Can you discern a fake e-mail from a legitimate one? Most consumers can’t, but erroneously think they can, according to a new study by Bank of America and National Cyber Security Alliance, a copy of which was provided to the E-Commerce Times.
The survey showed that 87 percent of consumers polled said they were confident they could recognize fraudulent e-mails, but a massive 61 percent failed to identify a legitimate e-mail. Most respondents categorized all e-mails in the study as fake, even though one of them was real.
“Consumers are more aware than ever of a range of online threats. However, it is clear that the sense of confidence many feel in their ability to identify online scams is misplaced and overstated,” said Ron Teixeira, executive director of the National Cyber Security Alliance, based in Washington, D.C.
The study also presented images of sample Web sites and asked consumers whether they could discern whether a site was secure — and a whopping 67 percent could not identify a secure Web site. What’s more, 6 out of 10 respondents relied on symbols, such as “padlocks” to determine whether a site was secure, while 4 in 10 consumers felt there was no real way to determine if a site was secure.
“As people continue to conduct more of their activities and transactions online, fraudsters will continue to present sophisticated scams,” said Teixeira. “This study reinforces the necessity for consumers to educate themselves regularly about safe online practices in order to stay ahead of the next threat.”
One way to bolster site security is to increase authentication — which is what Bank of America, sponsor of the study, has done for the last year. Responsibility for safety is mutual — and both the consumer and business must be careful. That’s why BofA is launching a two-way authentication system that helps customers confirm they are at the real Bank of America Web site and avoid perilous phishing scams.
“Online security is a shared responsibility among legitimate businesses and consumers,” said Sanjay Gupta, e-commerce executive at Bank of America. “We take that obligation very seriously and work hard to provide the latest information and security.”
The company’s authentication project is called “Site Key,” and the bank is planning to roll out 18 e-alerts in the coming months to warn consumers of other scams, Gupta said.
Additional findings of the report were as follows:
- Two-thirds of consumers who conduct online financial transactions are extremely or very concerned about giving their personal or financial information to a fake Web site and having hackers steal financial information from their computer;
- Seventy-four percent of Americans don’t believe using only an ID and password to log-in is safe;
- More than 68 percent of respondents are extremely or very willing to try additional layers of login security, such as answering personal questions about themselves to confirm their identity.
Confidence an Issue
“Buyer confidence has emerged as a major issue for online retailers,” said Jeff Grass, CEO of buySAFE, an e-commerce security company, based in Arlington, Va.
Legislators are trying to help. The Business Software Alliance (BSA) this week praised the House Judiciary Committee’s approval of legislation that enhances law enforcement’s ability to fight cyber crime resulting from data security breaches. The “Cyber-Security Enhancement and Consumer Data Protection Act of 2006” (H.R. 5318) was sponsored by House Judiciary Chairman James Sensenbrenner (R-WI).
“Cyber criminals are becoming increasingly sophisticated and organized, and law enforcement officials are in a constant race against time,” said BSA President and CEO Robert Holleyman.