Top 5 Users' Myths about Phishing

These are the top 5 misconceptions about how you can protect yourself from phishing 
  • Myth 1: Educated users can detect that an email is phishing

    Over the past years, as awareness about phishing has increased, people have improved their phishing detecting skills. However the problem still exists.
    Percentage of victims has decreased, but when the messages are so professional and since they look like the real messages we all receive now and then, they are easily considered genuine.

    A few inaccurate generalizations about phishing:
    • Messages showing familiar personal details such as real address; names of users' family members, employer or a co-worker, etc. are perceived as legitimate. Many people respond to questionnaires by providing personal details about their employment or family members. These details may later be used as personalized phishing "bait".
    • Phishing is most successful amongst the elderly. Many of these people trust messages they receive unquestionably.
    • Messages that relate to an action recently taken, such as bidding in an auction and loosing the bid, may instigate sophisticated phishing messages offering the same item at the same bidding price.

    For more information about who's in danger of falling prey to phishing scams please read the article entitled: "Research reveals phishing hooks"
  • Myth 2: Spam filters and anti-phishing filters can detect phishing messages

    Spam filters and anti-phishing filters can reduce the number of phishing messages but cannot stop them. Filtering personalized messages requires complex technologies and the scammers are usually one step ahead of the filters.
  • Myth 3: Blocking known phishing URLs can protect you from phishing

    Phishing URL lists only help when a user tries to access a site which has already been detected.
    • It takes time to detect a phishing site and to update the list. During that time users are exposed to phishing attacks from the site. A delay of a few hours in detecting a site enables it to trap hundreds of phishing victims. Since the lifetime of a phishing site is short (most sites disappear within 24 hours), once the list is updated, the site might no longer be in existence.
    • Most of the sites are not detected within reasonable time. Every day more than 400 new phishing sites appear, many of them in places difficult to monitor. Good lists detect 150-200 new sites daily.
  • Myth 4: The site is responsible for protecting its users from phishing

    Although sites have liability to protect users when they login to their account on the web, the site is not responsible for direct losses when users did not take reasonable steps to protect themselves and it is never responsible for indirect losses. The users must protect themselves. Even if some direct money losses are reimbursed - the bad personal feeling; the time and energy spent; reputation and credit history rehabilitation make it a traumatic experience.
  • Myth 5: All anti-phishing solutions are not effective

    Most anti-phishing solutions are not effective. Only CallingID Toolbar automatically protects users from becoming scam victims. This solution automatically detects known phishing scams in real-time. In addition it automatically provides the user with valuable information: who owns the site receiving the information he submits and a confirmation that this owner is a real organization. When the user sees that the entity receiving the information is different than expected or that there is a potential risk in sending information to that site he should reconsider. CallingID provides all the required information for the user to decide whether it is safe submitting personal and confidential data to a site before the data is submitted.