ABOUT SYMANTEC

Press Release

Research Reveals 83 Percent of Singaporean Web Users Unable to Spot Phishing Scams

Green Address Bar Provides High Visibility Weapon in Fight Against Cyber Crime

SINGAPORE, 23rd September, 2009 - A YouGov survey* commissioned by VeriSign, Inc. (NASDAQ: VRSN) has revealed that 83 percent of Web users in Singapore are at risk from online fraud because they can't identify the different forms of phishing currently happening online. The survey also revealed that Web users in the UK and USA are the most vulnerable, with 88 percent not recognizing phishing sites, followed by Australians at 86 percent. Singapore came in fourth place, followed by India with 76 percent, demonstrating that they are savvier in protecting their identities and personal details online.

The survey asked each respondent to identify which - of two Web site images presented side by side - was a fraudulent phishing site. The most frequently missed "tell tale" was the spelling on the site, with 83 per cent failing to spot the spelling mistakes that would have identified the phishing site. The other "tell tales" include:

  • No padlock symbol in the browser address bar - 51 percent duped
  • Request for additional account information - 28 percent duped
  • URL containing unspecified, numerical, domain name - 26 percent duped

Phishing scams and online fraud have created doubt and concern among online shoppers. To regain their trust, site owners need an easy, reliable way to show customers that their transactions are secure - and that they are who they say they are. Security vendors and Internet browsers have joined forces to establish the Extended Validation (EV) standard for SSL Certificates. With this technology, the browser and the certificate authority control the display, making it difficult for phishers and counterfeiters to hijack a brand and its customers.

"With nine out of ten people in Singapore vulnerable to phishing scams, it is crucial that a genuine site is easily and immediately identifiable," said Armando Dacal, director of Authentication, VeriSign Asia Pacific. "By adopting Extended Validation, an online shopper using a high-security browser can clearly see that the site they are on is genuine by the green address bar. For additional clarity, the name of the organization listed in the certificate as well as the certificate's security vendor such as VeriSign is also displayed."

Regional findings
The results showed Singaporeans aged 18 to 24 years are more likely to identify a phishing site and scored higher than those aged 35 years, who are 15 percent less likely to spot a phishing site. Singaporean men also fared better in spotting all phishing sites correctly, with women 12 percent less likely than men to identify a phishing site. This figure is on par with users in the UK, while both men and women Indian Web users are equally likely to identify an online scam.

Knowledge is key to fighting phishing and to this end VeriSign has compiled its Top five tips to distinguish a real site from a phishing site.

Consumers should check whether or not a site is genuine and is taking measures to protect their personal details by looking for the following:

  1. https:// The "s" in https:// means the site is encrypted, so the information you enter is secured. While some phishing sites do have a secured Web address, many do not. Therefore, site visitors should be on the lookout for missing security on sites that should have it.
  2. The padlock icon: To be meaningful this icon must appear in the actual browser interface and not inside the content of the page itself.
  3. Trust marks: Simple visual cues in the form of popular logos can show that a Web site is authenticated, secured, and from a company that is reputable.
  4. Check the Web address: Be suspicious of any site with an unknown domain that contains the name of a well known site in the latter part of the Web address.
  5. Green address bar: This signifies that this site has undergone extensive identity authentication so that you can be confident it is the site it claims to be.