Aussies Caught Out In Phishing Scams

A new survey claims that Australians have problems differentiating between real and false websites

VeriSign’s YouGov survey of 8000 people shows that up to 86 percent of Australians didn’t know the difference between a real website, and one set up as part of a phishing scam.

Phishing is where cybercriminals set up a website – usually that of a financial institution – that looks exactly like a real website run by the bank or building society. The criminals then send out emails telling people that their banking details have been compromised, send consumers a link to the bank’s “website”, and ask people to send their passwords so the “bank” can secure their account. Of course, all they do is empty the bank account.

The survey showed that Aussies were one of the most vulnerable nations, alongside the United Kingdom and United States, whilst the residents of Germany and Sweden are the savviest in protecting their identities and personal details.

Despite targeted education efforts by banks and online retailers alerting customers not to share their personal information online, almost a quarter (23 percent) of Australians still fall into this trap.

The research revealed that 45 – 54 year olds were 25 percent less likely to spot a fake website than other age groups. Different age groups were susceptible to different forms of scams; the over 65 year olds are more than twice as likely to fail to check that they are entering their details into a site that has the correct URL, with 43 percent failing to pick up the inaccurate URL addresses. This statistic compares to 16 percent of the savvier 18-24 year olds who performed strongly on this point.

The younger age group, however, is more likely to respond to scare tactics to give away their personal details with more than a quarter (26 percent) failing to identify the fake phishing website. Across the board, spelling mistakes were overlooked as being a clear indicator of a fake website, with 87 percent of respondents missing the obvious errors that would never be found on a valid company site.

The following features will help consumers figure out a real site from a scam:

  • https:// The “s” in https:// means the site is encrypted, so the information you enter is secured. While some phishing sites do have a secured Web address, many do not. Therefore, site visitors should be on the lookout for missing security on sites that should have it.
  • The padlock icon: To be meaningful this icon must appear in the actual browser interface and not inside the content of the page itself.

  • Trust marks: Simple visual cues in the form of popular logos can show that a Web site is authenticated, secured, and the company is reputable.

  • Check the Web address: Be suspicious of any site with an unknown domain that contains the name of a well known site in the latter part of the Web address.

  • Green address bar: This signifies that this site has undergone extensive identity authentication so that you can be confident it is the site it claims to be