Nine out of ten people are vulnerable to phishing scams as more need for online security education demonstrated

News by Dan Raywood

UK internet users are at risk from online fraud by not being able to identify the different forms of phishing currently happening online.

UK internet users are at risk from online fraud by not being able to identify the different forms of phishing currently happening online.


A survey by YouGov and VeriSign revealed that 88 per cent of web users are unable to distinguish a phishing site from an official page when presented side by side. The most frequently missed sign was the spelling on the site, with 88 per cent failing to spot the spelling mistakes that would have identified the phishing site.


Of those surveyed, 57 per cent did not spot the padlock symbol in the browser address bar, 34 per cent failed to notice that the URL only contained an unspecified, numerical domain name, while 23 per cent accepted a request for additional account information.


Andrew McClelland, director of business development at industry body IMRG, said: “Phishing continues to be a major challenge for online businesses. It takes only one phishing attack to dramatically reduce the web browsing public's trust in an organisation. Once that trust is lost, it is very difficult to regain, and with competition just a click away, something that businesses cannot afford to lose.


“When you look at the two sites together, it can be fairly obvious that something was incorrect and had changed on the page. In the past we have relied on users looking for the padlock and https in the address bar, but for a lot of customers this won't make sense. As an industry we're quite poor at educating on this.”


Security vendors and internet browsers have combined forces to establish the Extended Validation standard for SSL Certificates. With this technology, the browser and the certificate authority control the display, making it difficult for phishers and counterfeiters to hijack a brand and its customers.


McClelland said: “EV SSL does let you know that you are safe but most people don't know how a domain is constructed. This is one of the challenges for the security products, and hasn't made it easy for the end-user, but by adding an additional layer it makes it easier for the consumer to understand.”


Tim Callan, vice president of product marketing at VeriSign, said: “We have a spectrum of people who have used the internet since 1995, but new people are coming online everyday and as a result nearly a billion people need to understand that something is very different.


“There is a lot of green fields out there, and a decade later we are still getting phishing emails. We know what we have and we bring the best to the table, they are bringing the best they have too.”


Callan claimed that in early 2007 PayPal was one of the most replicated brands in phishing emails, and after it incorporated EV SSL and put the green address bar on all of its sites and educated its users to look for the green glow it dropped out of the top ten phished sites.


“As more people get a trend, the phishers will try other things. The green address bar represents the next generation, we want to create genuine authentication,” said Callan.


VeriSign has compiled its top five tips to distinguish a real site from a phishing site. It encouraged users to look for the following:

  • The ‘s' in https:// means the site is encrypted, so the information you enter is secured
  • The padlock icon that should appear in the actual browser interface and not inside the content of the page itself
  • Trust marks to show that a website is authenticated, secured, and the company is reputable
  • The green address bar
  • Check the web address.


    Find this article useful?

    Get more great articles like this in your inbox every lunchtime

    Video and interviews