Efforts to educate users about the dangers of phishing attacks and other online fraud have failed, according to a leading information security expert.The increasingly sophisticated techniques used by hackers are making it extremely tricky for internet users to differentiate between real and fake websites, said William Beer, European director of Symantec’s security practice, in an address to delegates at the e-Crime summit in London yesterday.
He warned that the rapid advancement of attacking methods, such as SMS and voice phishing, quickly renders user education around online security out of date.
“The industry needs to reflect on our communication strategies and think about what could be the next wave of attacks,” he said. “Email is a cost-effective and timely way of communicating with consumers, but it’s at risk of not being recognised as a legitimate piece of communication.”
He added that education needs to be tailored according to the user’s age. “We need to profile users. The education message has to be changed for different groups. You do not talk to teenagers in the same way that you talk to the over 50s.”
Joseph Sullivan, associate general counsel of PayPal, reinforced the message in his keynote speech: “Education [alone] is not going to stop this because phishing attacks are too good now,” he said. “It targets the most vulnerable users of the internet. The problem has not got better, if anything it has got worse.”