Hook, line, sinker: 2 in 3 Brits can’t spot phishing attacks

  • Millions of UK consumers risk being reeled in by cyber criminals online as they cannot recognise the typical signs of bogus websites
  • Around two-thirds of Brits (63%) cannot spot all the red flags of a scam site, while more than four in five (85%) wrongly look for a padlock symbol to show a site is safe
  • Cybersecurity company NordVPN found that Brits lack vital awareness about digital privacy and fraud linked to remote working
  • Its National Privacy Test, taken by 175 countries, shows the world’s cybersecurity knowledge is in decline as online threats grow more complex 
  • The test reveals most people in the UK can pick strong passwords and stay safe on social media, but a quarter (23%) would be vulnerable to the new “juice jacking” scam, where charging points are tampered with to spread malware or steal data

The majority of Brits are struggling to sniff out one of the most common traps laid for them online – fake websites designed to take their money and data, reveals new research by cybersecurity company NordVPN. 

Around two in three (63%) consumers could not correctly identify all the red flags of phishing websites, and many were relying on out-of-date safety information to protect them.

Phishing websites, often resembling those belonging to real businesses, are set up to trick victims into giving away personal and financial information, such as passwords or credit card details. They can also be used to spread malware that can steal data, damage systems and even hand control of devices over to criminals.  

NordVPN’s National Privacy Test – a global survey aimed to evaluate cybersecurity and online privacy awareness – revealed that more than four in five UK consumers (85%) believe a padlock icon in a web browser’s address bar suggests they are using a trusted site. However this icon, which is due to be retired by Google Chrome later this year, only indicates a secure encrypted connection and is now common on scam websites. 

Meanwhile, a fifth of Brits (22%) admit they are suspicious of a website that does not have a copyright symbol at the bottom of a page, despite this having no bearing on its safety.

When it came to spotting fakes, nearly three quarters (72%) correctly identified that a website’s digital certificate – or SSL – showing a random individual or company name would be a warning sign, with 81% accurately highlighting poor visuals and copy and 86% singling out a suspiciously named web address. 

There are more than a million unique phishing websites operating online and several new sites are created every minute. 

Out of 175 countries which have taken the test, the UK’s finished fifth, with its average score of 62/100 just behind Germany and the US (63/100) and the joint winners Singapore and Poland (64/100). The average global score for the test was 61/100, down from 64/100 in 2022 and 66/100 the year before.

The results showed that while most people in the UK have basic online safety skills, they lack awareness of practices and tools to protect them while browsing.

In total 95% of UK respondents knew how to create a strong password, correctly choosing the longest option that combined upper and lower-case letters, numbers and symbols. Nine in ten (91%) were aware of the importance of shielding personal information and location data on social media, while 85% knew saving card details on their browser was a risk.

Only one in ten (10%) knew all the data that their internet provider could gather when they surf the web. Less than half (46%) realised their email address could be collected, alongside the websites they visited, their unique IP address, the time they spent online and the device they were using. 

Meanwhile, just over half (53%) were aware that Facebook could still collect information on people – even if they don’t use the website – through cookies on third-party sites that incorporate Facebook engagement functions such as a “like” button.  

Among the new scams causing the most confusion is “juice jacking”, a technique where criminals tamper with public USB charging points so they can steal data from devices that use them. A quarter of Brits who took the test (23%) were willing to use a public charging point to charge their laptop when working remotely, putting their device – and sensitive information – at risk of being juice jacked.

Says Marijus Briedis, NordVPN’s Chief Technology Officer:

 “Despite their respectable placing in the test, these results should give the UK definite cause for concern.

“As technology advances, cybercriminals have adapted their tactics, making it challenging for the average user to keep up. Also, there is a common misconception that cybersecurity is solely the responsibility of service providers.

“Many Brits seem off the pace when it comes to their online safety, reliant on ‘old-school knowledge’ and at risk of falling headlong into scams like phishing websites. It’s important they realise that with the use of biometric identification growing, the value of a strong password is likely to decline over the next few years, and they must up their game in other areas.” 

To commemorate International VPN day this Saturday (August 19), here are some tips from NordVPN to keep you and your data safe while online: 

  1. Use strong and unique passwords. Create strong passwords for each of your online accounts and avoid using the same password across multiple platforms.

  2. Use multi-factor authentication (MFA). Implementing multi-factor authentication adds an extra layer of security by requiring users to provide additional verification, such as a one-time code sent to their phone, along with their password.

  3. Update your software regularly. Keeping software, operating systems, and applications up to date is crucial for fixing known vulnerabilities. Regular updates ensure that security patches are applied promptly, reducing the risk of exploitation by cybercriminals.

  4. Always use a virtual private network (VPN). A VPN encrypts your internet connection and helps protect your personal information from prying eyes. It is especially crucial when connecting to public Wi-Fi networks.

  5. Review and adjust privacy settings on social media platforms, mobile apps, and other online services. Limiting access to personal data and choosing the minimum required permissions can help protect privacy.

Chris Price
For latest tech stories go to TechDigest.tv