50% of Users Cannot Recognize A Phishing Message

The standard data theft method is social engineering – a potential victim is lured onto an infected web-page or is duped into opening a file attached to an e-mail. It is not always easy to recognize such a message, as a survey conducted in May 2012 by O+ K Research at the request of Kaspersky Lab demonstrates. During the survey, 50% claimed they are incapable of recognizing a phishing message or a forged web-site.

Throughout the course of the survey, 0+ K Research polled over 11,000 users living in Latin and North America, Eurpoe, the Middle East, Asia and Africa. All the participants were aged 16 or over and had access to the Internet, with over 90% of them going online every day. Both experienced and novice computer users took part in the survey.

The overwhelming majority of phishing messages are delivered through e-mail or social networks. The reason is simple: these are currently the most wide-spread means of communication. According the same research, 86% of PC users check their e-mails regularly, and 73% communicate in social networks. 54% of users chat on the Internet regularly with their smartphones. Cybercriminals who use phishing as a tool to steal data are primarily interested in gaining unauthorized access to social network accounts, accounts in online banking and payment systems, and e-shops. According Kaspersky Lab, in June 68% of phishing messages related to such services were targeted at data theft.

The results give indirect evidence that the mass messaging method bears fruit: about half of the O+K Research respondents noticed they have already encountered suspicious correspondence in social networks or e-mail. Thus, 47% of PC users got a message with a suspicious link or an attachment, and 29% of respondents got letters on the name of a bank (social network, another service, etc.) with a request for confidential information.

Moreover 26% of users admitted that their computers had been infected as a result of opening an attachment to a letter, and 13% of respondents had entered personal or financial data at suspicious pages. Therefore when fighting against fake and infected messages and web-sites, instead of relying upon your own efforts it is better to use specific solutions. The new Safe Money technology, presented as a part of Kaspersky Internet Security 2013, helps to detect and block attempts to steal your sensitive data via phishing web-pages and malware linked to online shopping or banking services.

Quite a high percentage of users fell prey to phishing on their mobile devices. 24% of tablet users and 18% of smartphone owners received correspondence with suspicious links and attachments. 14% and 11% respectively had letters on behalf of a bank or social network. One can presume that as we see more and more mobile devices going online, the amount of phishing letters for mobile platforms will also grow. Therefore it is high time to think of protecting you mobile devices with specific anti-phishing solutions. This function is already available in Kaspersky Mobile Security and Kaspersky Tablet Security.

For the full version of the report on the survey conducted by O+K Research follow the link.