Our research shows about 60% of respondents do not see the risk in these type of sneaky scam messages. It is thought-provoking that people who claimed to know how to spot scams did just as poorly on the tests as those who said they do not.
Palo Alto, California (PRWEB) August 04, 2015
ZapFraud founder Markus Jakobsson invites attendees of Black Hat USA 2015 in Las Vegas to a briefing entitled, “How Vulnerable Are We to Scams,” (http://www.markus-jakobsson.com/wp-content/uploads/HowVulnerableAreWeToScam.pdf) in which he discusses the grossly underestimated problem of criminals using targeted forms of social engineering and phishing to develop substantially more credible-looking scams that spam filters don’t catch.
As reported last month in SC Magazine (http://www.scmagazine.com/more-than-half-of-460-black-hat-2015-attendees-surveyed-worry-over-targeted-attacks/article/427688/), a survey of 460 management and staff security professionals attending this week’s Black Hat 2015 conference showed that 57 percent were most concerned about “sophisticated attacks targeted directly at the organization.” Additionally, 46 percent of respondents stated that they worry about different forms of social engineering, phishing and social network exploits.
Dr. Jakobsson, a leading expert on phishing, crimeware and mobile security, will be presenting data illustrating the unsettling rise of targeting in Internet scams, as well as his attempt to directly quantify the extent to which users are vulnerable.
“Our research shows that people are not very good at judging whether messages are scams, especially when it comes to the sneakier, socially engineered targeted email scams,” explains Jakobsson. “Our research shows about 60% of respondents do not see the risk in these type of sneaky scam messages. It is thought provoking that people who claimed to know how to spot scams did just as poorly on the tests as those who said they do not. In addition, we show scam messages were blocked with a probability between 10% and 70% for Gmail, Hotmail and Yahoo.”
In this briefing, Jakobsson introduces a method of measuring the accuracy of people’s risk-assessment of messages that may potentially be more accurate than traditional Security IQ tests. “Traditional Security IQ tests typically have leading questions, obvious answers, and some of them require brand-specific knowledge to be able to answer questions,” explains Jakobsson. “Our tests don’t ask a respondent if something is simply good or bad, but instead asks the respondent to determine if they are able to spot the primary risk. Only 12% of our subjects were found not to be at risk when faced with a sequence of seven scam messages, leaving 88% at risk.”
According to the FTC (http://www.ic3.gov/media/annualreport/2013_IC3Report.pdf), 3.5% of the U.S. adult population fall victim to scams each year. This means close to 9 million people, just this year alone, will be fooled by social engineered scam attacks they never thought would happen to them – and those are just the scams reported. How many more go unreported? All evidence suggests more sophisticated tools are needed to protect us from social engineering attacks.
Jakobsson’s presentation will take place on Wednesday, August 5, 2015 at 5:30 pm in the South Seas room of the Mandalay Bay South Convention Center. For more information on Jakobsson’s briefing, visit https://www.blackhat.com/us-15/briefings.html#markus-jakobsson.
ZapFraud is the leading provider of proactive email and online scam protection services for consumers, as well as threat-detection services for enterprises. ZapFraud’s patent-pending scam protection service helps provide peace of mind for consumers as they face the increasing and ever-changing threat of email, social media and online phishing scammers who attempt to steal intellectual property, identity, online credentials and, ultimately, their hard-earned money. More information about the company can be found at http://www.zapfraud.com.