Pretty much all of us have received a phishing message at least once in our lives. But what is phishing? It’s when someone pretending to be someone else (usually a well-known business) contacts us to get us to click a link, download an attachment, or give up personal information. In short, it’s a type of scam – one of the most sophisticated scams there is. Every year, phishing affects millions of people and large corporations.
As scammers get better at disguising themselves and tricking people, how many people are falling for it? Does the media coverage of major phishing scandals (like Hillary Clinton's emails) make the American public better at identifying a scam? We surveyed over 900 people about their knowledge of phishing and analyzed data from the FBI Internet Crime Report to see how cybercrimes have changed over time. Keep reading to see what we found.
Increased Threat
Our society has largely turned digital. And while technology has expanded businesses, connected people, and led to lifesaving innovations, it makes users incredibly vulnerable to cyberattacks. New scams are constantly making headlines, warning users to stay away from specific links, emails, and even personal messages. But compared to other threats, is phishing increasing?
Between 2015 and 2018, the total number of victims affected by phishing scams increased by 59%, making it the sixth-largest increase over those years. While business email compromise or email account compromise (BEC/EAC) increased by 160%, there were a significantly greater number of victims affected by phishing in 2018. Compared to 20,373 victims of BEC/EAC, phishing affected 26,379 people in 2018.
What Is Phishing?
Phishing is so rampant, but according to our survey, we can cross off ignorance as one of the reasons people fall for it. Of the 933 people we surveyed, 96 percent claimed to know what phishing is. And when we asked them to match phishing with its definition, 88 percent got it right.
“Phishing are unsolicited emails, text messages, and phone calls purportedly from a legitimate company requesting personal, financial, and/or login credentials.”
While knowing what phishing is can help people avoid becoming victims, it may not always prevent people from falling for it. Like we said earlier, phishing is sophisticated. There are psychological tactics scam artists employ to trick their victims, even if the victims know exactly what phishing is.
Not Just Emails
Phishing is incredibly widespread and well-known – after all, the technique began through email back when AOL was the top provider. To this day, email remains the largest source of phishing scams, and the public seems to be aware. Only 2% of respondents said they didn't believe phishing took place over email. However, they were a bit more ignorant when it came to other mediums. While 30% said they didn't believe phishing occurred over social media, these platforms have become increasingly susceptible to cyberattacks, including phishing.
Aside from emails and social media, scammers also infect devices and gather personal information. This is often done through malware, or fraudulent software that attacks your computer rather than protects it. While phishing through malware is also risky for the hacker – it's expensive and easily traceable – the method is often sophisticated enough to take over a victim's entire computer. From copying keystrokes and watching every page opened to recording through the camera and microphone, malware gives hackers access to everything. Despite the severity, 47% of respondents said they don't believe phishing can take place over fraudulent software.
TIP: The best way to protect yourself from identity theft is to use one of the best identity theft protection services
Beliefs about phishing also seem to be heavily tied to generation. While baby boomers associated phishing with email, 41% didn't believe it could be done over social media, and nearly 60% percent didn't associate phishing with fraudulent software. On the other hand, while 3% of millennials didn't believe phishing could occur over email, three-fourths said it could happen over social media, and 56% percent thought it could take place through fraudulent software.
Avoid the Hook
Knowing about phishing and identifying a phishing attempt isn’t the same. While 88% of the respondents matched phishing to its definition, when put to the test, only 5% were able to identify all phishing emails we presented to them. Alarmingly, 12% got them all wrong.
For this test, we showed the respondents six emails. Four of those were phishing emails, while only two were legitimate.
>> Also see: Explaining the Pig Butchering Scam
Of the five scam emails, the one purportedly from Microsoft was the easiest to spot, as 74% got it right. The rest – a Google Slides email, a fake highschool email, and a Google Docs link – proved too difficult to spot for the majority of the respondents. More than 60% tagged those emails as legitimate.
On the flip side, 68% and 69% of respondents were able to identify legitimate emails from Spotify and iCloud, respectively. While hackers are becoming increasingly savvy at making illegitimate emails appear real, there are specific signs that can prevent people from being victims.
Assessing Accuracy
Identifying a phishing email was slightly easier for Gen Xers – while 39% of baby boomers and millennials were able to spot a phishing scam, 41% of Gen Xers could as well. Despite the slim difference between generations, baby boomers were the most likely to identify fake Google Doc links, while Gen Xers were the most likely to identify a phishing email from Microsoft Support.
Experience typically increases people's ability to differentiate the real from the fake, but with scammers always one step ahead of the public, time doesn't seem to be on the generations' side. Considering this, exposure may be paramount for identifying cyberattacks. Taking online quizzes that stay up to date with the latest methods may help people be more familiar with potential scams.
Signs of a Scam
Gathering advice from those who nailed every question, we were able to narrow down the top ways to avoid phishing scams. Eighty-six percent of the people said they abstain from clicking, downloading, or opening anything from an anonymous sender. A majority also said they use an email spam filter and ignore any email whose sender is unfamiliar.
Expecting perfection from companies was also a useful tactic – those who got every question right were 31 percentage points more likely to say that they avoid phishing scams by distrusting any email with typos. Along with these tips, the Federal Trade Commission urges consumers to be aware of emails that alert recipients of suspicious activity or login attempts, claim there's a problem with an account or payment, or ask for personal information confirmation.
>> Related: Is OnlyFans Safe?
Staying Cyber-Safe
Phishing has been around since the dawn of the internet. What started as AOL messages and emails requesting account and payment verification has turned into illegitimate emails, social media messages, and even software programs.
As hackers get increasingly skilled in masking their scams, the American public struggles to identify the real from the fake. Staying informed and up to date on the latest tactics, while ensuring your computer and mobile devices are safe with protection software, is the only way to help avoid getting caught by the hook.
FYI: Some antivirus software blocks against phishing. Learn about the best antivirus software, all tried and tested by our digital security experts.
Methodology
To conduct this study, we collected responses from 933 people. Of those 933 people, 47% were men, and 53% women. 397 were millennials, 352 were a part of Generation X, 142 were baby boomers, 34 were a part of Generation Z, and six were from the silent generation.
There were no qualifying questions, but respondents were disqualified and excluded from the survey if they failed an attention-check question that was located about halfway through the survey.
At the beginning of the survey, respondents had to say that they were comfortable being quizzed about phishing scams.
Internet crime figures come from the FBI's annual Internet Crime Report. The definition of phishing comes from the same report. Venues where phishing can take place originate from the University of Massachusetts Amherst Information Technology Department. Strategies to avoid phishing scams originate from the Better Business Bureau.
Limitations
The data shown here depends on self-reported experiences with phishing scams. There are several problems that stem from self-reported data, including, but not limited to, selective memory, exaggeration, and telescoping. We can't be certain how closely our results match up to reality.
Fair Use Statement
While most people say they know what phishing is, many can't spot it. With phishing on the rise, the need to inform people about avoiding it is more important than ever. Do your part by sharing this study with your followers. All we ask is that you include a link back to this page and for it to be for noncommercial use.