According to statistics from the email security company MailFrontier, only… 4% of users can accurately identify phishing emails with 100% accuracy. This is certainly alarming news as the shopping season approaches and more people are turning to online shopping.
The results presented by MailFrontier are based on the Phishing IQ test, which lists 10 sample emails, and users must identify which ones they deem legitimate and which are fraudulent. The sample emails were sourced from Chase, PayPal, the Federal Reserve Bank of the United States, MSN, Earthlink, and Amazon.
This year, the average accuracy rate among participants was 75%, an increase from last year’s 61%. MailFrontier believes this improvement is due to users becoming more informed about phishing and developing a greater sense of suspicion.
One surprising finding from MailFrontier is that younger users (ages 18-24) are more susceptible to scams than older users (55+), despite being more tech-savvy.
5 Misconceptions About Phishing
MailFrontier’s most significant contribution to this research is identifying five misconceptions people have about phishing.
1. “Oh, detecting scams is as easy as pie!”
The biggest mistake users make is being overly confident in their abilities. Although users have made significant progress in recognizing phishing emails, this does not mean they are always alert and knowledgeable enough to recognize when they are being scammed. Most still confuse phishing emails with legitimate ones.
2. Are spam filters just junk?
The majority of users tend to overestimate spam filters, believing they can detect and block all phishing attacks. Consequently, they feel secure and click on every email that appears in their inbox. It’s important to know that capturing a phishing email requires a series of complex analysis and evaluation tools; spam filters alone can only do so much.
3. Can phishing emails be blocked by domain authentication?
Using domain authentication as a tool to block fraudulent emails is the third misconception. Spammers and professional phishers have demonstrated that they can easily bypass this barrier.
4. If I detect a flaw in the URL, can I block phishing emails?
Identifying a flaw in the URL is a good sign that something is amiss, but it is not convincing evidence on its own. Many legitimate companies still use techniques such as redirecting URLs, using long URLs (exceeding the length of the address bar), and even raw IP addresses in their emails.
Phishers are well aware of this reality and exploit it.
5. Why do I need to take action to protect myself and my company from phishing emails?
This is the final and perhaps the most important misconception. Users often think they don’t need to do anything or that their efforts won’t make a difference. However, this “laziness” can lead to disastrous consequences: loss of personal information, financial data, and even sensitive company information.
According to MailFrontier’s predictions, the amount of money phishers are expected to scam this year will increase by 25% compared to last year, reaching a staggering… $1 billion.
Cầm Thi
