23% of Internet Users Susceptible to Spear Phishing Attacks

The Intrepidus Group, a consultant for information security, recently conducted a study on 69,000 employees across the world, according to which 23% of Internet users are susceptible to spear phishing attacks.

The study also revealed that both women and men equally became victims of phishing assaults. Astonishingly, 60% of corporate employees who were victimized in spear phishing sent back replies to the fraudulent phishing e-mails in an average of three hours. Furthermore, people took less precaution while clicking on web links compared to when they were asked to furnish confidential data, according to Intrepidus.

Examining the statistics, some e-mail security experts stated that the study results were alarming, while others said that the figures were not high enough. Nevertheless, according to one expert, spear phishing messages duped nearly 70% of users.

Besides this, the study further found that phishing assaults were 40% more effective with authoritative messages like appearing to be sent from the IT department or from one's superior, instead of being sent from someone allegedly announcing a prize.

Explaining why this is so, security analysts say that the US culture is created around authority. If someone authoritatively tells Americans to do something, they will most likely do that without thinking again.

Moreover, Intrepidus views the current recession as a major reason for the growth in phishing scams. Since recession is deepening and unemployment soaring, security specialists warn that cyber criminals would constantly exploit the current financial meltdown to scam end-users with bogus financial transactions services, deceptive legal services, and fake investment companies.

The study further emphasizes the fact that many Internet users do not know about e-mail attacks that may use various types of phishing. Hence, the security researchers suggested corporations to keep spreading awareness of such attacks as well as ways to tackle them among their employees.

Meanwhile, the researchers also stated that there was an increase in spear phishing attacks against social-networking websites because of lax security on these sites. To cite an instance, they recalled the spear phishing incident against the social network LinkedIn in October 2008 that targeted 10,000 users.

Related article: “Loopholes did not cause online banking thefts”: ICBC

» SPAMfighter News - 3/17/2009