Internet users still taking phishers' bait10 April 2006
People using the internet are as susceptible as ever to falling victim to phishing scams, despite repeated and well-documented warnings by industry experts.
Academics from the leading US universities of Berkeley and Harvard have suggested that internet users are still not able to consistently distinguish between genuine emails from trusted sources and phishing scams.
Phishing is so called because con artists speculatively send out blanket emails posing as authentic institutions. The emails will tend to direct the recipient towards a fraudulent website where sensitive information such as bank details is invariably requested.
Hook, line and sinker
The research team consisting of Rachna Dhamija, Marti Hearst and JD Tygar told the E-Crime Congress in London that 40 per cent of people involved in their trial failed to identify phishing emails.
Although only approximately five per cent of individuals that receive phishing scams in their inboxes actually hand over confidential data, this is more than enough for phishers to continue their illegal operations and analysts are concerned that users could become too worried to use legitimate online services in the future.
The US researchers developed their own replicas of phishing scams in order to conduct their studies, with nine out of ten people falling for the most sophisticated examples.
What concerned the academics most was that "the indicators of trust presented by the browser are trivial to spoof", with users falling for simple tricks such as domain names substituting letters with others or digits to resemble trusted sites.
For example, www.lloydstsb.com looks very similar to www.l1oydstsb.com.
Internet users involved in the trial were also under the impression that sites with fewer graphics were more likely to be scams, as well as not fully understanding that theoretical sites such as www.ebay-members-security.co.uk were not necessarily a derivative of www.ebay.co.uk.
Phishing for clues
With Home Office figures suggesting that identity theft costs Britons £1.7 billion every year, it is of paramount importance that individuals and businesses are aware of and protected against the risk of falling victim to phishing scams.
Small businesses should ensure they have reliable antivirus and firewalls installed to help flag up phishing emails, while BT Business Email provides filtering services to identity phishers' attempts to gain access to your details.
Post a comment
As usual, we would be delighted to hear your comments or questions about this article. Comments may be published on this or any other BT site.
