Even security experts fail to spot phishing emails, finds report

News by Tom Reeve

An online phishing quiz conducted by Intel Security found that 97 percent of people failed to correctly identify all of the sample emails in the test.

Intel Security tested 19,000 people from 140 countries with an online test that included ten examples of phishing and legitimate emails. People were invited to click one of two buttons depending on whether they thought it was legitimate or a phishing email.

The test emails were based on real-life emails from recognised companies and contained “live” links that revealed the destination URL when hovered over.

A report last month claimed that cyber-criminals are increasingly focusing on corporations rather than households for phishing attacks. 

The results indicate that phishers are fishing in rich waters.
  • Only three percent of test-takers identified every email correctly.
  • Of those who didn't score top marks, 80 percent failed to spot at least one phishing email.
  • The worldwide average score was 65.4 percent.

“Unfortunately, one email is all it takes to fall victim to an attack,” wrote Gary Davis, vice president of global consumer marketing, in the McAfee blog. McAfee became part of Intel Security last year.

Even experts will fall foul of this test, said Davis. On average, industry insiders were only able to pick out two-thirds of the fakes. Only six percent of experts scored 100 percent and 17 percent got half or more wrong.

Intel's tips for improving your phish-sensing abilities are:

  • Take the phishing quiz to put your skills to the test.
  • Keep an eye out for tell-tale signs like bad grammar, bad syntax, suspicious senders and URLs that don't match.
  • Use anti-phishing software.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews