A Quarter of UK Adults Have Fallen for Phishing Scams

• 25% admit to having fallen for a scam email or text in the past
• Less than two in five (39%) can correctly identify if a bank email is genuine or not
• One in ten (12%) were fooled by a bank phishing email ‘test’
• 16 – 24 year olds are more than twice as likely (25%) to fall for a scam email than the average UK adult (12%)

Have you ever fallen for a phishing attempt? Turns out you’re not alone; a staggering one in four (25%) UK adults have been scammed online in the past, with less than two in five (39%) able to correctly identify whether an email from their bank is genuine or not, and one in ten UK adults at risk of having sensitive information stolen online, new research has found.

In light of multiple, recent, high-profile cyber attacks, tech solutions company MISCO has tested the nation’s ability to spot whether an email is real or fake. Phishing attempts can be incredibly hard to identify, as hackers mimic official email templates, branding and language, as well as use technology which hides or disguises the sender’s name.

Using screenshots of both real and fake emails and texts from banks, online money transfer services, and Apple’s iCloud, this research highlights how easy it can be for adults to fall for scam emails.

When asked to identify whether two near identical emails (one real, one fake) showing an online account statement update for a bank account were real or fake, 12% were fooled by the phishing email, believing it to be legitimate. Those aged 16 – 24 were twice as likely to be duped, with 25% of this age group believing the fake email was genuine. Almost two-thirds (61%) though, believed both to be fake, even though one was authentic.

Only 60% of those surveyed were able to correctly identify another phishing email as fake, this time a supposed security update from a bank.16% believed the email to be authentic, while a quarter (24%) admitted they were unsure as to whether it was real or not. Fake emails posing as security updates often require customers to log in to a fake site with their details, which gives hackers free rein to their passwords and security information.

Users of online money transfer services, such as PayPal, are also at risk of falling for scam emails. 12% of those surveyed were duped by a hoax email pretending to be from PayPal, and only two in five (42%) were able to correctly identify when an email from the service was genuine. However, it seems the nation is much more savvy when it comes to phishing attempts by text; 72% were able to correctly identify all three examples as scam texts.

When asked if they had ever fallen for a scam email or text, 25% admitted to being duped in the past, with 6% having money stolen from them as a result, and 4% losing personal details.

The most common ways people try and identify whether an email is fake or not is looking for an official email address (67%), checking for spelling mistakes (66%), checking for their name (50%) or account number (52%) and looking for T&C (29%).

22 year old Emma from Leeds, lost £300 when she fell for a scam text. “I got a text from 02, saying I hadn’t paid my contract for the month. Normally my mum paid, and I transferred her the money, but she was away at the time and I didn’t want to bother her. The contact on my iPhone said it was from 02[1], rather than a random number, so it seemed legitimate, and it had a link which took me to an official looking page asking for bank details. I realised a few days later I’d had £300 taken from my account.”

Afsar Chaudhury, Misco Practice Lead – Network & Security, at MISCO commented on the research findings: “We live in a digital age, where everything from our boarding passes to our bank accounts are accessed online. This makes it easier for hackers to gain access to our details, and this is shown in the increasing level of sophistication that goes into phishing emails.

“Looking out for certain clues, such as poor spelling or grammar, and high levels of impersonalisation, can prevent you from falling for phishing attempts. Services will never ask you to enter your details through a message, so avoid clicking those links or sending across personal information in a message.

“We recommend using a different, secure password, for each account you hold and changing them regularly, as this makes it harder for your accounts to be hacked into. Regularly updating the security software on your computer too can stop any malware in its tracks, in case you do accidentally click through on a phishing link.”

Tips to avoid falling for a phishing attempt

• Look for your name, account information, or personal details. Hackers do not have these, and send out blanket emails hoping you will glance over and enter your details
• Check for grammar and spelling mistakes, as phishing emails don’t go through the rigorous proofing process that official emails do
• Access your account directly through the website, rather than through a link, when checking for updates and notifications
• Forward any emails you suspect are fake to Action Fraud, a service dedicated to shutting down fraud and cybercrime, as well as marking them as spam in your inbox
• Call the company in question if you are still unsure whether an email is real or fake

For more advice on avoiding a phishing hoax, visit http://www.misco.co.uk/blog/news/03972/How-to-spot-phishing-scams

• 25% admit to having fallen for a scam email or text in the past
• Less than two in five (39%) can correctly identify if a bank email is genuine or not
• One in ten (12%) were fooled by a bank phishing email ‘test’
• 16 – 24 year olds are more than twice as likely (25%) to fall for a scam email than the average UK adult (12%)

Have you ever fallen for a phishing attempt? Turns out you’re not alone; a staggering one in four (25%) UK adults have been scammed online in the past, with less than two in five (39%) able to correctly identify whether an email from their bank is genuine or not, and one in ten UK adults at risk of having sensitive information stolen online, new research has found.

