New survey shows phishing is unrecognizable to some users

August 31, 2012

Despite the rising number of phishing attacks reported in the first half of 2012, many users don't recognize hackers' attempts to release malware. According to a survey conducted by O+K Research, and commissioned by Kaspersky Lab, 50 percent of respondents were not able to spot a phishing message or a fake website.

Twenty-six percent of users said that they accidentally opened malicious attachments, which resulted in the release of the virus. Thirteen percent of respondents admitted that they entered personal information into an application, even if it looked suspicious. Although experts frequently remind users to avoid opening unknown attachments or clicking questionable links, this survey reaffirms that computer users need to be better educated on web security.

Through phishing and spear phishing attempts, hackers can access confidential information by pretending to be a legitimate person or website. The hacker can release malware and steal data from social networks, emails, online banking and ecommerce sites. According to a separate Kaspersky Lab report, 68 percent of phishing messages were related to one of these services.

Forms of attacks
As news reports and studies are released on viruses and malware, people are becoming aware of the techniques hackers use to obtain private information. As a result, cybercriminals are creating more realistic emails and websites that make it challenging for a person to identify a fake.

Some hacker attempts are disguised as authentic-looking emails that claim to be from a person the recipient knows. For example, Facebook users were recently targeted through a fake email that said the recipient was tagged in a photo. The attachment, which the email urged the reader to click on, contained the malware. Other hackers create replicas of internet sites.

Mobile device users have become a new target for cybercriminals. Twenty-four percent of tablet users and 18 percent of smartphone users said they recently received an email with either a suspicious link or attachment, according to the survey conducted by O+K Research. Fourteen percent of tablet users and 11 percent of smartphone users said they received an email claiming to be from a bank or social network.

Both mobile device and computer users should be cautious when opening an email. Unless they can verify it came from a friend, the best form of email security for users is to not click on an unsolicited link.

-McAfee Cloud Security