|
Member SurveysPhishing and AuthenticationJun 2004, by Michael R. Nelson, VP of Public Policy In recent months, there have been growing concern about "phishing," the use of the Internet by criminals to steal personal data such as bank-account numbers and user passwords. According to the Gartner Group, an estimated 57 million US Internet users have received e-mail messages directing them to phony Web sites and about 1.8 million may have divulged personal information as a result. Furthermore, the number of phishing attacks has more than tripled in the last six months. This short survey is designed to get the advice of Internet Society members on how best to reduce the problem of phishing and cyberfraud. The survey ended on July 12, 2004. 1. In the last six months, have you received an e-mail message associated with a phishing scam? Yes 2. Have you been fooled by a phishing scam? Yes 3. Do you believe that you have divulged personal data by replying to a phishing site? Yes 4. Do you know someone else who has fallen victim to a phishing site? Yes 5. What approaches do you believe will help alleviate the problem of phishing? Not useful Somewhat useful Useful Very Useful Most Useful Better enforcement of existing anti-fraud laws 6. A number of organizations and companies are developing authentication standards and/or promoting better use of authentication. Which of these organizations do you think can make important contributions in this area? Not important Somewhat important Important Very important Don´t Know Anti-Phishing Working Group 7. What other groups or companies do you think can play a key role in promoting widespread use of electronic authentication? How? 8. Should the Internet Society promote development and deployment of interoperable electronic authentication systems? Not a priority Summary of ResultsWe received almost 750 responses to the Cyber Survey #12 ‘Phishing and Authentication' sent out in June 2004. More than 70% of those had received an e-mail associated with a phishing scam during the last 6 months, but not even 5% had been fooled by it. However, almost 10% of all respondents believe that they have divulged personal data to a phishing site and 28% know at least someone who has fallen victim to a phishing site. When asked about possible approaches to alleviate the problem of phishing, most people (almost 85%) believe that user education is a very useful or even the most useful approach, followed by building more effective authentication technologies into browsers (more than 67% believe this is most or very useful). Further, 67% of all respondents think that more widespread deployment and use of authentication technologies by Web site owners would be a useful approach. When asked which entities or organisations make the most valuable contributions to promote authentication technologies, the IETF got the highest marks (more than 70% believe their works in that area is important or very important). Also national governments are seen to make very important (28%) or important (24%) contributions as well as the ITU. And finally companies like Microsoft and VeriSign are seen to make important contributions to promote authentication technologies. Contributions made by other organisations like OATH, the TECF and the Electronic Authentication Partnership are not known very well. Finally, almost 64% of those responding to last month's survey think the promotion of the development and deployment of interoperable electronic authentication systems should be one of many priorities for ISOC. For 24% of the respondents it should be one of the top priorities. Thank you to all who took the time to complete the survey. |
