Press Releases

Survey Reveals 84 Per cent of Australians Received Phishing Emails over the Past Year

Sydney, Australia - 16th December, 2008 - As Christmas draws closer and shopping online and booking a summer holiday become high priorities for Australians, extra precautions need to be taken to ensure Australian Internet users don't fall victim to online security and identity theft.

Research released today by VeriSign, the trusted provider of Internet infrastructure services for the networked world, revealed that 84 per cent of Australians received some form of online threat over the past year, via email from impostor banks or other institutions, offers requesting money transfers and requests to wire money overseas. Despite the large percentage who reported receiving phishing messages, a surprising 97 per cent of respondents still believe they are at low risk from online security threats.

Respondents cited the main reasons behind their perceived low risk are:

  • their antivirus and spyware is up-to-date (78 per cent)
  • they don't post personal information on social networking sites (61 per cent)
  • they don't visit high risk Web sites (59 per cent)
  • they shop on Web sites they know (56 per cent)

Though consumers seem to be heading in the right direction with regard to protecting themselves online, further findings suggest otherwise. Fifty per cent said they use the same password on multiple sites while 13 per cent use Post It notes or scrap paper to remember their password. Amazingly, 10 per cent keep their passwords stored on or near their computer. What's more, less than 1 in 5 respondents change their passwords regularly.

"Our survey revealed that Australians admit that their biggest fear online is losing their credit card details or having their identity stolen, and yet we're still not doing all that we can to help ourselves," said Ed Elliff, director, Identity and Authentication Services at VeriSign Australia. "We hold valuable information in poorly protected online email accounts, social networking sites and online bank accounts. In the lead up to Christmas, we expect consumers to turn to the Internet at an increasing rate, and security needs to be a priority."

The survey uncovered additional findings highlighting how consumers feel about their online security:

  • 94 per cent would avoid using certain Web sites if they were not secure
  • 82 per cent agree they should take some responsibility for their own security online
  • 55 per cent feel the responsibility should be borne by themselves
  • 25 per cent feel that businesses should have the responsibility
  • 9 per cent said the Australian government should take the responsibility
  • 65 per cent fear having their credit card details stolen

"Most Australians fear their financial details falling into the wrong hands, but it goes beyond banking - identity theft and the increasing trend of updating our movements on social networking sites pose major security risks," continued Elliff. "Australians need to better understand that it can happen to anyone at any time unless they take appropriate precautions, as seen by the widely reported Facebook scams that are occurring in Australia - the 'it won't happen to me' attitude is a poor defense."

To help Australians fight risks of online threats this Christmas, VeriSign offers the following tips to help ensure personal information is kept safe and secure:

Regular password changes

It is recommended that users change their passwords every three months and yet less than 1 in 5 respondents adhere to this rule. More than a third have never changed their password for their online email accounts despite half of Australians agreeing that there is valuable information stored in their inbox. Twenty one per cent have never changed their online banking password. This is especially important when using Web sites that don't currently offer second factor authentication.

Keep your information private

With so many passwords to manage for the range of Web sites we connect to, passwords are becoming an even weaker defence mechanism. Australians currently use a number of tricks and shortcuts to help them remember their passwords. Half of the respondents surveyed stated that they use the same password on multiple sites and 13 per cent write their passwords on a Post-It note or scrap of paper. Ten per cent keep their passwords stored on or near their computer - the equivalent to leaving your keys in the front door, vastly increasing the risk of intruders. Nearly a third are using personal information that can be easily sourced from a social networking Web site to select their password like their date of birth or the name of a loved one.

Two is better than one - use two-factor authentication from your service providers and demand it if they don't offer it today
Results from the survey suggest that even though Australians don't feel that they are at risk from major security threats online, the population has still expressed an interest in finding out more about additional safety services. More than three quarters of respondents revealed they are interested in using a single security device to protect themselves across multiple Web sites.

A growing number of sites are accepting a second form of user authentication that comes from physical devices such as a token, credit-card form factor and even your cell phone. This is called two-factor authentication, and the PayPal Security Key is an example. Each device provides users with a dynamic one time password that must be entered into a log-in page in addition to their user name and password. The extra layer of security prevents potential fraudsters from accessing personal accounts that are accessed by a simple user name and password.

Go green

Use a high security browser that will display the visual cues triggered by Extended Validation SSL Certificates. Look for the green address bar and the company's name highlighted in green at the top of the browser. This signifies that this site has undergone extensive identity authentication.

Also look for other security cues such as https://. If the site's Web address begins with https://, information you share is encrypted. Never enter credit card numbers or personally identifiable information such as your social security number or mother's maiden name into any page that does not begin with https. Finally, look for popular trust mark icons, which can indicate important things about an online business. Leading trust marks include the VeriSign Secured Seal (online security and verified site identity), TRUSTe (customer data privacy) and RatePoint (online reputation management).

About Galaxy Research

This study was conducted online among members of a permission based panel by Galaxy Research: The sample was 533 respondents aged 16 years and older distributed throughout AustraliaFieldwork commenced on Tuesday, October 28 and was completed on Thursday, October 30.Following the completion of interviewing, the data was weighted by age, gender and region to reflect the latest ABS population estimates.