Half of Dutch people see phishing as the biggest online threat
SIDN study shows more than 1 in 4 people in the Netherlands are victims of phishing
The Dutch public see phishing and other forms of internet fraud as the biggest threat to confidence online, according to an SIDN survey of more than 1,000 people. Over a quarter of respondents said that they had been victims of phishing at some time, and about 1 in 5 of those had lost money as a result.
As part of the Alert Online campaign, SIDN commissioned Markteffect to find out what people in the Netherlands saw as the main things preventing them from using the internet with complete confidence. When survey respondents were asked to choose up to 3 issues from a longer list, the 5 options most often selected were:
Phishing mail and other types of attempted fraud (50%)
Unreliable or suspicious websites (47%)
Risk of identity theft and abuse (39%)
Privacy breaches linked to the insecure storage of personal data (30%)
Distribution of fake news and misinformation (30%)
Phishing is a type of scam where fraudsters try to obtain sensitive information by pretending to be from a trustworthy organisation, such as a bank or a government department. And the survey confirmed that phishing is a real hazard for internet users. More than a quarter (26 per cent) of respondents said that they had been victims of attempted phishing. And 5 per cent reported that they had lost money as a result.
Over-vigilant
However, the direct targets aren't the only ones harmed by phishing. Bona fide organisations lose out as well, because phishing hampers their communication activities. Nearly half (45 per cent) of survey respondents said that they had ignored legitimate e-mail messages, fearing that they were actually scams. Nearly 32 per cent acknowledged doing that more than once. The over-55s turned out to be particularly wary, with 42 per cent reporting having treated legitimate mail as phishing mail on multiple occasions.
“It's important to be on the ball,” says SIDN CEO Roelof Meijer. “If legitimate mail is being missed because recipients think it's phishing mail, then clearly something's going wrong. Organisations that send mail have to be more alert in that regard. For example, they need to be looking critically at their outgoing mail. All too often, essentially bona fide e-mail messages ask for information and/or invite recipients to click on links, and therefore look very like phishing messages. As a result, it's hard for recipients to be sure what they should do.”
Standards and security
Organisations can also do various things to improve security and prevent their domain names being abused in phishing scams. For example, the risk of abuse can be significantly reduced by configuring a mail domain to support e-mail security standards. The most effective standards are SPF (where mail senders publish the IP addresses of the servers authorised to send mail for their domains), DKIM (where cryptographic signatures are attached to e-mail messages) and DMARC (where a sender publishes a policy telling recipients what to do with mail that doesn't meet SPF and DKIM requirements).
For their part, mail recipients can reduce the risk by looking out for the telltale signs of phishing scams. Those include pushing the recipient to act quickly, and asking for personal data, such as logins. Unusual URLs, unrequested attachments and failure to provide business registration data are also good reasons to be cautious. For more comprehensive advice, see our tips on how to avoid falling for a phishing scam.
Together with the registries for .ie (Ierland) and .be (Belgium), ous research department, SIDN Labs, have carried out a large-scale study to compare and analyse phishing attack methods and assess the implications for registries' mitigation policies. Read more
