Majority of Americans fall for email phishing scams

In December, CBS News teamed up with Intel Security to bring readers a quiz to test their ability to spot phishing emails designed to steal their personal information. Since then, over 19,000 people around the world have taken the test. Intel released the final results Tuesday -- and they’re not pretty.

Scammers use phishing emails to get consumers to click on links to websites they’ve created solely for the purpose of information theft. They trick users into typing their names, addresses, login IDs, passwords or credit card information into fields on sites that look like they belong to real companies. In some cases, just clicking the link provided in an email will automatically drop malware onto the user’s device. Once the malware is installed, hackers can easily steal the victim’s information without their knowledge.

Phishers are getting better and better at making their traps look real, copying logos and creating sham urls and email addresses that look like actual corporate credentials.

The Intel quiz displayed 10 real emails delivered to inboxes and collected by analysts at McAfee Labs, which is part of Intel Security. Some were legitimate correspondences from major companies, while others were phishing emails that look extremely believable.

Of the 19,458 people who took the quiz, the vast majority -- 80 percent -- fell for at least one of the fake phishing emails they saw. Only 3 percent got a perfect score.

Interestingly, the one email that was most often misidentified in the quiz was actually a legitimate letter. It raised false alarm bells by encouraging readers to claim free ads, a clicky turn of phrase that made people wary.

Compared to the other 143 countries represented in the survey, the U.S. ranked 27th overall in ability to detect phishing. Americans’ average 68 percent accuracy was just a few points above the global average. France, Sweden, Hungary, the Netherlands and Spain turned in the best performances.

The results serve as yet another reminder to click with caution -- or not click at all. Intel Security’s Gary Davis urged people to keep security software and browsers up to date to help weed out malicious sites and downloads, and to hover over links before clicking on them to make sure they point where they say they do. He also warned of obvious red flags, such as misspellings or bad grammar, that can help tip you off to a fraudulent correspondence.

Want to see how you’d do on the quiz? You can try your hand at it above. If you don’t score well, don’t take it too hard. When Intel circulated an earlier version of it to Internet security professionals last year, 94 percent were fooled at least once.

Featured in SciTech