Press releases

Phishing sites go undetected by almost three quarters of consumers

71% failed to identify a fraudulent website in ‘spot the difference’ test

London, UK, February 11, 2020 – Fake websites set up by cyber criminals to steal money or personal information are more convincing than ever, according to new research from Avast, a global leader in digital security products. The survey asked respondents to correctly identify the ‘phishing’ site from two seemingly identical screengrabs taken from a household name ecommerce site, and only 29% answered correctly. The slogan for this year’s Safer Internet Day is “Together for a better internet” and Avast is advising consumers on how to spot and deal with malicious cyber threats. 

The research also asked consumers if they had ever fallen victim to phishing personally; with 14% saying they had, but a larger proportion admitting they weren’t sure; highlighting a lack of understanding on what phishing looks like and how to spot the signs of an attack. The survey also asked those who had fallen victim to identify the type of attack they experienced. Email phishing was the top answer (55%), followed by a phishing website (39%). Telephone phishing, often referred to as a ‘call centre scam’ was experienced by more than a quarter (27%).

Pete Turner, Chief Revenue Officer at Avast said, “This research proves how much effort cyber criminals are prepared to go to, to convince you that an email or website is genuine. Clearly they are doing a good job, as the overwhelming majority of those we surveyed were not able to correctly identify a genuine website. This is worrying, as phishing attacks can have significant financial and emotional consequences. This Safer Internet Day we want to highlight this issue, and offer easy to follow tips to ensure they don’t fall victim to phishing scams.”

18-34 year olds were the group most likely to have fallen victim to a phishing attack, with 56% admitting they’d been targeted; in contrast only 6% of 55+ respondents said they’d fallen victim. Interestingly, those in the 18-34 age group were more likely than other groups to correctly identify the genuine website from the two images shown.

Turner concluded, “Anyone can fall for a phishing scam. Although our research shows those in the younger age groups are falling victim more frequently, this is probably proportionate to the amount of time they spend online vs those aged 55 or over. This study shows how difficult it can be to spot the difference between a real and fake website, so we recommend that people follow some key steps to avoid getting caught out.”

  1. Double check the link

Before clicking any link, hover your cursor over it and and look at the bottom left corner of your screen where the URL is displayed. It might look genuine, but if it’s not you might spot a instead of an l, or .net instead of .com. if you see anything suspicious, do not enter any personal information. Apps are not immune from scammers either, Avast has found fake apps on the Google Play Store, so we recommend downloading apps from the retailer’s website to be sure they’re genuine.

  1. Check for https

When you look at the URL and see the letters http, look out for an ‘S’ at the end, and a padlock icon in the address bar. This means the site is secure and has been verified. We do not recommend you entering any personal information on a site without this verification.

  1. 3. Install antivirus

If you don’t have antivirus on your computer or other devices, you can download software for free to quickly become protected. Make sure you download the latest updates to this software when prompted. This type of software can detect phishing emails and websites

  1. Don’t open attachments or click on links from unsolicited emails

If something doesn’t look right with an email, perhaps it has spelling mistakes, you don’t recognize the address it comes from, or it addresses you as ‘dear valued customer’ instead of using your name, it’s probably a phishing email, or may contain a link to a phishing site. Don’t open any links or attachments from emails like this as you could be putting your personal information at risk.

 Notes to Editors:
*The survey, carried out by Toluna on behalf of Avast in November 2019, surveyed 1000 respondents in the UK