Most of us probably think we’re pretty savvy when it comes to phishing emails and scam SMS messages. We can spot those unsolicited emails asking us to send a deposit to an overseas bank account a mile off, so we’re not at risk, right? Well, maybe not, unless you’re part of the 5% of Britons who can spot scams with unerring accuracy.
To test the British public’s ability to see through inbox tricks and schemes, we curated a series of phishing and genuine emails. If you’d like to discover how savvy you are when it comes to separating the fakes from the authentic messages, simply give our test a go.
So, how did you do? Was it a lot more difficult than you imagined? As the public grows increasingly wary of fake emails, fraudsters are having to incorporate more sophisticated techniques to lower our defences and get us clicking through. So, even those of us on high alert are susceptible to phishing schemes and fake emails.
How did the British public perform?
We invited 1,000 members of the British public to try out our phishing quiz, and discovered that only 5% of respondents answered all 10 questions correctly – meaning that only this small portion are switched on to phishing scams and could consistently tell the difference between fake emails or texts and the real deals.
In fact, it appears that the British public are too sceptical when it comes to their inbox – with the majority labelling the genuine emails as fakes. Only 44% of people taking the quiz were able to identify the authentic emails, erring on the side of caution and marking most messages as spam. Whilst there are undoubted benefits to being cautious, this could lead to people missing important messages from banks, businesses and online contacts.
Our findings also revealed that Britons were more likely to fall foul of phishing tactics in SMS messages than emails. This suggests the average person is more trusting of their phone inbox and not quite so suspicious of illegal activity. However, with many of us incorporating one-touch payment on our smartphones, it is just as important to stay vigilant wherever scam messages are appearing.
Messages purporting to be from trusted sources and websites that we use every day, such as Facebook, appear to receive less scrutiny than messages from sources people use less frequently.
In our quiz, we placed a Facebook message which had a dodgy-looking email address and no personalisation. Despite these warning signs, it was the fake email most people trusted. At the opposite end of the scale, our Uber-style email was completely authentic and even offered information such as the IP address and recipient’s name – and yet, still it was the authentic email which received the highest proportion of ‘mark as spam’ clicks.
These results suggest that many people still rely on soft indicators, such as the brand, rather than strong indicators like mail address, personal information and other trust factors.
The phishing email warning signs to look out for…
Whilst all phishing emails are different and, as mentioned above, always evolving, there are some tell-tale signs to look out for.
Fake email address – Check the email address of the sender first. Sometimes they are obviously fake (firstname.lastname@example.org, for example), but they can be a little trickier. The domain name (the bit after the @ sign) should be the same as the URL the business uses – only authorised personnel use these email addresses. Any other type of email should be viewed with scepticism.
Spelling mistakes and grammar errors – Legitimate businesses are more likely to have a robust editorial process in place, so obvious errors should be a give-away that this is a scammer.
Preview the links – If the email is prompting action by clicking a link, you can test the waters before clicking. Hover over a link and the target URL will appear at the foot of your page. If you don’t recognise the URL in the link, don’t click. Use the business’ website or a contact number to doublecheck if this message and the content is legitimate first.
Check for personal details – If you have an account with the business contacting you, they should either address you personally or reveal some form of identification (username, account number, etc.). If there is nothing to personalise the message to you, it’s quite likely a scam email sent out to a huge database of addresses.
And, of course, always use common sense. If a business emails out of the blue when they haven’t been in contact for a long time, or they are asking for something that doesn’t seem to fit into the service they provide, there’s a good chance this is a scam.
We hope this quiz and guide has been helpful, providing a few tips to spotting phishing emails. If you’re keen to ensure your outdated hardware and software is managed in a safe, secure and responsible way, get in contact with the CDL team today.