A survey of 1,079 U.S. adults conducted by Valimail finds not only do consumers fail to properly identify fraudulent emails, they tend to give the benefit of the doubt to emails that match their own political preferences.
For example, only 36% of Democrats correctly identified a fake email from Senate candidate Beto O’Rourke, while only 20% of Republicans could spot a fraudulent campaign email from incumbent Texas Senator Ted Cruz. In both of these instances, the opposite party had more success at correctly identifying the fakes.
“The results of this survey confirm what nation-states and bad actors have known for years: that email is incredibly vulnerable to impersonation, and is therefore a prime channel for spreading misinformation, malware, and fraud,” said Alexander García-Tobar, CEO and co-founder of Valimail.
The survey provided participants with screenshots of 11 emails. Five were authentic messages that had been distributed during the previous weeks and six were fakes — either actual fake messages found in the wild, or images that were based on real emails, but which Valimail had doctored using common techniques utilized by email fraudsters. Eight of the 11 were political in nature, with two authentic and two fake emails each from both major political parties.
Other key findings of the report include:
- On average, respondents correctly identified 4.98 messages (out of 11), or a little less than half.
- Only 31% of respondents had received anti-phishing training at any point. There is virtually no difference between the scores of those who received training vs. those who didn’t (4.98 vs 4.97).
- Older age groups tended to score better, with those 75 or older registering the highest scores overall. However, the 18-24 age group scored better than the 45-54 age group. No age group correctly identified more than half of the emails.
- Only one person answered every question correctly. No person scored fewer than four correct.
Respondents were also asked to share the methods they typically use to identify phishing emails. The vast majority of people (910) responding to the survey wrote that they look for suspicious requests in the email text, followed by poor spelling or grammar (798) and checking the “From” field (724). These methods cannot be considered reliable indicators, as they are all susceptible to deception.
SOURCE: Valimail, Dylan Tweney, dylan@valimail.com, 650-605-3348