Hook, line, sinker: 2 in 3 Brits can't spot phishing attacks

Millions of UK consumers risk being reeled in by cyber criminals online as they cannot recognise the typical signs of bogus websites
Around two-thirds of Brits (63%) cannot spot all the red flags of a scam site, while more than four in five (85%) wrongly look for a padlock symbol to show a site is safe
Cybersecurity company NordVPN found that Brits lack vital awareness about digital privacy and fraud linked to remote working
Its National Privacy Test, taken by 175 countries, shows the world’s cybersecurity knowledge is in decline as online threats grow more complex
The test reveals most people in the UK can pick strong passwords and stay safe on social media, but a quarter (23%) would be vulnerable to the new “juice jacking” scam, where charging points are tampered with to spread malware or steal data

The majority of Brits are struggling to sniff out one of the most common traps laid for them online – fake websites designed to take their money and data, reveals new research by cybersecurity company NordVPN.

Around two in three (63%) consumers could not correctly identify all the red flags of phishing websites, and many were relying on out-of-date safety information to protect them.

Phishing websites, often resembling those belonging to real businesses, are set up to trick victims into giving away personal and financial information, such as passwords or credit card details. They can also be used to spread malware that can steal data, damage systems and even hand control of devices over to criminals.

NordVPN’s National Privacy Test – a global survey aimed to evaluate cybersecurity and online privacy awareness – revealed that more than four in five UK consumers (85%) believe a padlock icon in a web browser’s address bar suggests they are using a trusted site. However this icon, which is due to be retired by Google Chrome later this year, only indicates a secure encrypted connection and is now common on scam websites.

Meanwhile, a fifth of Brits (22%) admit they are suspicious of a website that does not have a copyright symbol at the bottom of a page, despite this having no bearing on its safety.

When it came to spotting fakes, nearly three quarters (72%) correctly identified that a website’s digital certificate – or SSL – showing a random individual or company name would be a warning sign, with 81% accurately highlighting poor visuals and copy and 86% singling out a suspiciously named web address.

There are more than a million unique phishing websites operating online and several new sites are created every minute.

Out of 175 countries which have taken the test, the UK’s finished fifth, with its average score of 62/100 just behind Germany and the US (63/100) and the joint winners Singapore and Poland (64/100). The average global score for the test was 61/100, down from 64/100 in 2022 and 66/100 the year before.

The results showed that while most people in the UK have basic online safety skills, they lack awareness of practices and tools to protect them while browsing.

In total 95% of UK respondents knew how to create a strong password, correctly choosing the longest option that combined upper and lower-case letters, numbers and symbols. Nine in ten (91%) were aware of the importance of shielding personal information and location data on social media, while 85% knew saving card details on their browser was a risk.

Only one in ten (10%) knew all the data that their internet provider could gather when they surf the web. Less than half (46%) realised their email address could be collected, alongside the websites they visited, their unique IP address, the time they spent online and the device they were using.

Meanwhile, just over half (53%) were aware that Facebook could still collect information on people – even if they don’t use the website – through cookies on third-party sites that incorporate Facebook engagement functions such as a “like” button.

Among the new scams causing the most confusion is “juice jacking”, a technique where criminals tamper with public USB charging points so they can steal data from devices that use them. A quarter of Brits who took the test (23%) were willing to use a public charging point to charge their laptop when working remotely, putting their device – and sensitive information – at risk of being juice jacked.

Says Marijus Briedis, NordVPN’s Chief Technology Officer:

“Despite their respectable placing in the test, these results should give the UK definite cause for concern.

“As technology advances, cybercriminals have adapted their tactics, making it challenging for the average user to keep up. Also, there is a common misconception that cybersecurity is solely the responsibility of service providers.

“Many Brits seem off the pace when it comes to their online safety, reliant on ‘old-school knowledge’ and at risk of falling headlong into scams like phishing websites. It’s important they realise that with the use of biometric identification growing, the value of a strong password is likely to decline over the next few years, and they must up their game in other areas.”

