Nearly half of Aussies can’t identify fake NAB website - survey
Online security company Avast has conducted a survey which positioned a true image of the National Australia Bank (NAB) website alongside a screenshot of a real-world phishing version of the page.
Respondents were then asked which version they thought was real.
Almost half (46.4%) chose the phishing version, while 53.6% chose the screenshot of the real login page.
Additionally, Avast asked respondents if they have fallen victim to a phishing scam themselves, with 15.3% admitting that they had, 67.2% saying that they had not, and a further 17.4% unsure.
Of those 15% who had fallen for phishing scams in the past:
- 61.3% had been a victim of email phishing
- 31.3% had visited a phishing website
- 21.3% had fallen for SMS phishing
- 32.5% had fallen for telephone phishing
The research indicates that many of these victims had been fallen to more than one attack.
“Phishing continues to be one of the leading attack methods because it allows cybercriminals to target people at scale using social engineering, which is a tactic used to trick people into carrying out certain actions.
“Cybercriminals use social engineering to take advantage of typical human behaviour, as it is easier to trick a person than to hack into a system,” says Avast threat intelligence director Michal Salat.
“Phishing can come in many forms, including over the phone, via messages such as SMS, and even in person. However, the most common form of phishing is online, via phishing links. Phishing links leading to malicious websites can be delivered in emails that appear to come from legitimate sources.
“They can also be attached to messages sent on social networking sites and apps, like Facebook and WhatsApp, and they can even misleadingly appear in search engine results.”
Tips to avoid phishing
● Install an antivirus solution on all devices, whether PC, mobile, or Mac. Antivirus software acts as a safety net, protecting online users.
● Do not click on links or download files from suspicious emails. Avoid replying to them, as well, even if they allegedly came from someone trusted. Instead, contact those entities through a separate channel and ensure that the message actually came from them.
● Directly enter a website’s URL into the browser whenever possible, to visit the site intended site, rather than a phony version.
● Do not solely rely on the green HTTPS padlock in the browser URL bar. While this signifies that the connection is encrypted, the site could still be fake. According to Avast data, six out of ten phishing sites are encrypted to further deceive users, so it’s important to double-check that the site visited is the real deal.
Survey conducted online, among 1045 Avast users in Australia from November 13 to November 20, 2019.