Top 5 Users' Myths about Phishing
Below you'll read the top 5 misconceptions about phishing and internet fraud.
Myth 1: Educated users can detect that an email is phishing
Over the last year, as awareness about phishing has increased, people have
improved their phishing detecting skills. However the problem still exists.
Percentage of victims is lower than a year ago but when the messages are so
professional and since they look like the real messages we all receive now and
then, they are easily considered genuine.
A few examples:
 |
Messages showing familiar personal details such as real address;
names of users' family members, employer or a co-worker etc. are perceived as
legitimate. Many people respond to questionnaires by providing personal details
about their employment or family members. These details may later be used as
personalized phishing "bait". |
|
Phishing is most successful among the Elderly. Many of these
people trust messages they receive unquestionably. |
|
Messages that relate to an action recently taken, such as
bidding in an auction and loosing the bid, may instigate sophisticated phishing
messages offering the same item at the same bidding price. |
For more information about who's in danger of falling prey to Phishing scams
please read the 
article entitled:
"Research reveals phishing hooks"
Myth 2: Spam filters and anti-phishing filters can detect phishing messages
Spam filters and anti-phishing filters can reduce the number of phishing
messages but cannot stop them. Filtering personalized messages requires complex
technologies and the scammers are usually one step ahead of the filters.
Myth 3: Using lists of phishing URLs can automatically protect users from
phishing
The use of phishing URL lists helps when a user tries to access a site which
has already been detected.
There are two main problems with this approach:
|
It takes time to detect a phishing site and to update the list.
During that time users are exposed to phishing attacks from the site. A delay
of a few hours in detecting a site enables it to trap hundreds of phishing
victims. Since the lifetime of a phishing site is short (most sites disappear
within 24 hours), once the list is updated, the site might no longer be in
existence. |
|
Most of the sites are not detected within reasonable time. Every
day more than 400 new phishing sites appear, many of them in places difficult
to monitor. Good lists detect 150-200 new sites daily. |
Myth 4: The site is responsible for protecting its users from phishing
Although sites have liability to protect users when they login to their account
on the web, the site is not responsible for direct losses when users did not
take reasonable steps to protect themselves and it is never responsible for
indirect losses. The users must protect themselves. Even if some direct money
losses are reimbursed - the bad personal feeling; the time and energy spent;
reputation and credit history rehabilitation make it a traumatic experience.
Myth 5: All anti-phishing solutions are not effective
Most anti-phishing solutions are not effective. Only CallingID Toolbar
automatically protects users from becoming scam victims. This solution
automatically detects known phishing scams in real-time. In addition it
automatically provides the user with valuable information: who owns the site
receiving the information he submits and a confirmation that this owner is a
real organization. When the user sees that the entity receiving the information
is different than expected or that there is a potential risk in sending
information to that site he should reconsider. CallingID provides all the
required information for the user to decide whether it is safe submitting
personal and confidential data to a site before the data is submitted.