Phishing scams: is the reality different to the perception?

Nearly half of people in the UK (46%) do not know what a phishing email is, new research by secure online payment provider PayPal reveals. With just over half of women (54%) claiming to know the term means, compared to three quarters of men over all who understand what a phishing email is (74%), PayPal is calling for more consumer education to be done.

The research, into the UK’s knowledge and awareness of phishing scams also revealed that people in the UK are so confused by phishing that just 4 in 10 people (42%) would actually be confident enough to explain what a phishing email is to someone else.

Phishing emails are bogus emails sent out widely to a host of email addresses asking the recipient for personal information, usually regarding their online credit card or bank accounts. If anyone responds to the email, they could find that money has fraudulent been taken from their account. When it comes to solving the problem of phishing emails, 64% of people believe that better education for people who shop online will solve the problem, whilst 39% say personal signing and encryption of all emails will stop phishing emails arriving in their in box.

Despite nearly half of people in the UK not fully understanding what a phishing email is, six in ten people (60% or 27.4 million) say they have received a phishing email at some point, with 66% of these people (18.1 million) receiving an email that looked as though it had come from their bank asking for personal information regarding their account. When these emails hit their in-box, 71% of these people just deleted the email straight away, a quarter (25%) forwarded it to their bank, whilst just 5% forwarded the email on to an anti-phishing internet site to be dealt with. The good news is that just 2% of people say they were fooled into responding to a phishing email.

Michael Barrett, Chief Information Security Officer from PayPal says: “Phishing emails are designed to target vulnerable people who perhaps do not know very much about using the internet. Phishers are using increasingly sophisticated ways to design phishing emails to lure people into thinking they have come from a trusted provider, such as their bank or credit card provider. The good news is that just 2% of people in the UK have fallen for these scams.

“If anyone is ever in doubt as to the authenticity of an email, and concerned it may be a phishing scam they should never click on the link embedded in the email. Instead open up a new safer browser and type out the link manually, this will let you know if the email is genuine or fake.

“When these emails bombard your in-box it can be tempting to just delete the emails and do nothing more about it, as our research revealed, this is what most of the population do. However, we should all work together to stop the problem, and the most effective way to do this is to alert the company, by forwarding the email to their anti-phishing taskforce such as spoof@paypal.com, so they can look into it and track the sender with a view to getting their sites closed down.”

5% of the population already take this type of action, but more people need to be taking proactive steps to help the industry deal with phishers. PayPal’s anti-phishing taskforce (or online security team) work closely with the authorities with the goal of shutting down the fake sites within 48 hours.

It is not just your credit card at risk: PayPal’s research into the UK’s awareness and knowledge of phishing scams also revealed that 22% of people are still unsure about how important banking login details are to a phishing scammer. Bank login details are just as useful to a phisher as a person’s personal credit card details, as it gives the phisher access to your online account.

Michael Barrett commented: “Our research reveals that the real problem surrounding phishing is slightly different to the perception of it. Most people (98%) can spot a phishing email and know not to respond to it. However, the high proportion of people who aren’t confident enough to explain this to their friends or neighbours would suggest there is room for error and further education is undoubtedly at the heart of the solution.”

Tips on how to spot a phishing email:

Generic greetings. Many spoof emails begin with a general greeting, such as: "Dear PayPal member." If you do not see your first and last name, be suspicious and do not click on any links or button.

A fake sender's address. A spoof email may include a forged email address in the "From" field. This field is easily altered.

A false sense of urgency. Many spoof emails try to deceive you with the threat that your account is in jeopardy if you don't update it ASAP. They may also state that an unauthorised transaction has recently occurred on your account, or claim PayPal is updating its accounts and needs information fast.

Michael Barrett added: “The good news, is that for everyone, and in particular the 2% who have at some point responded to one of these scams, there are plenty of things that they can do to protect themselves for the future and PayPal is working hard with parties across the industry to ensure that phishing becomes a thing of the past.”