More than 25% of end users are unable to identify a phishing email despite the fact that email has long been one of the most well documented targets of online scams.

According to research issued by US-based messaging security provider Cloudmark, end users still struggle to successfully negotiate the growing volume and sophistication of phishing attacks. “Some phishing sites are so realistic that they fool even the savviest Internet user,” reports Cloudmark.

A small minority of end users (6%) have, for example, responded to emails claiming to report a problem with their online account, even though banks are not allowed to communicate with their customers through email.

The survey found, however, that 82% of end users believe that responsibility for filtering phishing emails lies to some extent with the Internet service providers (ISPs) – a stance that continues to provoke controversy among the security and ISP communities.

In recent years the quality of phishing emails has improved vastly. Engineers of phishing scams now regularly harvest information on end users available online, in order to construct more convincing, personalised emails.

Information stolen during the recent hack of US recruitment website Monster.com, for example, is believed to have been used to construct targeted phishing mails.  

The spoof websites to which users are directed, meanwhile, are often not immediately distinguishable from their genuine target and can be relocated with considerable ease.

Information Age analysis: The state of security