Press Releases

Intel Security’s Phishing Quiz Reveals 97 Per Cent of People Worldwide Cannot Identify Destructive Phishing Emails: “Make it a Rule to Never Click on Links or Attachments in Emails / Texts”

The following video presents Could You Be Hooked by a Phishing Scam?:

Perhaps you’ve heard stories about someone accidentally exposing their credit card or bank account number and thought, “I wouldn’t fall for that.” But are you sure? Users often have a hard time distinguishing fake websites and emails designed by criminal hackers from legitimate ones. The video provides tips about how to avoid becoming a victim of phishing by being vigilant and learning how to recognize phishing attempts so you can stay safe.

Are you confident you can spot a phishing e-mail? Think again.

According to a recent quiz on phishing from Intel Security, 97 per cent of people worldwide were unable to correctly identify destructive phishing e-mails. While more than 19,000 respondents were surveyed across 144 countries (including Canada), only three per cent were able to correctly identify every phishing example. Furthermore, about 80 per cent of all survey respondents misidentified at least one of the phishing e-mails, which is all it takes to fall victim to an attack.

Key takeaways:

  • Canada rank globally: Of the 144 countries represented in the survey, Canada ranked 26th overall in the ability to detect phishing — showing there is still room for awareness and improvement. The U.S. ranked 27th.
  • By the numbers: The 35-44 year old age group performed the best, answering an average of 68 per cent of questions accurately.
  • Men vs. women: Overall, men gave slightly more correct answers than women, averaging a 67 per cent accuracy rate, compared to a 63 per cent accuracy rate for women.

Intel Security has released these Dos and Don’ts on how to identify and safeguard against phishing e-mails:

Do:

  • Keep your security software and browsers up to date
  • Hover over links to identify obvious fakes
  • Take your time and inspect e-mails for obvious red flags (i.e. misspelled words, incorrect URL domains, unprofessional and suspicious visuals)
  • Instead of clicking on a link provided in an e-mail, visit the website of the company that allegedly sent the e-mail

Don’t:

  • Click on any links in an e-mail sent from unknown or suspicious senders
  • Send an e-mail that looks suspicious to friends or family as this could spread a phishing attack to unsuspecting loved ones
  • Download content that your browser or security software alerts you may be malicious
  • Give away personal information like your credit card number, home address, or social security number, to a site or e-mail address you think may be suspicious

With no hard and fast rule to go on, spotting a scam is, Davis admitted, “about the subtleties of it.” Would your friend really send you an email like this? Would Best Buy really be selling iPhones for half off? “You have to take that extra second,” he said, and ask: Does this smell phishy?

“If it comes from a friend, ask them if they sent it. If it’s from Best Buy, go to the website and search for Apple iPhone offers.”

To feel confident that you’re not falling for fancy tricks, you could make it a rule to never click a link in an email — ever.

“It’s sad but that’s literally the case,” said Davis.

Gary Davis, Chief Consumer Security Evangelist at Intel Security
http://www.cbsnews.com/news/mcafee-intel-security-phishing-quiz-can-you-spot-a-scam-dont-be-so-sure/

Gary Davis, Chief Consumer Security Evangelist at Intel Security, has written this blog post which includes some more tips.

One wrong click could expose your company to a data breach. Take the quiz and discover how skilled you are at detecting malicious phishing attempts amid common work-related emails, ….

  • Find out your phishing knowledge score in comparison to the average phishing scores of different countires by taking the phishing quiz at https://phishingquiz.mcafee.com/.
Intel Security Infographic: "Avoid Phishing Scams"

Intel Security Infographic: “Avoid Phishing Scams”

PRESS RELEASE

97 PER CENT OF PEOPLE GLOBALLY UNABLE TO CORRECTLY IDENTIFY PHISHING E-MAILs

Intel Security Quiz Showcases Challenges in Distinguishing Legitimate E-mails from Phishing E-mails

SANTA CLARA, Calif. May 12, 2015Today, Intel Security released the findings of their phishing quiz which tested consumer knowledge of, and ability to detect, phishing e-mails. The quiz presented ten e-mails compiled by Intel Security and asked respondents to identify which of the e-mails were phishing attempts designed to steal personal information and which were legitimate. Of the approximately 19,000 survey respondents from 144 countries, only 3 per cent were able to correctly identify every example correctly and 80 per cent of all respondents misidentified at least one of the phishing e-mails, which is all it takes to fall victim to an attack.

