National Privacy Test: Do Internet Users Recognize Phishing Emails?
With the abundance of online security tips around, Internet users tend to think they know the basics of how to getting tricked by criminals. However, phishing scams are more prevalent than ever.
National Privacy Test, an ongoing survey supported by NordVPN, has so far has shown that over 94% of respondents would ignore an email request from a bank asking for personal information. Yet the statistics show that up to 45% of Internet users keep clicking on dangerous links or providing personal information where they shouldn’t.
Almost 95% of all respondents would ignore an email request from their bank to provide personal information. Warnings about email phishing scams are among the most basic cybersecurity tips, and it seems that Internet users who took the National Privacy Test are largely familiar with one of the most prevalent forms of phishing.
However, the prevalence of phishing scams signals that more sophisticated baits are still very profitable for cyber criminals. According to Verizon’s research conducted in 2016, as many as 30% of phishing emails are opened. In another example, Kaspersky reports that Kaspersky Lab products blocked 51 million attempts to open a phishing page in Q1 2017.
These results lead to believe that although users may be aware of basic types of malicious emails, more sophisticated phishing ventures still work in many cases.
With two significant ransomware attacks that have just affected countries around the world and rising email phishing, the question stands: how can email users get better at spotting malicious messages?
Tips for Spotting a Phishing Email
- Examine the sender’s email address. Don’t just trust the official display name – pay closer attention to the email address. If the domain strikes you as not quite right (e.g. email@example.com), don’t open the email.
- Check for spelling and grammar mistakes. Serious companies don’t normally pester their customers with emails that contain bad grammar and basic spelling mistakes.
- Analyze the salutation. Your bank or another legitimate institution would usually address you with your full name. If you see a vague “Dear user” or similar instead, remain watchful.
- Don’t click on links – instead, hover your mouse over the button to check the destination link. See if it looks legitimate and if it contains the “https” part to indicate a secure connection.
- If uncertain, make contact with your bank or other institution over the phone or a different email address and ask to confirm if the email is legitimate.
For added security, use a VPN. Using a VPN when browsing can protect you against malware and phishing attempts that target online access points.
In the last few weeks, NordVPN has added a CyberSec feature, which is activated every time a user switches the VPN on, and protects from malware, annoying ads and phishing attempts. It checks each website the user tries to access against a list of malicious sites. Any site included in the phishing blacklist is blocked before any harm can be done.
Do you have any other tips on how to spot a malicious link or an infected attachment? Share your experience in the comments below!