MISCO study finds a quarter of UK adults have fallen for phishing scams
Tech solutions company MISCO has found in a study that a staggering one in four (25 per cent) UK adults have been scammed online in the past, with less than two in five (39 per cent) able to correctly identify whether an email from their bank is genuine or not, and one in ten UK adults at risk of having sensitive information stolen online, new research has found.
In light of multiple, recent, high-profile cyberattacks, MISCO tested the nation’s ability to spot whether an email is real or fake. Phishing attempts can be incredibly hard to identify, as hackers mimic official email templates, branding and language, as well as use technology which hides or disguises the sender’s name.
Using screenshots of both real and fake emails and texts from banks, online money transfer services, and Apple’s iCloud, this research highlights how easy it can be for adults to fall for scam emails.
25 per cent admit to having fallen for a scam email or text in the past
When asked to identify whether two near identical emails (one real, one fake) showing an online account statement update for a bank account were real or fake, 12 per cent were fooled by the phishing email, believing it to be legitimate. Those aged 16 – 24 were twice as likely to be duped, with 25 per cent of this age group believing the fake email was genuine. Almost two-thirds (61 per cent) though, believed both to be fake, even though one was authentic.
Only 60 per cent of those surveyed were able to correctly identify another phishing email as fake, this time a supposed security update from a bank.16 per cent believed the email to be authentic, while a quarter (24 per cent) admitted they were unsure as to whether it was real or not. Fake emails posing as security updates often require customers to log in to a fake site with their details, which gives hackers free rein to their passwords and security information.
Users of online money transfer services, such as PayPal, are also at risk of falling for scam emails. 12 per cent of those surveyed were duped by a hoax email pretending to be from PayPal, and only two in five (42 per cent) were able to correctly identify when an email from the service was genuine. However, it seems the nation is much more savvy when it comes to phishing attempts by text; 72 per cent were able to correctly identify all three examples as scam texts.
Less than two in five (39 per cent) can correctly identify if a bank email is genuine or not
When asked if they had ever fallen for a scam email or text, 25 per cent admitted to being duped in the past, with 6 per cent having money stolen from them as a result, and 4 per cent losing personal details.
The most common ways people try and identify whether an email is fake or not is looking for an official email address (67 per cent), checking for spelling mistakes (66 per cent), checking for their name (50 per cent) or account number (52 per cent) and looking for T&C (29 per cent).
Twenty-two year old Emma from Leeds, lost £300 when she fell for a scam text. “I got a text from 02, saying I hadn’t paid my contract for the month. Normally my mum paid, and I transferred her the money, but she was away at the time and I didn’t want to bother her. The contact on my iPhone said it was from 02, rather than a random number, so it seemed legitimate, and it had a link which took me to an official looking page asking for bank details. I realised a few days later I’d had £300 taken from my account.”
One in ten (12 per cent) were fooled by a bank phishing email ‘test’
Afsar Chaudhury, Misco Practice Lead – Network & Security, at MISCO commented on the research findings: “We live in a digital age, where everything from our boarding passes to our bank accounts are accessed online. This makes it easier for hackers to gain access to our details, and this is shown in the increasing level of sophistication that goes into phishing emails.
“Looking out for certain clues, such as poor spelling or grammar, and high levels of impersonalisation, can prevent you from falling for phishing attempts. Services will never ask you to enter your details through a message, so avoid clicking those links or sending across personal information in a message.
“We recommend using a different, secure password, for each account you hold and changing them regularly, as this makes it harder for your accounts to be hacked into. Regularly updating the security software on your computer too can stop any malware in its tracks, in case you do accidentally click through on a phishing link.”