In light of multiple, recent, high-profile cyber attacks, tech solutions company MISCO has tested the nation’s ability to spot whether an email is real or fake. Phishing attempts can be incredibly hard to identify, as hackers mimic official email templates, branding and language, as well as use technology which hides or disguises the sender’s name.

Using screenshots of both real and fake emails and texts from banks, online money transfer services, and Apple’s iCloud, this research highlights how easy it can be for adults to fall for scam emails.

When asked to identify whether two near identical emails (one real, one fake) showing an online account statement update for a bank account were real or fake, 12% were fooled by the phishing email, believing it to be legitimate. Those aged 16 – 24 were twice as likely to be duped, with 25% of this age group believing the fake email was genuine. Almost two-thirds (61%) though, believed both to be fake, even though one was authentic.

Only 60% of those surveyed were able to correctly identify another phishing email as fake, this time a supposed security update from a bank.16% believed the email to be authentic, while a quarter (24%) admitted they were unsure as to whether it was real or not. Fake emails posing as security updates often require customers to log in to a fake site with their details, which gives hackers free rein to their passwords and security information.

Users of online money transfer services, such as PayPal, are also at risk of falling for scam emails. 12% of those surveyed were duped by a hoax email pretending to be from PayPal, and only two in five (42%) were able to correctly identify when an email from the service was genuine. However, it seems the nation is much more savvy when it comes to phishing attempts by text; 72% were able to correctly identify all three examples as scam texts.

When asked if they had ever fallen for a scam email or text, 25% admitted to being duped in the past, with 6% having money stolen from them as a result, and 4% losing personal details.

The most common ways people try and identify whether an email is fake or not is looking for an official email address (67%), checking for spelling mistakes (66%), checking for their name (50%) or account number (52%) and looking for T&C (29%).

22 year old Emma from Leeds, lost £300 when she fell for a scam text. “I got a text from 02, saying I hadn’t paid my contract for the month. Normally my mum paid, and I transferred her the money, but she was away at the time and I didn’t want to bother her. The contact on my iPhone said it was from 02[1], rather than a random number, so it seemed legitimate, and it had a link which took me to an official looking page asking for bank details. I realised a few days later I’d had £300 taken from my account.”

Afsar Chaudhury, Misco Practice Lead – Network & Security, at MISCO commented on the research findings: “We live in a digital age, where everything from our boarding passes to our bank accounts are accessed online. This makes it easier for hackers to gain access to our details, and this is shown in the increasing level of sophistication that goes into phishing emails.

“Looking out for certain clues, such as poor spelling or grammar, and high levels of impersonalisation, can prevent you from falling for phishing attempts. Services will never ask you to enter your details through a message, so avoid clicking those links or sending across personal information in a message.

“We recommend using a different, secure password, for each account you hold and changing them regularly, as this makes it harder for your accounts to be hacked into. Regularly updating the security software on your computer too can stop any malware in its tracks, in case you do accidentally click through on a phishing link.”

Tips to avoid falling for a phishing attempt

• Look for your name, account information, or personal details. Hackers do not have these, and send out blanket emails hoping you will glance over and enter your details
• Check for grammar and spelling mistakes, as phishing emails don’t go through the rigorous proofing process that official emails do
• Access your account directly through the website, rather than through a link, when checking for updates and notifications
• Forward any emails you suspect are fake to Action Fraud, a service dedicated to shutting down fraud and cybercrime, as well as marking them as spam in your inbox
• Call the company in question if you are still unsure whether an email is real or fake

For more advice on avoiding a phishing hoax, visit http://www.misco.co.uk/blog/news/03972/How-to-spot-phishing-scams