A new study from YouGov and VeriSign shows consumers don’t recognize misspellings of key words, don’t notice the lack of a padlock symbol, and fail to comprehend non-branded, numerical URLs. The Online Trust Alliance offers a solution.
Paul Demery , Chief Technology Editor
A clear majority of U.S. Internet users are at risk from online fraud because they can’t identify the different forms of phishing currently happening online, according to a survey by data collection and analytics firm YouGov and commissioned by I.T. security firm VeriSign Inc. Phishing is the term for when criminals attempt to acquire sensitive information such as credit card numbers, user names and passwords by posing as a business an Internet user trusts.
The research asked each respondent to identify which of two web site images presented side by side was a fraudulent phishing site. The most frequently missed telltale indicator was misspelling on the site, with 88% failing to spot the spelling mistakes that would have identified the phishing site.
In the tests, 68% of 1,015 U.S. Internet users failed to note the lack of a padlock symbol in the browser address bar, 42% were duped by a URL containing an unspecified, numerical domain name, and 33% failed to identify a phishing site that made an unnecessary request for additional account information.
“In today’s economic environment, businesses have a hard enough time competing without having to battle fraudulent, look-alike phishing sites,” says Craig Spiezle, executive director of the Online Trust Alliance. “Just one phishing attack can dramatically diminish the relationship an online business has built with its customers. For these businesses, the stakes are enormous.”
To combat this and other forms of online fraud and protect Internet users’ payment information, the Online Trust Alliance created the EV (Extended Validation) standard for SSL (Secure Sockets Layer) Certificates, which is being adopted by a growing number of web sites, including e-commerce sites. With this technology, the web browser software and security certificate authority control page display, making it difficult for phishers and counterfeiters to hijack a brand and its customers.
“With nine out of 10 people in the U.S. vulnerable to phishing scams, a method for easily identifying a genuine site from a phishing site is a must for all businesses online,” says Tim Callan, vice president of product marketing at VeriSign. “By adopting EV SSL, a site owner makes it easy for web users to see that the site they are on is genuine. When a web user visits a site secured in this way, a high-security browser will trigger the address bar to turn green. For additional clarity, the name of the organization listed in the certificate as well as the certificate’s security vendor is also displayed.”
The Online Trust Alliance comprises more than 30 security and I.T. vendors, retailers, banks, and other organizations, including American Greetings Corp., No. 157 in the Internet Retailer Top 500 Guide; Bank of America; Exact Target; Goodmail Systems; Microsoft Corp.; PayPal Inc.; and VeriSign.