Legitimate or fake? Phishing"s on the rise and users can"t tell

Phishing emails are disguised as legitimate messages from your bank, university, insurance company or even employer asking you to click on a link, download a malicious attachment or give away private information like your social security number, credit data info or password. While some surveys say users are more aware of online security risks, others find users are willing to take risks when surfing the web.

One thing is certain, cybercrime is here to stay, and is actually growing and getting more sophisticated. 466,065 unique phishing websites were detected in the second quarter by the Anti-Phishing Working Group (APWG), a 61 percent increase from the first, and approximately three times higher than Q4 in 2015.

“This quarter”s report reminds us that phishing is still a principal tool of cybercrime – and it is nowhere near to passing out of use by cybercrime gangs. The behavioral dimension of phishing must be addressed in as great a scale as possible, as well as the technical subterfuge that automate the cybercriminals” enterprise,” said APWG Secretary General Peter Cassidy.

The recent phishing statistics are not that surprising, after all. Carnegie Mellon CyLab found that, although users might theoretically be aware of online risks, they still have a really difficult time telling a legitimate email from a phishing attack.

This carelessness could be related to a qualitative study from the National Institute of Standards and Technology (NIST) that says people have been blasted with so much advice about online security that they just don”t care anymore. Researchers warn that this security fatigue might have serious consequences for users and businesses, especially since the sectors most heavily affected by phishing attacks are retail/service, financial and payment services.

Users are frustrated – they have to remember as many as 25 different strong passwords or deal with extra authentication. In the long-run, cybersecurity and online privacy have led to decision fatigue as users choose the easy way out or simply give up on complying with the latest security measures.

“It is critical because so many people bank online, and since health care and other valuable information is being moved to the internet,” cognitive psychologist and co-author Brian Stanton said. “If people can”t use security, they are not going to, and then we and our nation won”t be secure.”