According to a survey carried out on behalf of Cloudmark, consumer confidence in brands would be severely dented by a phishing attack. Banks are most at risk, but ISPs, online shopping sites, and even social networking sites, would also see a fall in consumer confidence after a phishing attempt.
Phishing is an online scam where emails are sent to members of the public, supposedly by a bank. The emails request personal information such as account numbers, card numbers, and PIN codes. This information is then sold to the highest bidder, giving them full access to the account.
Of respondents, 42% felt that trust in a brand would be greatly reduced in the wake of a phishing attempt. Of those surveyed, 41% claimed trust in a bank would be greatly reduced by a phishing attack, while 40% said the same about an ISP. This figure falls for online shopping sites and social networking sites to 36% and 33% respectively.
There is no clear answer regarding the responsibility for protecting people from phishing attacks. Of respondents, 26% felt it was their duty to protect themselves, while 23% felt it was the responsibility of their ISP or email service provider. Slightly fewer respondents, 17%, felt that it was the duty of the sender’s ISP and email service provider to stop the emails from being sent in the first place.
There is no agreement about where the responsibility lies in terms of whose duty it is, but ISPs offer a security package with their products, said Adam O’Donnell, director of emerging technologies at Cloudmark. They are actively trying to reduce the amount of spam received by their customers, because this means they can reduce costs in terms of the number of people employed to deal with customers’ queries about the levels of spam they receive.
Phishing techniques are evolving and becoming more sophisticated, with Cloudmark reporting that throughout Europe, the majority of web sites used in phishing emails now carry the domain associated with the UK: .uk.
A technique called vishing is also increasing. The email or telephone call will request that a customer telephones their bank to discuss irregular use of their account. When the number is dialed, the customer is routed to a VoIP system and asked to enter sensitive information. Although a very small part of the problem, it is an effective method. People expect to be contacted by phone and trust it more because it’s a system that is actually tied to a location and they believe a real person is at the other end, said O’Donnell.
Cloudmark protects 8 million mailboxes in the UK, out of a total of 260 million worldwide. It uses intelligent algorithms in its security system, so that when a client reports an email as spam, it is able to detect whether the email is actually spam or not. O’Donnell said this gives the company a 98% or 99% success rate in terms of identifying spam. It also uses feedback from its clients when identifying spam or phishing attempts so the system is updated on a minute-by-minute basis.
O’Donnell said vigilance from the customer that is the safest way to deal with spam and phishing attacks. There is no reason to click on any links or dial any numbers contained in an email, he said. If you get an email from your bank, simply open your internet browser and access their web site that way.
Neil Cook, UK chief of technology for Cloudmark, said the findings of the survey will be particularly worrying for banks, who he said rely on a high degree of trust with their customers.