Cloudmark announced the results of a survey conducted on its behalf by YouGov, which revealed that public confidence in consumer brands is dramatically affected by phishing attacks, with 42% of people surveyed feeling that their trust in a brand would be greatly reduced if they received a phishing email claiming to be from that company.
The survey also showed that the majority of consumers feel that the responsibility for protection against phishing attacks lies with themselves, their service provider and the service provider that transported the phishing emails.
Phishing attacks are email scams that attempt to defraud consumers of their personal information, such as bank account details or social security numbers, by pretending to have been sent by a trustworthy entity such as a bank or credit lender.
The survey revealed that:
- 42% of respondents surveyed feel that the trust in a brand would be greatly reduced if they received a phishing email claiming to be sent by that brand.
- 41% of those surveyed felt that their trust in a bank would be greatly reduced if they received a phishing email claiming to be from that company, compared to 40% who felt the same for an ISP, 36% for an online shopping site and 33% for a social networking site.
- 26% of those surveyed feel that they are the party most responsible for protecting themselves from phishing attacks, with 23% believing their Internet Service Provider (ISP) or email service provider is the most responsible and 17% thinking that the sender’s ISP and email service provider holds the greatest responsibility.
"Phishing is a highly sophisticated and well orchestrated form of crime. The gangs behind these attacks work to compromise financial information via e-mail scams and then propagate that information into a highly stratified and efficient economy, selling the data on to those who will profit from the accounts," commented Neil Cook, UK technology chief at Cloudmark. "Earlier this year we conducted research into the effect that phishing has on the individual that found consumers were still extremely concerned about falling victim to such a scam. What is interesting to note from these results is that well-known brands are also suffering, with phishing attacks having a detrimental effect on their reputation. This knock-on effect will be particularly worrying for the banks, who rely on a high degree of trust with their customers."
In addition to the YouGov survey, Cloudmark's own research team today released results showing that Natwest Bank was the most phished brand in the UK during October 2007.
The research was collected using Cloudmark's user base, which consists of 260 million mailboxes. Cloudmark's research also indicates that across Europe, the majority of unique phishing websites are created using the top level domain associated with the United Kingdom, .uk.
"Not only are we seeing evidence of more .uk phishing URLs, but also a shift in phishing techniques. Vishing is a good example of this where the scammers use cheap VoIP call centre systems as the back end to their phishing attacks, which changes the whole dynamic of trust," commented Cook. "The example we've seen on our database was a message attack that appeared to be a notification from the recipient's bank requesting they ring customer services to deal with a problem. If the recipient makes the call, it gets routed to a cheap VOIP answering system, which may have been set-up on a compromised host. The system captures the user ID and pincode to sell on to the highest bidder, who then has full access to your account. All the while the call seems very genuine. The reassurance of speaking to an individual rather than working online will lead to many instances of consumers falling foul to such threats."
"Whilst awareness to the problem is essential, it is unrealistic to expect businesses to be able to secure themselves fully against such sophisticated criminal activities. The increasingly dynamic and transient nature of the latest threats requires a combination of desktop protection at the client level, and accurate message filtering from ISPs. By including comprehensive phishing detection ISPs will help ensure protection against the latest threats and outbreaks," commented Nigel Stevens, Product Director, THUS plc.