails compiled by Intel Security and asked respondents to identify which of the emails were phishing attempts designed to steal personal information and which were legitimate. Of the approximately 19,000 survey respondents from 144 countries, only 3% were able to identify every example correctly and 80% of all respondents misidentified at least one of the phishing emails, which is all it takes to fall victim to an attack.
Cyberscammers use phishing emails to get consumers to click on links to websites they’ve created solely for the purpose of information theft. They trick users into typing their names, addresses, login IDs, passwords, and/or credit card information into fields on sites that look like they belong to real companies. In some cases, just clicking the link provided in the email will automatically download malware onto the user’s device. Once the malware is installed, hackers can easily steal the victim’s information without their knowledge.
Globally, the 35-44 year old age group performed best, answering an average of 68% of questions accurately. On average, women under the age of 18 and over the age of 55 appeared to have the most difficulty differentiating between legitimate and phony emails, identifying six out of 10 messages correctly. On the whole, men gave slightly more correct answers than women, averaging a 67% accuracy rate versus a 63% rate for women.
The United States: Phishing Bait?
Of the 144 countries represented in the survey, the U.S. ranked 27 overall in ability to detect phishing, with 68% accuracy. The five best performing countries were France (1), Sweden (2), Hungary (3), the Netherlands (4), and Spain (5). Within the U.S., the state with the most correct responses was Iowa, with an average of 68% questions answered correctly. North Dakota provided the fewest correct answers, averaging 56%. New Yorkers and Californians answered 66.44% and 65.73% of the questions correct respectively, below the national average.
Even Real Emails Can Be Deceptive
Interestingly, the survey found that the email most often misidentified was actually a legitimate email. This email asked the recipient to take action and “claim their free ads.” People often associate free prize offers with phishing or spam, which is likely the reason a large number of people misidentified the email.
“Phishing emails often look like they are from credible sites but are designed to trick you into sharing your personal information,” said Gary Davis, Chief Consumer Security Evangelist at Intel Security. “Review your emails carefully and check for typical phishing clues including poor visuals and incorrect grammar, which may indicate that the email was sent by a scammer.”
To better protect yourself from becoming a victim of a phishing scam, Davis offers the following advice:
Do:
- Keep your security software and browsers up to date
- Hover over links to identify obvious fakes; make sure that an embedded link is taking you to the exact website it purports to be
- Take your time and inspect emails for obvious red flags: misspelled words, incorrect URL domains, unprofessional and suspicious visuals and unrecognized senders
- Instead of clicking on a link provided in an email, visit the website of the company that allegedly sent the email to make sure the deal being advertised is also on the retailer’s homepage
Don’t:
- Click on any links in any email sent from unknown or suspicious senders
- Send an email that looks suspicious to friends or family as this could spread a phishing attack to unsuspecting loved ones
- Download content that your browser or security software alerts you may be malicious
- Give away personal information like your credit card number, home address, or social security number to a site or e-mail address you think may be suspicious
Additional Resources
For more information, please visit:
- Gary Davis’ tips on how to protect yourself from phishing scams: https://blogs.mcafee.com/consumer/phishing-quiz-results
- To join the conversation, use hashtag #PhishingQuiz at www.facebook.com/IntelSecurity and follow @IntelSec_Home on Twitter
QUIZ METHODOLOGY
Responses from the phishing quiz represent responses from December 11, 2014 to February 10, 2015. The 10 questions included were compiled from real emails by McAfee Labs. A total of 19,458 respondents participated in the quiz from 144 different countries in the areas of The United States, Canada, Europe, the Middle East, Asia, Latin America, and more. The average global score was 65.54.
“Interestingly, the survey found that the email most often misidentified was actually a legitimate email. This email asked the recipient to take action and “claim their free ads.” People often associate free prize offers with phishing or spam, which is likely the reason a large number of people misidentified the email.”
And I ask: What’s the difference? Since nothing is free, the recipient is a target. Either the message is malicious to their system or their wallet – either way.
I instruct my people to gleefully delete anything that looks the least bit phishy.If they ditch “legitimate” messages in the process – oh, well! Perhaps the “legitimate” companies will change their tactics to not mimic criminals so much.
Its down to simplicity;
Did you request the information that was sent to you? If not it’s SPAM. send it to the junk mail grave.
Most legitimate emails are going to have your full user or account name. Most Spam and phishing emails do not.
Attention to detail !!! Most phishing sites will use a closely worded website. Take for example a Military site. The true URL ending of a military site ends in . MIL . There are sites out there using a .ML ending. So its important to pay attention prior to clicking.
When visiting any HTTPS (secure web site) look for three things if the site is truly in the HTTPS mode and it is what the URL (web site address) says it is;
1. Look for a secured padlock
2. Look for the green Bar
3. Make sure the address bar is green
= )
When visiting any HTTPS (secure web site) look for three things if the site is truly in the HTTPS mode and it is what the URL (web site address) says it is;
1. Look for a secured padlock
2. Look for the green Bar
3. Make sure the address bar is green
#3. Should read the URL address bar should start with HTTPS:
Too many distractions around here some times. But all good. = )