Majority of the Dutch people do not report malicious emails
On the International Internet Day it showed that knowledge on malicious emails and phishing among the Dutch population is lacking. By now the terms are quite well known, seeing as 82 percent knows what phishing is. This does not mean, however, that such emails are actually recognised. No less than 2 out of 5 Dutch people (41%) will not recognise false links and email addresses. Still, nearly three quarters (73%) is convinced that they would be able to identify a malicious email. These numbers come from a research report by BIT, specialist in collocation, internet connections, managed hosting and outsourcing, among 1012 Dutch people with an office job. The data are combined in the repot ‘Internet Eigenwijs 2017’.
To test whether the Dutch could truly recognise malicious emails, the respondents were presented with a number of links and email addresses from which they had to identify the false ones. But the real links and addresses were thought the be fake just as much as the actual false ones. This shows how hard it is to recognise malicious emails without guidelines.
Malicious emails often contain a harmful link or file. The Dutch employee was asked which type of file they think could be harmful to a computer. In fact, any file can be dangerous, but the research showed that the respondents did not know this. They assume that files like .exe (45%), .jar (38%), .js (35%) and .zip (35%) can be harmful. One in three Dutch people does not have a clue which files can do damage.
Finally, the Dutch people indicate that they are not a part of the signalling function of malicious emails. No less than 60 percent says not to contact a company when they receive a fake email from them. One in five respondents admits to have spotted a fake email once and again without acting on it at all.
Wido Potters, Manager Support & Sales at BIT, on the results: “The Dutch employee lacks in knowledge about malicious emails. This type of email is getting harder and harder to distinguish for the real thing. Linguistics and design used to be good guidelines to recognise malicious emails, but those offer no handholds anymore nowadays. This lack of knowledge also impacts corporate networks. When in doubt, employees tend to open the false email on their work computer instead of their private laptop. This is probably because the employee assumes that the IT department has everything set up well and will solve possible problems. That shows the importance of explaining and recognising the risks. Provide training programmes and set up measures that are manageable and adaptable. Then everyone will be a little closer to an open, free and secure internet.”
Do you want to know more about the research results? Download the report ‘Internet eigenwijs 2017’ here: https://www.bit.nl/bit-onderzoeksrapport-2017 (only available in Dutch)