Cyberscammers use phishing e-mails to get consumers to click on links to websites they’ve created solely for the purpose of information theft. They trick users into typing their names, addresses, login IDs, passwords, and/or credit card information into fields on sites that look like they belong to real companies. In some cases, just clicking the link provided in the e-mail will automatically download malware onto the user’s device. Once the malware is installed, hackers can easily steal the victim’s information without their knowledge.

Globally, the 35-44 year old age group performed best, answering an average of 68 per cent questions accurately. On average, women under the age of 18 and over the age of 55 appeared to have the most difficulty differentiating between legitimate and phony e-mails, identifying six out of ten messages correctly. On the whole, men gave slightly more correct answers than women, averaging a 67 per cent accuracy rate versus a 63 per cent rate for women.

Canada: Phishing Bait?

Of the 144 countries represented in the survey, Canada ranked 26th overall in ability to detect phishing. The five best performing countries were France (1), Sweden (2), Hungary (3), the Netherlands (4), and Spain (5).

Even Real E-mails Can Be Deceptive

Interestingly, the survey found that the e-mail most often misidentified was actually a legitimate email. This e-mail asked the recipient to take action and “claim their free ads.” People often associate free prize offers with phishing or spam, which is likely the reason a large number of people misidentified the e-mail.

“Phishing e-mails often look like they are from credible sites but are designed to trick you into sharing your personal information,” said Gary Davis, Chief Consumer Security Evangelist at Intel Security. “Review your e-mails carefully and check for typical phishing clues including poor visuals and incorrect grammar, other clues which may indicate that the e-mail was sent by a scammer.”

To better protect yourself from becoming a victim of a phishing scam, Davis offers the following advice:

Do:

  • Keep your security software and browsers up to date
  • Hover over links to identify obvious fakes; make sure that an embedded link is taking you to the exact website it purports to be
  • Take your time and inspect e-mails for obvious red flags: misspelled words, incorrect URL domains, unprofessional and suspicious visuals and unrecognized senders
  • Instead of clicking on a link provided in an e-mail, visit the website of the company that allegedly sent the e-mail to make sure the deal being advertised is also on the retailer’s homepage

Don’t:

  • Click on any links in any e-mail sent from unknown or suspicious senders
  • Send an e-mail that looks suspicious to friends or family as this could spread a phishing attack to unsuspecting loved ones
  • Download content that your browser or security software alerts you may be malicious
  • Give away personal information like your credit card number, home address, or social security number to a site or e-mail address you think may be suspicious

Additional Resources

For more information, please visit:

QUIZ METHODOLOGY

Responses from the Phishing quiz represent responses from December 11, 2014 to February 10, 2015. The ten questions included were compiled from real e-mails by McAfee Labs

About Intel Security

McAfee is now part of Intel Security. With its Security Connected strategy, innovative approach to hardware-enhanced security, and unique McAfee Global Threat Intelligence, Intel Security is intensively focused on developing proactive, proven security solutions and services that protect systems, networks, and mobile devices for business and personal use around the world. Intel Security is combining the experience and expertise of McAfee with the innovation and proven performance of Intel to make security an essential ingredient in every architecture and on every computing platform. The mission of Intel Security is to give everyone the confidence to live and work safely and securely in the digital world. www.intelsecurity.com.

Intel, the Intel logo, McAfee and the McAfee logo are trademarks of Intel Corporation in the U.S. and/or other countries.

McAfee Canada, now part of Intel Security, maintains a website called “The State of Consumer and Enterprise Security in Canada” (http://mcaf.ee/canadastats) in order to provide a one-stop shop for writers looking for information on a variety of trends and issues affecting and shaping the Canadian security landscape. Feel free to check out the McAfee Canada resource site for security information, statistics, story ideas, and access to published McAfee surveys and studies.

*Other names and brands may be claimed as the property of others.