Technology companies are doing a poor job at protecting businesses and workers from phishing attacks, according to new reports from the University of Plymouth.
According to the report, just six per cent of phishing emails were labelled as spam or otherwise suspicious, while the rest made it to the victims’ email inboxes just fine.
The report also says that emails without links made it to the inbox somewhat easier, compared to those with links (75 per cent and 64 per cent respectively), but in both cases, most emails went through.
Professor Steven Furnell, leader of CSCAN, worked on the study with MSc student Kieran Millet and Associate Professor of Cyber Security Dr Maria Papadaki. He said: “The poor performance of most providers implies they either do not employ filtering based on language content, or that it is inadequate to protect users. Given users’ tendency to perform poorly at identifying malicious messages this is a worrying outcome. The results suggest an opportunity to improve phishing detection in general, but the technology as it stands cannot be relied upon to provide anything other than a small contribution in this context.”
Phishing is a fraud practice in which hackers try to trick victims into clicking links or downloading malicious content via email. If the victim indeed runs a downloaded file, or clicks a link within the email, they risk infecting their machine and, consequently, their business.