Phishing Might Be More Successful Than You Think

phishing email featured

It’s no surprise that you can’t earn £1,000 a day working part time from home, you can’t lose 2 stone (28 lb, or roughly 12.7 kg, for those unfamiliar) in a week, and the Prince of Nigeria doesn’t want to give you £10 million. However new research by Google says more complex phishing emails, pretending to be from a legitimate source do actually work more often than you would think.

Working with the University of California, Google has lifted the lid on the success rate of so called phishing emails.  These e-mails are sent out in the hundreds of thousands in the hope someone might fall for it (bite). The emails usually contain links to elaborate recreations of legitimate websites – such as Google, iCloud, eBay and PayPal.

Researchers looked at traffic to 100 known phishing websites found by Google Safe Browsing research. They also chose 100 random emails that Gmail users reported as potential phishing emails. Google found that these e-mails work up to 45% of the time, luring unsuspecting users to these fake websites. This is dangerous in itself, being that these sites are usually infested with malware designed specifically to harvest personal data.

Personal Data Harvest

Phishing email hookMalware is the least of unsuspecting victims worries though. Surprisingly, even for Google, an average of 14 percent of people fall for the recreations, believing they are the legitimate pages and submitting their info. Even on the worst performing phishing sites – using poorly replicated interfaces or smaller usage products; 3 percent of visitors still submitted their data.  All the way up to the best performing sites, up to 45% of people fell for the trap.

This is high yield small outlay for scammers. One person can send out millions of emails in a few minutes. After gaining any information from a victim, the scammer spends on average 3 minutes in the compromised account. They work out its value searching for terms such as “wire transfer” and “bank.” High value accounts are usually sold on, meaning any attempt to use the info could be days later.

Smaller accounts are used to try and extract money from the victim’s contacts list by sending out emails to everyone with an elaborate backstory – often involving being mugged abroad and needing funds to get home.  The scammer hopes that the victim’s contacts may send even small amounts of money. If nothing returns then the scammer simply moves on, the victim could be none the wiser to ever being compromised.

What Can I Do?

phishing email 2stepGoogle advises to use 2-step authentication in all circumstances, a full walk through of setting it up on Gmail can be found here. Always report anything ‘phishy’ to your email provider, and don’t click a suspicious link to see if it’s legitimate! If in doubt don’t click the link and type the address to the legitimate website in your browser instead.

Have you ever been a victim to phishing? How many phishing emails do you get, and do you report them? Let us know on Google plus, Facebook, Twitter or in the comments below.

To Top