'Old school Brits' desperate for data security lessons

The majority of Brits are hopeless at spotting fake websites designed to take their money and their data, simply because they are still reliant on “old-school knowledge” while the cyber criminals are light years ahead.

New research by cybersecurity company NordVPN, shows that around two in three (63%) consumers could not correctly identify all the red flags of phishing websites, and many were relying on out-of-date safety information to protect them.

Phishing websites, often resembling those belonging to real businesses, are set up to trick victims into giving away personal and financial information, such as passwords or credit card details. They can also be used to spread malware that can steal data, damage systems and even hand control of devices over to criminals.

NordVPN’s National Privacy Test – a global survey aimed to evaluate cybersecurity and online privacy awareness – revealed that more than four in five UK consumers (85%) believe a padlock icon in a web browser’s address bar suggests they are using a trusted site. However this icon, which is due to be retired by Google Chrome later this year, only indicates a secure encrypted connection and is now common on scam websites.

Meanwhile a fifth of Brits (22%) admit they are suspicious of a website that does not have a copyright symbol at the bottom of a page, despite this having no bearing on its safety.

When it comes to spotting fakes, nearly three quarters (72%) correctly identified that a website’s digital certificate – or SSL – showing a random individual or company name would be a warning sign, with 81% accurately highlighting poor visuals and copy and 86% singling out a suspiciously named web address.

There are more than a million unique phishing websites operating online and several new sites are created every minute, according to figures from the Anti-Phishing Working Group.

But Brits are still ahead of other nationalities; out of 175 countries which have taken the test, the UK finished fifth, with its average score of 62/100 just behind Germany and the US (63/100) and the joint winners Singapore and Poland (64/100). The average global score for the test was 61/100, down from 64/100 in 2022 and 66/100 the year before.

The results show that while most people in the UK have basic online safety skills, they lack awareness of practices and tools to protect them while browsing.

In total 95% of UK respondents knew how to create a strong password, correctly choosing the longest option that combined upper and lower-case letters, numbers and symbols. Nine in ten (91%) were aware of the importance of shielding personal information and location data on social media, while 85% knew saving card details on their browser was a risk.

Only one in ten (10%) knew all the data that their internet provider could gather when they surf the web. Less than half (46%) realised their email address could be collected, alongside the websites they visited, their unique IP address, the time they spent online and the device they were using.

Meanwhile, just over half (53%) were aware that Facebook could still collect information on people – even if they don’t use the website – through cookies on third-party sites that incorporate Facebook engagement functions such as a “like” button.

Among the new scams causing the most confusion is “juice jacking”, a technique where criminals tamper with public USB charging points so they can steal data from devices that use them. A quarter of Brits who took the test (23%) were willing to use a public charging point to charge their laptop when working remotely, putting their device – and sensitive information – at risk of being juice jacked.

NordVPN chief technology officer Marijus Briedis said: “Despite their respectable placing in the test, these results should give the UK definite cause for concern.

“As technology advances, cybercriminals have adapted their tactics, making it challenging for the average user to keep up. Also, there is a common misconception that cybersecurity is solely the responsibility of service providers

“Many Brits seem off the pace when it comes to their online safety, reliant on ‘old-school knowledge’ and at risk of falling headlong into scams like phishing websites. It’s important they realise that with the use of biometric identification growing, the value of a strong password is likely to decline over the next few years, and they must up their game in other areas.”