SEARCH FINANCIAL SERVICES INFRASTRUCTURE SECURITY SCIENCE INTERVIEWS

 

     

How Can You Tell If This Email Is Real?

By Diligent Team

February 2, 2017

Have you ever gotten a phishing email? You know the type – the sender pretends to work for your bank or insurance company and asks for your password, your login information, or even your credit card details.

An estimated 156 million phishing emails are sent worldwide every day, and about 16 million of those make it through our spam filters and into our inboxes. In fact, the global nonprofit Anti-Phishing Working Group (APWG) recorded more unique phishing campaigns in the first quarter of 2016 than in any other three-month span since it began tracking data more than a decade ago, and the U.S. is reportedly home to more phishing sites than any other country.

Diligent has spent years building a platform to keep business information secure, because even a single legitimate-looking message can pose a serious threat to a company’s most valuable data. Many people think it’s easy to spot scams, but that wasn’t what we found when we did an experiment recently and put more than 2,000 people to the test. We asked them to look at two dozen emails – some real and some fake. Here’s what we learned about their phishing knowledge.

WHAT IS “PHISHING”?

diligent-asset-1a

Phishing is when someone tries to steal your data – from passwords to credit card details – using an email that looks like it’s from a trusted source. Often, these emails will tell you that you’ve won a prize, that a friend is stranded abroad, that there’s a problem with your account, or that you just need to update your credit card or password information.

So what are some warning signs that the email is a fake? Spelling and grammatical mistakes are big ones, as is a generic opening that doesn’t address you by name. You’ll also want to watch out for stuff that seems too good to be true.

diligent-asset-1b

If you suspect a site or email of phishing, hover your cursor over the domain name to see if it goes somewhere other than the address displayed in the text. If you have any doubts, don’t click on a link or download an attachment. Navigate to the site independently, flag the email as spam, and report it to help others steer clear of that specific scam.

IT COULD HAPPEN TO YOU

diligent-asset-2

We asked 2,000-plus survey respondents to tell us if they’ve ever been hacked or tricked – and how. Over 50 percent said they’ve had an unauthorized charge on their credit cards, 33 percent said their email accounts had been hacked, and 24 percent reported having their social media accounts hijacked.

And those were just the crimes they knew about. Most people who unwittingly click on a malicious link don’t discover it until months later – when a bogus charge appears on their credit card statement or a bot using their email address starts spamming family and friends.

PHISHING IS ON THE RISE

diligent-asset-3

There has been a nearly tenfold increase in phishing in just five years, with a particularly alarming jump from about 99,000 documented campaigns in January 2016 to over 229,000 in March 2016 – just three months.

Phishing scams have not only grown in number, but they’ve also become more sophisticated. The Nigerian prince who wants your help accessing frozen assets hasn’t completely vanished from inboxes across the country, but Americans have become more suspicious; therefore, scammers have had to work harder to seem legitimate. Many copy company logos and hide their web addresses behind seemingly innocent aliases.

FOOLING (ALMOST) NO ONE: THE LEAST EFFECTIVE PHISHING EMAILS

diligent-asset-4

We asked our 2,000+ survey respondents to tell us which of two dozen emails they thought were real. Anything that claimed “you’re a winner” had the lowest success rate.

In fact, fewer than 3 percent of respondents fell for an email claiming they won a big cash prize from a soft drink company, and less than 6 percent fell for a contest claiming they won a credit card voucher.

SCAMS MOST LIKELY TO TRIP US UP

asset-6

Of all the emails we tested, the ones that fooled the most people were those with a more personal touch. They claimed someone had sent a Dropbox file, that our friends had posted a photo of us to social media, or – most deviously and successfully of all – that a co-worker wanted to schedule a meeting with us for the next day.

That’s a big concern because phishing can facilitate identity theft or fraud, can cost you money or your reputation, nearly always wastes a lot of time, and creates plenty of aggravation.

FOOLING PEOPLE SOME OF THE TIME
 

diligent-asset-9

Emails declaring a problem with an account or a new security measure tricked nearly 27 percent of our respondents. Social media companies allegedly implementing new login procedures, credit card companies asking the user to open an attachment and verify account details, online merchants saying they’ve temporarily suspended an account, and even banks asking the user to “click here” to restore account access also duped a portion of our respondents.

WITH SO MUCH SPAM, CAN WE TELL WHAT’S REAL?

diligent-asset-7

So is every message from your bank, insurance company, or credit card provider a fraud? Should you ever click on a link or open a file if you’re even a little skeptical?

When our survey respondents tried to spot a real email mixed in with the fakes, they were right more than 60 percent of the time. Still, that means that they flagged real emails as spam nearly 40 percent of the time – enough to do lasting damage to an account, friendship, or other important relationship. The lesson: Try to determine if the email really is spam before marking it as such.

HOW WELL DO AMERICANS SPOT PHISHING EMAILS?

diligent-asset-8

The average score on our phishing quiz was 76.9 percent – a C+ in most American classrooms – which doesn’t sound so bad until you realize that one in four phishing attempts fooled the group. That’s pretty scary when it comes to giving out personal financial information, but it can also affect work – missing a real meeting request from your boss could have unpleasant career consequences.

We split up our findings by things like age and gender and learned that those between ages 35 and 64 were the best at spotting the phishers, though by a fairly small margin. Men and women were equally good at spotting the online lies, but both genders were still fooled almost a quarter of the time. And those who had experienced fraud before were no more or less likely to recognize a scam than those who hadn’t been previously victimized.

Terms of Use | Copyright © 2002 - 2017 CONSTITUENTWORKS SM  CORPORATION. All rights reserved. | Privacy Statement