45% Success Rate for Realistic Looking Phishing Website

Next story


Mark James, ESET Security Specialist, answers some of our burning questions about the recent findings from Google.

Reported by WeLiveSecurity last week, “effective phishing websites… will have a 45% success rate at harvesting data. This drops to 14% for an average looking imitation, and all the way down to 3% for a more obviously fake version.”

Mark James answered our questions about how phishing got to this point and where it could go from here:

Are these numbers likely to go up or down?

These numbers will almost certainly increase, sadly more sophisticated methods are used daily to try and trick the end user into passing over sensitive information.”

How much worse is social media making phishing schemes?

“I believe Social media is one of the major factors that contributes to phishing, so much info can be retrieved by peoples Facebook and twitter feeds that otherwise would not be available to view, sadly end users still fail to understand private and internet cannot be used in the same sentence.”

Are there any other significant factors that make these schemes so affective?

Increasing trust is a major factor, just one piece of information that hits home is enough for you to lower your barriers and click that link or enter your details, as more info is put on social media it just makes the crooks job easier.

“Even using such broad terms like using the last 4 digits of the credit card will make you think they are legit if those four digits are correct, and bear in mind it’s only a 1 in 10,000 chance to get those digits, even less if you have multiple cards!”

How much will an ever-growing level of connectivity affect these numbers in the future?

It will only increase, as more info is leaked, stolen and spread around the internet phishing will only get more sophisticated and adapt as we humans try and find ways to stop them winning.”

How should we react to these emails or webpages?

“In all cases a quick phone call to the organisation will put your mind at risk, if there’s no problem then just delete the email.

“If there is a problem they will be able to help you resolve it so you can still delete the email, banks and financial organisations want your business and are always available to help especially when fraud or phishing attacks are involved.

“My advice would be to ALWAYS validate any emails if it involves money in any way shape or form: trusting family and friends is great when they are in front of you or asking advice but always think twice before dealing with emails even if you do “think” you know them personally.”