For this study, Intel Security presented 10 emails where people were asked to identify which emails were phishing with the purpose of steal personal data, and which were legit, legal emails. The data for the study was collected from 144 countries and 19000 people were surveyed.
“To help consumers spot these popular phishing attacks, we developed a quiz to help people learn how to properly identify phishing emails. We shared 10 real emails and you decided whether they were real, or real dangerous. We’ve been doing this for some time, and now that the tests have been turned in, scored and graded, it’s time to take a look at how everyone did.” states the official blog published by McAfee.
The results were:
If 80% got at least one answer wrong, this means that the attacker has found the “open door”, since he just needs us to get wrong one time to get his opportunity.
Another interesting data emerged from the study is related to the email that more people got the wrong response … it is the legitimate email. The legit email, consisted in the user taking action and “claim their free ads. Normally people associate “free money” to phishing campaigns, and that was the main reason why some many people got the wrong answer here.
“Phishing emails often look like they are from credible sites but are designed to trick you into sharing your personal information,” “Review your emails carefully and check for typical phishing clues including poor visuals and incorrect grammar, which may indicate that the email was sent by a scammer.” said Gary Davis, Chief Consumer Security Evangelist at Intel Security.
Using the advices provided by Gary Davis, you can follow the following tips to improve defense against phishing attacks:
Phishing is one of the most insidious cyber threats despite the high level of knowledge on the techniques implemented by criminals. Everyone can fall victim for phishing emails, even people working in IT, but the trick is to follow some steps like the ones provided to help us reduce our mistakes.
Early in my career in IT phishing emails were a big deal, since they had many of spelling mistakes, but today I can’t say the same, because now I see a lots of phishing emails, perfectly writing, since the scammers hire people to do the spell checking for each country, being difficult to distinguish a phishing emails from a legit emails, and that’s why the numbers of this study are so alarming.
About the Author Elsio Pinto
Edited by Pierluigi Paganini
(Security Affairs – phishing, cybercrime)