To commemorate International VPN day this Saturday (August 19), here are some tips from NordVPN to keep you and your data safe while online:

Use strong and unique passwords. Create strong passwords for each of your online accounts and avoid using the same password across multiple platforms.
Use multi-factor authentication (MFA). Implementing multi-factor authentication adds an extra layer of security by requiring users to provide additional verification, such as a one-time code sent to their phone, along with their password.
Update your software regularly. Keeping software, operating systems, and applications up to date is crucial for fixing known vulnerabilities. Regular updates ensure that security patches are applied promptly, reducing the risk of exploitation by cybercriminals.
Always use a virtual private network (VPN). A VPN encrypts your internet connection and helps protect your personal information from prying eyes. It is especially crucial when connecting to public Wi-Fi networks.
Review and adjust privacy settings on social media platforms, mobile apps, and other online services. Limiting access to personal data and choosing the minimum required permissions can help protect privacy.

Aug 16, 2023Chris Price

For latest tech stories go to TechDigest.tv

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie records the user consent for the cookies in the "Advertisement" category.
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	CookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
__atuvc	1 year 1 month	AddThis sets this cookie to ensure that the updated count is seen when one shares a page and returns to it before the share count cache is updated.
__atuvs	30 minutes	AddThis sets this cookie to ensure that the updated count is seen when one shares a page and returns to it before the share count cache is updated.

Cookie	Duration	Description
at-rand	never	AddThis sets this cookie to track page visits, sources of traffic and share counts.
disqus_unique	1 year	Set to record internal statistics for anonymous visitors.
uvc	1 year 1 month	addthis.com sets this cookie to determine the usage of addthis.com service.
_ga	1 year 1 month 4 days	Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.
_gat_gtag_UA_*	1 minute	Google Analytics sets this cookie to store a unique user ID.
_ga_*	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.
_gid	1 day	Google Analytics sets this cookie to store information on how visitors use a website while also creating an analytics report of the website's performance. Some of the collected data includes the number of visitors, their source, and the pages they visit anonymously.
__gads	1 year 24 days	Google sets this cookie under the DoubleClick domain, tracks the number of times users see an advert, measures the campaign's success, and calculates its revenue. This cookie can only be read from the domain they are currently on and will not track any data while they are browsing other sites.

Cookie	Duration	Description
IDE	1 year 24 days	Google DoubleClick IDE cookies store information about how the user uses the website to present them with relevant ads according to the user profile.
loc	1 year 1 month	AddThis sets this geolocation cookie to help understand the location of users who share the information.
skimGUID	10 years	Set by Slimlinks, this cookie is a unique identifier provided to each device for log analysis to determine the number of unique users for various parts of skimresources.com.
test_cookie	15 minutes	doubleclick.net sets this cookie to determine if the user's browser supports cookies.
_ir	session	This is a Pinterest cookie that collects information on visitor behaviour on multiple websites. This information is used on the website, in order to optimize the relevance of advertisement.
__gpi	1 year 24 days	Google Ads Service uses this cookie to collect information about from multiple websites for retargeting ads.

Cookie	Duration	Description
wp_api	past	Description is currently not available.
wp_api_sec	past	Description is currently not available.
xtc	1 year 1 month	Description is currently not available.

Hook, line, sinker: 2 in 3 Brits can’t spot phishing attacks

Millions of UK consumers risk being reeled in by cyber criminals online as they cannot recognise the typical signs of bogus websites

Around two-thirds of Brits (63%) cannot spot all the red flags of a scam site, while more than four in five (85%) wrongly look for a padlock symbol to show a site is safe

Cybersecurity company NordVPN found that Brits lack vital awareness about digital privacy and fraud linked to remote working

Its National Privacy Test, taken by 175 countries, shows the world’s cybersecurity knowledge is in decline as online threats grow more complex

The test reveals most people in the UK can pick strong passwords and stay safe on social media, but a quarter (23%) would be vulnerable to the new “juice jacking” scam, where charging points are tampered with to spread malware or steal data

Like this: