Story image

Nearly half of Aussies can’t identify fake NAB website - survey

02 Dec 2019

Online security company Avast has conducted a survey which positioned a true image of the National Australia Bank (NAB) website alongside a screenshot of a real-world phishing version of the page.

Respondents were then asked which version they thought was real.

Almost half (46.4%) chose the phishing version, while 53.6% chose the screenshot of the real login page.

Additionally, Avast asked respondents if they have fallen victim to a phishing scam themselves, with 15.3% admitting that they had, 67.2% saying that they had not, and a further 17.4% unsure.

Of those 15% who had fallen for phishing scams in the past:

  • 61.3% had been a victim of email phishing
  • 31.3% had visited a phishing website
  • 21.3% had fallen for SMS phishing
  • 32.5% had fallen for telephone phishing

The research indicates that many of these victims had been fallen to more than one attack.

“Phishing continues to be one of the leading attack methods because it allows cybercriminals to target people at scale using social engineering, which is a tactic used to trick people into carrying out certain actions.

“Cybercriminals use social engineering to take advantage of typical human behaviour, as it is easier to trick a person than to hack into a system,” says Avast threat intelligence director Michal Salat.

“Phishing can come in many forms, including over the phone, via messages such as SMS, and even in person. However, the most common form of phishing is online, via phishing links. Phishing links leading to malicious websites can be delivered in emails that appear to come from legitimate sources.

“They can also be attached to messages sent on social networking sites and apps, like Facebook and WhatsApp, and they can even misleadingly appear in search engine results.”

Tips to avoid phishing

●    Install an antivirus solution on all devices, whether PC, mobile, or Mac. Antivirus software acts as a safety net, protecting online users.

●    Do not click on links or download files from suspicious emails. Avoid replying to them, as well, even if they allegedly came from someone trusted. Instead, contact those entities through a separate channel and ensure that the message actually came from them.

●    Directly enter a website’s URL into the browser whenever possible, to visit the site intended site, rather than a phony version.

●    Do not solely rely on the green HTTPS padlock in the browser URL bar. While this signifies that the connection is encrypted, the site could still be fake. According to Avast data, six out of ten phishing sites are encrypted to further deceive users, so it’s important to double-check that the site visited is the real deal.

Survey conducted online, among 1045 Avast users in Australia from November 13 to November 20, 2019.

Story image
18 Dec
Security teams could be slowing down DevOps, survey shows
Venafi has released the findings of its latest survey, revealing 75% of DevOps professionals say certificate issuance policies slow them down.More
Story image
14 Jan
How integrated edge security and WAF can secure application delivery
Edge security, SSO application integration and flexible authentication options are critical for optimal user experience and information security policy compliance, Kemp says.More
Download image
Whitepaper: Evolving data centre security with next-gen firewalls
NGFW functionality can identify the actual application that is transported, regardless of port being used and the capability to attach user identity to security policies to manage traffic.More
Story image
20 Dec
Number of spam emails drops, still accounts for 55% of traffic
Significantly, spam messages account for more than half of 295 billion in 2019, making 55% of global email traffic in this year, the company states.More
Story image
01 Jan
Endace expands channel partners globally, experiences significant growth
Endace has announced global growth in the packet capture market, and the importance of packet capture as a key source of data for network security, is contributing to significant growth of the company.More
Story image
13 Dec
FireEye rolls out threat intelligence platform for industrial systems
Now industrial control systems (ICS), operational technology (OT), internet of things devices, and other equipment used to manage interconnected physical processes, can be secured from cyber threats.More