430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

New Intel Security study shows that 97% of people can’t identify phishing emails

Intel Security published an a curious study to test consumer knowledge about phishing practice and measure the ability to detect phishing emails. For this study, Intel Security presented 10 emails where people were asked to identify which emails were phishing with the purpose of steal personal data, and which were legit, legal emails. The data for the […]

Subway UK

Intel Security published an a curious study to test consumer knowledge about phishing practice and measure the ability to detect phishing emails.

For this study, Intel Security presented 10 emails where people were asked to identify which emails were phishing with the purpose of steal personal data, and which were legit, legal emails. The data for the study was collected from 144 countries and 19000 people were surveyed.

“To help consumers spot these popular phishing attacks, we developed a quiz to help people learn how to properly identify phishing emails. We shared 10 real emails and you decided whether they were real, or real dangerous. We’ve been doing this for some time, and now that the tests have been turned in, scored and graded, it’s time to take a look at how everyone did.” states the official blog published by McAfee.

The results were:

  • Only 3% got all answers right
  • 80% of the surveyed people got at least one wrong answer
  • The worldwide average score was 65.4%, which means test takers missed one in four phishing emails on average.

If 80% got at least one answer wrong, this means that  the attacker has found the “open door”, since he just needs us to get wrong one time to get his opportunity.

Another interesting data emerged from the study is related to the email that more people got the wrong response … it is the legitimate email. The legit email, consisted in the user taking action and “claim their free ads. Normally people associate “free money” to phishing campaigns, and that was the main reason why some many people got the wrong answer here.

“Phishing emails often look like they are from credible sites but are designed to trick you into sharing your personal information,” “Review your emails carefully and check for typical phishing clues including poor visuals and incorrect grammar, which may indicate that the email was sent by a scammer.” said Gary Davis, Chief Consumer Security Evangelist at Intel Security.

Phishing SurveyInfographic_FINAL-13Apr2015-785x1024

Using the advices provided by Gary Davis, you can follow the following tips to improve defense against phishing attacks:

Do:

  • Keep your security software and browsers up to date
  • Hover over links to identify obvious fakes; make sure that an embedded link is taking you to the exact website it purports to be
  • Take your time and inspect emails for obvious red flags: misspelled words, incorrect URL domains, unprofessional and suspicious visuals and unrecognized senders
  • Instead of clicking on a link provided in an email, visit the website of the company that allegedly sent the email to make sure the deal being advertised is also on the retailer’s homepage

Don’t:

  • Click on any links in any email sent from unknown or suspicious senders
  • Send an email that looks suspicious to friends or family as this could spread a phishing attack to unsuspecting loved ones
  • Download content that your browser or security software alerts you may be malicious
  • Give away personal information like your credit card number, home address, or social security number to a site or e-mail address you think may be suspicious

Phishing is one of the most insidious cyber threats despite the high level of knowledge on the techniques implemented by criminals. Everyone can fall victim for phishing emails, even people working in IT, but the trick is to follow some steps like the ones provided to help us reduce our mistakes.

Early in my career in IT phishing emails were a big deal, since they had many of spelling mistakes, but today I can’t say the same, because now I see a lots of phishing emails, perfectly writing, since the scammers hire people to do the spell checking for each country, being difficult to distinguish a phishing emails from a legit emails, and that’s why the numbers of this study are so alarming.

About the Author Elsio Pinto

Elsio Pinto (@high54security) is at the moment the Lead Mcafee Security Engineer at Swiss Re, but he also as knowledge in the areas of malware research, forensics, ethical hacking. He had previous experiences in major institutions being the European Parliament one of them. He is a security enthusiast and tries his best to pass his knowledge. He also owns his own blog http://high54security.blogspot.com/

Edited by Pierluigi Paganini

(Security Affairs –  phishing, cybercrime)