According to data from e-mail security firm MailFrontier, only 4 percent of users can spot a phished e-mail 100 percent of the time. That's a very sobering thought as the holiday season is upon us and Americans flock online for their shopping needs.
MailFrontier's data comes from its Phishing IQ Test, which is comprised of 10 examples of e-mails and users must choose whether they think the mail is legitimate, a fraud or if they have no answer.
The example e-mails are from Chase, PayPal, Bank of America, Washington Mutual, MSN, EarthLink and Amazon.
The average score in 2005, according to MailFrontier, is 75 percent, which is up from 61 percent in 2004.
Andrew Klein, manager with the MailFrontier Threat Center, noted that improvement in test takers' ability to spot a phishing attempt occurred over time.
"We believe this is the result of people becoming more aware of phishing in general," Klein told internetnews.com. "They got more suspicious."
One of the surprising results of the survey, according to Klein, is that younger people (18-24) are more likely than older people (55+) to be fooled by a phishing attack.
MailFrontier said there are five main myths surrounding phishing.
The first myth is that users can actually detect a phishing attack. Though they are getting better at identifying phishing attacks, Klein argues that there is still a good chance someone will consider a phishing e-mail to actually be legitimate.
The second myth is that spam filters can detect and stop phishing attacks.
"By now most people agree that spam and phishing e-mail are different, with phishing e-mail designed to look like legitimate transactional e-mail a user would expect to receive," Klein noted. "To catch a phish, a different set of evaluation criteria is required to help distinguish the legitimate from the phishing e-mail."