Sounds funny, doesn’t it? But that’s part of the title of a consumer survey recently completed by the Messaging Anti-Abuse Working Group (MAAWG): “A Look at Consumers’ Awareness of Email Security and Practices or ‘Of Course, I Never Reply to Spam – Except Sometimes.‘” The report is issued in two parts: Part 1 is a summary of the results; Part 2 is the actual survey data complete with charts. Here’s an excerpt from the report’s abstract:
This survey was commissioned by the Messaging Anti-Abuse Working Group (MAAWG) to gain a better understanding of consumers’ awareness of the risks associated with viruses and “bots” spread through email and to determine how the industry can best work with consumers in dealing with important messaging threats. The research covers bot awareness and also asks the frequently voiced question: “Why did you click on that spam link?” It identifies the specific actions consumers take to protect themselves against viruses and junk mail, looks at consumers’ attitudes toward virus mitigation, and seeks to quantify and understand consumers’ email habits.
One of the most striking results from this research is that while 82% of consumers are aware of “bots” and malware threats, only 20% believe there is a very good chance their computers could get infected.
What surprises me is the high percentage of consumers who are aware of bots; what doesn’t surprise me is that most of those have a “won’t happen to me” attitude.
The real eye opener in this study is the responses to survey question 12: “If you have ever clicked on a link or replied to an email that you suspected was spam, why did you take this action?” The majority of respondents (52%) said they had clicked or replied. 17% said they “made a mistake.” It happens, especially if you have a twitchy clicker finger. There’s no excuse for the 12% who said they were “interested in the product/service” being offered nor the completely clueless 6% who “wanted to see what would happen.” Unbelievable! It’s these people who are the reason spam won’t go away. They’re also the folks whose PCs I have to clean up on a regular basis.
Fellow security professionals, we have our work cut out for us.