UK users unable to detect phishing

McAfee Labs has released the McAfee Labs Threats Report: August 2014, revealing that phishing continues to be an effective tactic for infiltrating enterprise networks.

  • 10 years ago Posted in

Testing the ability of 18,000 business users globally in detecting online scams, the McAfee Phishing Quiz uncovered that 79% of the 1,755 UK participants failed to detect at least one of seven phishing emails. Furthermore, results showed that finance and HR departments, those holding some of the most sensitive corporate data, performed the worst at detecting scams.

Looking more closely at the UK’s performance in the McAfee Phishing Quiz:
· Only 7% of business users were able to identify whether a set of 10 emails were phishing emails or the real thing
· In almost every company surveyed, the accounting / finance and HR departments showed to be the least skilled in detecting phishing attempts at a 64% and 62% accuracy rates respectively
· Research and Development (R&D) departments proved to be the strongest at detecting phishing emails with 77% accuracy, followed closely by those in IT at 73%
· R&D workers in the UK performed significantly better at detecting phishing emails (77%) than the rest of the world (average of 66%); R&D departments worldwide also scored lower than their counterparts in the UK, achieving an average of 69%
· By a wide margin, the results show that business users in the UK are more likely to fall for a phishing attempt if it uses a spoofed sender email address – more than any other tactic tested. 62% of business users fell for an attempt that used a legitimate appearing email address from UPS; 52% for an email appearing to come from eFax


Since the last Threats Report, McAfee Labs has collected more than 250,000 new phishing URLs, leading to a total of nearly one million new sites in the past year. Not only did they see an increase in total volume, but a significant rise in the sophistication of the phishing attacks occurring in the wild. Results showed both mass campaign phishing and spear phishing to still be rampant in the attack strategies used by cybercriminals around the world. Meanwhile, the United States continues to host more phishing URLs than any other country.


“As highlighted by our latest report, phishing continues to pose significant security risks for businesses and consumers alike. More worryingly, perhaps, is the lack of education around how to spot a phishing email amidst the many emails we’re sent on a daily basis. But phishing is only a small drop in the wider security threat landscape, which is ever-changing and increasingly complex. It’s no longer enough to react to threats as and when they happen,” said Raj Samani, EMEA CTO, McAfee, part of Intel Security.


“One of the greatest challenges we face today is upgrading the Internet’s core technologies in order to make sure we’re on the front foot rather than a step behind cybercriminals. Prevention is the way forward if we are to truly combat the array of threats we’re seeing appear on a daily basis.”


Findings also revealed new cybercrime opportunities since the public disclosure of the Heartbleed vulnerability, as stolen data from the continuingly vulnerable websites is still being sold on the black market. Lists of unpatched websites have quickly become hit lists for cybercriminals and tools are readily available to mine unpatched sites. With these tools, it is possible to tie together an automated system that targets known vulnerable machines and extracts sensitive information.
Each quarter, the McAfee Labs team of more than 400 multidisciplinary researchers in 30 countries follows the complete range of threats in real time, identifying application vulnerabilities, analysing and correlating risks, and enabling instant remediation to protect enterprises and the public.


Additional Key Findings
· Operation Tovar: McAfee joined global law enforcement agencies and others to take down Gameover Zeus and CryptoLocker by blocking more than 125,000 CryptoLocker domains and sinkholing in excess of 120,000 Gameover Zeus domains. However, copycats are on the rise, creating new variants of ransomware or financial-targeting malware using the leaked Zeus source code.
· Growth in Malware: New malware samples rose by only 1% in the second quarter. However, with more than 31 million new samples, this was still the largest amount recorded in a single quarter. The total count of mobile malware increased by 17% in the second quarter, while the rate of new malware appears to have leveled off at about 700,000 per quarter.
· Network Threats: Denial of service attacks rose by 4% in the second quarter and remain the most prevalent type of network threat.
 

TMF Group, a leading provider of critical administrative services for global businesses, turned to...
Strengthening its cloud credentials as part of its mission to champion the broader UK tech sector...
Nearly all UK IT managers surveyed (98%) state cloud investment is an organisational priority for...
LetsGetChecked is a global healthcare solutions company that provides the tools to manage health...
Node4 to the rescue.
Commvault provides cloud-first organisations with greater choice and flexibility to protect and...
On the morning of September 20, Executive Director of the Board of Huawei and CEO of Huawei Cloud...
Global IT Business-to-Business (B2B) revenues, coming from data centers, IT services and devices,...