A quiz given to consumers in 144 countries concludes that most people could inadvertently fall victim to online phishing attempts designed to steal personal information.
The average person gets flooded by emails everyday — work, friends, ads from online retailers and junk mail. It is part of the morning routine to delete suspicious-looking emails with promises to earn millions working from home or win 10-day cruises in the Caribbean. Picking out cyber scams is easy, right?
Not according to a recent survey released by Intel Security. Of the 19,000 survey respondents from 144 countries who were tested on their ability to detect suspicious emails, 97 percent were unable to correctly identify cyber scamming or “phishing” emails.
“Phishing is an online form of identity theft,” said Gary Davis, chief consumer security evangelist at Intel Security. “It is a method of fraudulently obtaining personal information, such as passwords, social security numbers and credit card details, by sending spoofed emails that look like they come from trusted sources, such as banks or legitimate companies.”
Davis said that in some cases simply clicking a link in an email can automatically upload “malware” (malicious software), which can enable hackers to steal a victim’s personal information without detection.
To test their ability to accurately identify legitimate or phishing emails respondents took a quiz where they were shown 10 emails and asked to identify if they were phishing attempts designed to steal personal information, or legitimate messages. Only 3 percent correctly identified every example correctly, and 80 percent misidentified at least one of the phishing emails.
Globally, the 35-44 year old age group performed best, answering an average of 68 percent questions accurately. On average, women under the age of 18 and over the age of 55 appeared to have the most difficulty differentiating between legitimate and phony emails, identifying six out of 10 messages correctly. On the whole, men gave slightly more correct answers than women, averaging a 67 percent accuracy rate versus a 63 percent rate for women.
Of the 144 countries surveyed, the U.S. ranked a dismal 27th. The five best performing countries were France, Sweden, Hungary, the Netherlands, and Spain.
“Europeans overall tend to be very concerned about privacy, which would suggest that they are more skeptical when clicking on links or objects in emails,” said Davis.
Within the U.S., Californians and New Yorkers answers were below the national average, while Iowa has the best response rate with 68 percent correct answers. Davis said the data suggests that people in cities are busy and bombarded by stimuli, which could make them easier targets.
To better protect yourself from becoming a victim of a phishing scam, Davis offers the following advice:
- Keep your security software and browsers up to date.
- Hover over links to identify obvious fakes; make sure that an embedded link is taking you to the exact website it purports to be.
- Take your time and inspect emails for obvious red flags: misspelled words, incorrect URL domains, unprofessional and suspicious visuals.
- Instead of clicking on a link provided in an email, visit the website of the company that allegedly sent the email to make sure the deal being advertised is also on the retailer’s homepage.
- Practice good password hygiene by building long, complicated passwords and changing them frequently. Or if you have trouble remembering and keeping track of all your user names and passwords, a great option would be to use True Key.
- Click on any links in any email sent from unknown or suspicious senders.
- Send an email that looks suspicious to friends or family as this could spread a phishing attack to unsuspecting loved ones.
- Download content that your browser or security software alerts you may be malicious.
- Give away personal information like your credit card number, home address or social security number to a site or email address you think may be suspicious.
If people suspect they’ve fallen victim to phishing, Davis said they should log into the legitimate site and change passwords, check for unauthorized purchases, and ensure personal information is still correct. If credit card numbers have been hijacked, contact the credit card company and report the information as stolen.