E-crime education not working says Symantec

Efforts to educate users about phishing attacks are badly communicated and lack focus, according to a leading IT security expert.

William Beer, European director of Symantec's Security Practice, told delegates at the annual E-crime summit in London yesterday that all the "great work being done to build e-commerce is at risk" if online fraud continues to rise.

He added that increasingly targeted, sophisticated phishing attacks are using individuals' personal details to make the phishing email appear more authentic, and a growing variety of attacks, including voice phishing and SMS phishing, mean the education message needs updating.

Beer also argued that the education message needs to be targeted differently, depending on the user's age.

"The industry needs to reflect on our communication strategies and reflect on what could be the next wave of attacks," Beer argued. "Email is a cost-effective and timely way of communicating with consumers but it's at risk of not being recognised as a legitimate piece of communication [if phishing continues]."

Sharon Lemon, head of Soca's E-crime Unit agreed that the level of sophistication in phishing attacks is rising, and admitted that UK users "seem to make the best victims" at the moment.

But others dismissed education as pointless. Joesph Sullivan, associate general counsel of PayPal, noted in his keynote speech that "education is not going to stop online fraud because the attacks are too good now". Mikko Hypponen of web security specialist F-Secure added that responsibility for security needs to be moved from the user to the operating system manufacturers and security vendors.