Published on February 10th, 2022 | by Adrian Gunning
Only 5% of Australians able to correctly identify whether emails & SMS are real or scams
KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, today announced new research which has found Australians are struggling to tell the difference between real emails and SMS messages and fake ones.
More than half of Australian office workers claim to be confident identifying scam emails (57 per cent) or SMS (54 per cent) yet when tested, only five per cent could correctly identify all of the real and scam emails and SMSs.
Jacqueline Jayne, Security Awareness Advocate for APAC at KnowBe4 is concerned: “The obvious first issue with this is that if Australians are unable to identify scam emails and SMS messages then they are at significant risk of getting phished or smished*. According to the ACCC, Australians lost a record $323 million to scams in 2021 (up a massive 84 per cent from the previous year) and the FBI reported smishing alone in the US cost Americans more than $50m in 2020 so the potential cost to Australians is huge.
“Interestingly though, our research shows that Australians are more likely to assume real messages are fake or scams and dismiss them, missing out on legitimate messages that require action. The key here is better education about cyber risk and that requires a joint effort from the government, employers and individuals.”
Overall, Australians are better at correctly identifying both real and scam emails than SMS messages. Less than half (44 per cent) correctly identified all the test emails as either real or fake but only 11 per cent were able to do the same for all the SMS messages, with only 5 per cent correctly identifying both. Worryingly, IT decision-makers fared no better, with only 3 per cent identifying all the test messages correctly.
In addition, one in three (34 per cent) Australian office workers admit to using the same password for more than one account.
Millennials at highest risk:
Research reveals that Millennial office workers may be at highest risk of cyber-attack as they are more likely than their older counterparts to:
- Use their work email address for personal activities (Millennials 19 per cent compared to Gen X 11 per cent and Baby Boomers 7 per cent);
- Engage with suspicious emails (Millennials 53 per cent compared to Gen X 39 per cent and Baby Boomers 20 per cent) and SMSs (Millennials 51 per cent compared to Gen X 42 per cent and Baby Boomers 23 per cent); and
- Say they are not confident that they could identify suspicious emails (Millennials 48 per cent compared to Baby Boomers 30 per cent) and suspicious SMSs (Millennials 50 per cent compared to 36 per cent);
Advice to stay safe:
Awareness is the number one way to avoid falling for the lures in a phishing or spam email. Stop and think before you act on anything that suggests urgency that requires you to click on a link, open an attachment or share your login details such as ‘only available for the next 24 hours – click here’ or ‘your account has been compromised, click here to change your password’.
Jayne advises: “Be hyper vigilant if you are asked to share or confirm any of your personal information via incoming communication channels such as SMS, phone calls and emails. If you are making direct outgoing contact via official channels (phone or app or website) to your bank, telco, healthcare provider etc. the verification process is safer as you have contacted them (not the other way around).”
Here are some examples of the wording used in these tactics:
- Your credit card has been used in fraudulent activities, update your details now.
- Open the attachment to see all of the people in your suburb with Covid19.
- Click here to claim your $200 shopping voucher.
- Like, share and comment to go in the draw to win a $50,000 car.
- Unsubscribe from this mailing list.
- You can jump the queue for your Covid19 vaccine, click here.
- Account Deactivation Notification – click here to confirm your details.
- You have a new connection request on LinkedIn – click here to find out more.
- Password change notification – your account has been compromised.
- Congratulations! You have won a computer – click here to claim your prize.
If you believe you might have fallen victim to a scam, contact any relevant financial institution and freeze your cards and accounts and report the scam at ScamWatch. If it is an ATO related scam, then visit the Verify or Report a Scam page on the ATO website – or call them on ATO 1800 008 540. If you believe a cybercriminal has stolen your identity, then please contact IDCARE (Australia & New Zealand’s national identity and cyber support service) here.
Jayne continues: “It is very important that people feel safe to report scams. Often, people feel embarrassed because they have fallen for a scam. There are people within the technology sector who, despite having a great deal of awareness of what to look out for, can and do fall for the same scams. We are all vulnerable to the tactics used by cybercriminals and scammers as they focus on our human nature to deceive and trick us into taking action.”
For more information on KnowBe4, visit www.knowbe4.com.