News

Research Reveals 88 Per Cent of UK Web Users Unable to Spot Phishing Sites

Green Address Bar Provides High Visibility Weapon in Fight Against Cyber Crime

LONDON - June 11, 2009 - A YouGov survey* commissioned by VeriSign, Inc. (NASDAQ: VRSN) has revealed that 88 per cent of Web users in the UK are at risk from online fraud by not being able to identify the different forms of phishing currently happening online.

The research asked each respondent to identify which - of two Web site images presented side by side - was a fraudulent phishing site. The most frequently missed "tell tale" was the spelling on the site, with 88 per cent failing to spot the spelling mistakes that would have identified the phishing site. The other "tell tales" include:

  • No padlock symbol in the browser address bar - 57 per cent duped
  • URL containing unspecified, numerical, domain name - 34 per cent duped
  • Request for additional account information - 23 per cent duped

"Phishing continues to be a major challenge for online businesses," said Andrew McClelland, Director of Business Development at industry body IMRG. "It takes only one phishing attack to dramatically reduce the Web browsing public's trust in an organization. Once that trust is lost, it is very difficult to regain, and with competition just a click away, something that businesses cannot afford to lose."

Phishing scams and online fraud have created doubt and concern among online shoppers. To regain their trust, site owners need an easy, reliable way to show customers that their transactions are secure - and they are who they say they are. Security vendors and Internet browsers have combined forces to establish the Extended Validation standard for SSL Certificates. With this technology, the browser and the certificate authority control the display, making it difficult for phishers and counterfeiters to hijack a brand and its customers.

"Since adding extended validation authentication, which produces a green address bar in our browser, Quickrooms.com's sales have increased by nearly seven per cent," said Stephen Mills, product manager for QuickRooms.com. "The green glow generates an extra level of trust, which helps reassure customers that they've come to the authentic Quickrooms.com Web site. Thanks to VeriSign EV SSL, and the increased level of trust our users now have, we've seen an increase in bookings."

"With nine out of ten people in the UK vulnerable to phishing scams, a method for easily identifying a genuine site from a phishing site is a must for all businesses online," said Tim Callan, vice president of product marketing at VeriSign. "By adopting Extended Validation, a site owner makes it easy for Web users to see that the site they are on is genuine. When a shopper visits a site secured in this way, a high-security browser will trigger the address bar to turn green. For additional clarity, the name of the organization listed in the certificate as well as the certificate's security vendor is also displayed."

Regional findings

The research also provides insight into the vulnerability of different parts of the population. Women are 12 per cent more likely to be a victim of phishing than men, while people in Northern Ireland are the least likely to fall into the Internet fraudsters' traps. The most vulnerable age group is the over 55s, who are 10 per cent more likely to be a victim of phishing than average and 30 per cent more likely to be duped by phishing than an 18 to 24 year old.

Knowledge is key to fighting phishing and to this end VeriSign has compiled its Top five tips to distinguish a real site from a phishing site.

Consumers should check whether or not a site is genuine and is taking measures to protect their personal details by looking for the following:

  • https:// The "s" in https:// means the site is encrypted, so the information you enter is secured. While some phishing sites do have a secured Web address, many do not. Therefore, site visitors should be on the lookout for missing security on sites that should have it.
  • The padlock icon: To be meaningful this icon must appear in the actual browser interface and not inside the content of the page itself.
  • Trust marks: Simple visual cues in the form of popular logos can show that a Web site is authenticated, secured, and the company is reputable.
  • Check the Web address: Be suspicious of any site with an unknown domain that contains the name of a well known site in the latter part of the Web address.
  • Green address bar: This signifies that this site has undergone extensive identity authentication so that you can be confident it is the site it claims to be.

To try and identify the phishing sites for yourself visit www.phish-no-phish.com/

*Notes to editors

The online survey was commissioned by VeriSign and conducted by YouGov on 18-22 June. 2,175 UK adults (aged 18+) were polled in the sample.

About VeriSign

VeriSign, Inc. (NASDAQ: VRSN) is the trusted provider of Internet infrastructure services for the networked world. Billions of times each day, VeriSign helps companies and consumers all over the world engage in communications and commerce with confidence. Additional news and information about the company is available at www.verisign.com.

VRSNF Statements in this announcement other than historical data and information constitute forward-looking statements within the meaning of Section 27A of the Securities Act of 1933 as amended and Section 21E of the Securities Exchange Act of 1934 as amended. These statements involve risks and uncertainties that could cause VeriSign's actual results to differ materially from those stated or implied by such forward-looking statements. The potential risks and uncertainties include, among others, the uncertainty of future revenue and profitability and potential fluctuations in quarterly operating results due to such factors as increasing competition and pricing pressure from competing services offered at prices below our prices, market acceptance of our existing services and the current global economic downturn, the inability of VeriSign to successfully develop and market new services, the uncertainty of whether new services as provided by VeriSign will achieve market acceptance or result in any revenues, the risk that planned divestitures of certain businesses may be delayed or pending dispositions may not be completed, may generate less proceeds than expected or may incur unanticipated costs or otherwise negatively affect VeriSign's financial condition, results of operations or cash flows, and the uncertainty of whether Project Titan will achieve its stated objectives. More information about potential factors that could affect the company's business and financial results is included in VeriSign's filings with the Securities and Exchange Commission, including in the Company's Annual Report on Form 10-K for the year ended December 31, 2008, Quarterly Reports on Form 10-Q and Current Reports on Form 8-K. VeriSign undertakes no obligation to update any of the forward-looking statements after the date of this press release.

Contacts

Media Relations:
Victoria Henry, vhenry@verisign.com, + 44 (0) 7920 598 016

Weber Shandwick for VeriSign:
Lydia Curtis, Lcurtis@webershandwick.com, +44 (0)207 067 0513

Investor Relations:
Nancy Fazioli, nfazioli@verisign.com, +1 650-426-5146