Press Release

LinkedIn Facebook Twitter RSS

Australia Needs to Be on High Phishing Alert with 86% of Consumers Failing to Spot the Difference Between Real and Fake Web Sites

Stronger visual clues and better understanding needed to reassure consumers, says VeriSign

Sydney, Australia - 29th June, 2009 - A surprising 86% of Australian Web users are at risk from online fraud, according to recent research conducted by VeriSign.

The YouGov* survey showed that Australians were one of the most vulnerable nations, alongside the United Kingdom and United States, whilst the residents of Germany and Sweden are the savviest in protecting their identities and personal details. The survey asked more than 8,000 respondents across nine countries to "spot the difference" between real and fake Web sites from VeriSign's recently launched the Phish or no Phish (www.phish-no-phish.com) challenge. The findings showed the vulnerability of Internet users globally.

Scare tactics by fraudsters remains an effective form of phishing for Australian consumers. Despite targeted education efforts by banks and online retailers alerting customers not to share their personal information online, almost a quarter (23%) of Australians still fall into this trap.

"Our research tested the applicability and understanding of a variety of phishing methods Australian consumers need to be aware of," said Armando Dacal, Director, Authentication Services, VeriSign Asia Pacific. "Sneaky strategies such as imitation Web sites that try and phish your personal details have been shown to work across all demographics, particularly on the age group 45- 54 years."

The research revealed that 45 - 54 year olds were 25% less likely to spot a fake Web site than other age groups. Different age groups were susceptible to different forms of scams; the over 65 year olds are more than twice as likely to fail to check that they are entering their details into a site that has the correct URL, with 43% failing to pick up the inaccurate URL addresses. This statistic compares to 16% of the savvier 18-24 year olds who performed strongly on this point.

The younger age group, however, is more likely to respond to scare tactics to give away their personal details with more than a quarter (26%) failing to identify the fake phishing Web site. Across the board, spelling mistakes were overlooked as being a clear indicator of a fake Web site, with 87% of respondents missing the obvious errors that would never be found on a valid company site.

Phishing scams and online fraud have created doubt and concern among consumers. To regain their trust, site owners need an easy, reliable way to show customers that their transactions are secure - and that they are who they say they are. Security vendors and Internet browsers have joined forces to establish the Extended Validation (EV) standard for SSL Certificates. With this technology, the browser and the certificate authority control the display, making it difficult for phishers and counterfeiters to hijack a brand and its customers.

"With almost nine out of 10 people in Australia vulnerable to phishing scams, a method to easily identify a genuine site from a phishing site is a must for all businesses online," continued Dacal. "By adopting Extended Validation SSL Certificates, a site owner makes it easy for a shopper to see that the site they are on is genuine. When a Web user visits a site secured in this way, a high-security browser will trigger the address bar to turn green. For additional clarity, the name of the organisation listed in the certificate as well as the certificate's security vendor is also displayed."

Knowledge is key to fighting phishing. To this end, VeriSign has compiled its Top five tips to distinguish a real site from a phishing site.

Consumers should check whether or not a site is genuine and is taking measures to protect their personal details by looking for the following:

  1. https:// The "s" in https:// means the site is encrypted, so the information you enter is secured. While some phishing sites do have a secured Web address, many do not. Therefore, site visitors should be on the lookout for missing security on sites that should have it.
  2. The padlock icon: To be meaningful this icon must appear in the actual browser interface and not inside the content of the page itself.
  3. Trust marks: Simple visual cues in the form of popular logos can show that a Web site is authenticated, secured, and the company is reputable.
  4. Check the Web address: Be suspicious of any site with an unknown domain that contains the name of a well known site in the latter part of the Web address.
  5. Green address bar: This signifies that this site has undergone extensive identity authentication so that you can be confident it is the site it claims to be.

To try to identify the phishing sites for yourself visit: www.phish-no-phish.com

*Notes to editors
The online survey was commissioned by VeriSign and conducted by YouGov on 21-27 May, 2009. 1,000 Australian adults (aged 18+) were polled in the sample.