Phishing sites go undetected by almost three quarters of consumers
convincing than ever, according to new research from Avast, a global leader in digital security products, released on Safer Internet Day 2020. The survey asked respondents to correctly identify the ‘phishing’ site from two seemingly identical screengrabs taken from a household name ecommerce site, and only 29% answered correctly. This comes at a time when phishing, alongside malware, remains one of the most common forms of cyberattack.[i]
The research also asked people if they had ever fallen victim to a phishing attack, with 14% saying they had but a larger proportion admitting they weren’t sure, perhaps highlighting a lack of understanding on what phishing looks like and how to spot the signs of an attack. The survey also asked those who had fallen victim to identify the type of attack they experienced. Email phishing was the top answer (55%), followed by a phishing website (39%). Telephone phishing, often referred to as a ‘call center scam’ was experienced by more than a quarter (27%).
Pete Turner, Senior Vice President at Avast said, “Many attacks today use some form of social engineering to trick people into giving up sensitive information or downloading malware to their device. Unfortunately, the success of phishing campaigns is increasing because of how targeted the attacks have become, particularly over email or text.
“Historically, phishing attacks have targeted large pools of people for maximum impact, but now cybercriminals are starting to experiment with technologies such as AI to extract information about you from online platforms – including social networks – in order to deliver more personalized and seemingly legitimate messages to your inbox. These spearphishing attacks are making it really hard for people to distinguish between what’s real and what’s not. This Safer Internet Day we want to highlight the issue and offer easy to follow tips to ensure you don’t fall victim to phishing scams.”
18 to 34-year-olds were the group most likely to fall victim of a phishing attack, with 56% admitting they’d been targeted. In contrast, only 6% of respondents aged 55+ said they’d fallen victim. Interestingly, those in the 18-34 age group were more likely than other groups to correctly identify the genuine website from the two images shown.
To avoid becoming a victim of phishing and spearphishing attacks, Avast recommends following the steps below:
Install a strong antivirus
Always make sure your devices and your applications are up-to-date and install a strong antivirus with an anti-phishing feature to prevent breaches of personal information, such as passwords and credit card numbers. Avast’s network of hundreds of millions of sensors feed data to its AI engine which helps to detect phishing threats quicker and better protect the userbase.
Double check the link
Many phishing emails include links to malicious sites that look like the real deal and are hard to recognise as fake. It’s always safer to enter URLs directly into the browser and avoid clicking on links and attachments that are included in promotional emails. The same caution should be applied not only to online shops, but also banks and other financial intuitions.
Apps are not immune from scammers either, Avast has found fake apps on the Google Play Store, so we recommend downloading apps from retailer websites to be sure they’re genuine.
Double check the content and context
Are there grammatical and punctuation errors? Is the writing style dissimilar to previous messages from the “same” sender (e.g. your bank)? Is there an overdramatic sense of urgency in the message? These characteristics may indicate that the message is malicious.
Check for https
Keep an eye out for the green https padlock next to the website’s address in the browser address bar. https is a protocol that encrypts data being sent over the web. If a page does not have the https padlock, refrain from entering any personal data and financial information into the site.
*The survey, carried out by Toluna on behalf of Avast in November 2019, surveyed 1000 respondents in the UK
[i] https://www.pwc.co.uk/forensic-services/assets/pwc-global-economic-crime-survey-2018-uk.pdf
*** This is a Security Bloggers Network syndicated blog from Blog | Avast EN authored by Avast Blog. Read the original post at: https://blog.avast.com/phishing-sites-go-undetected-by-almost-three-quarters-of-consumers