RSS Alerts

Related Links

Related Stories

  • HMRC phishing attacks offer cash rebate as lure
    Yesterday was the last day in which UK taxpayers could file their 2008/2009 tax returns online – without getting fined for being late – and HMRC reports that tens of thousands of fraudulent phishing emails were sent out last week.
  • UK online shopping held back by security worries
    Research just released by digital certificate specialist Verisign claims to show that, whilst UK online shopping is expected to rise significantly this Christmas, worries about security will hold many shoppers back from making most of their purchases online.
  • Someone’s got to pay
    Consumers are increasingly trading the high street for the home computer, and in both cases getting more than they bargained for. Rob Stringer investigates the fraud and fuzzy legislation of retail security
  • Safer Internet Day – watch out for fake updates says Webroot
    Today, as you may have noticed, is Safer Internet Day, when vendors in the IT security world will almost certainly be appearing on the radio and TV explaining how to surf the net more securely. But, says Webroot, one of those vendors, users should watch – especially today – for fake updates to their security software.
  • Trend Micro expert releases internet security best practice schedule
    Hard on the heels of the unveiling of its new enterprise management services, Trend Micro's TrendLabs IT security research operation has revealed some interesting figures that show a dramatic rise in ID theft and associated malware infection rates.

News

Large majority unable to spot phishing sites

11 June 2009

An overwhelming majority (88%) of UK web users are unable to identify phishing online, according to a study commissioned by internet infrastructure services provider VeriSign.

The most frequently missed sign of phishing, was spelling mistakes, which duped 88% of the 2175 adult, UK respondents that took part in VeriSign’s survey. 57% missed the lack of the padlock symbol in the browser address bar, 34% were not warned off by the unspecified, numerical domain name in the URL, and a fifth were not put off by the request of additional account information, despite these being well-known phishing tricks.

“Phishing continues to be a major challenge for online businesses”, said Andrew McClelland, director of business development at the e-retail community body IMRG. “It takes only one phishing attack to dramatically reduce the web browsing public’s trust in an organisation. Once that trust is lost, it is very difficult to regain, and with competition just a click away, something that business cannot afford to lose.”

In order to further validate legitimate websites and to hamper phishing, security vendors and internet browsers have jointed forced to establish the Extended Validation standard for SSL Certificates.

Tim Callan, vice president of product marketing at VeriSign, explained: “By adopting Extended Validation, a site owner makes it easy for web users to see that the site they are on is genuine. When a shopper visits a site secured in this way, a high-security browser will trigger the address bar to turn green. For additional clarity, the name of the organisation listed in the certificate as well as the certificate’s security vendor is also displayed.”

How to spot phishing:

  • Https:// - check the site has an ‘s’ after the ‘http’;
  • Padlock icon – this should be in the browser interface and not on the actual website;
  • Trust marks – look for popular logos that identify the company and indicate that the website is authenticated and secure;
  • Web address – be suspicious of unknown domains where the name of the site you think you are visiting is in the latter part of the web address;
  • Green address bar – with the Extended Validation, the address bar turns green to show a site has undergone identity authentication.

VeriSign has set up a site where users can test their ability to spot phishing at www.phish-no-phish.com. Infosecurity notes it is perhaps more tricky than first assumed!

 

This article is featured in:
Internet and Network Security Malware and Hardware Security Public Sector

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Copyright © 2010
Elsevier Ltd. All rights reserved.
Terms & Conditions | Privacy | Website Design Working with water