A recent survey conducted by Global Cyber Alliance draws alarming conclusions: almost half of consumers cannot determine the safety and legitimacy of online shopping sites. In United States for example only half of consumers think they can determine if they browse a secure shopping website while in United Kingdom 36% cannot determine the safety and legitimacy of online shopping sites and 45% have stopped an online purchase because of security fears.

These findings are doubled by research of Anti-Phishing Working Group, their specialists discovered more than 100,000 phishing websites targeting over 300 individual brands. The brands with the most spoof-able websites included popular online retailers Amazon (82%), Walmart (36%), and Target (20%).

It is easy for scammers to trick users with websites that look like they are legitimate company websites – either an international brand or a local store – but have a different IP address – something that most users would find very hard to detect.

One method for scammers? Registering web domains that are misspellings of popular brands and destinations. According to the Global Cyber Alliance survey, 76% of U.S. and U.K. consumers have mistyped a website address into their browsers and 60% have clicked on a link in an email that has taken them to a different site than they expected.

Other findings from the Global Cyber Alliance survey include:

Online Safety vs. Physical Safety

  • Only 16% of consumers fear a burglar breaking into their home more than an online hacker stealing personal information
  • Only 11% of consumers think that their mobile phone is more secure than the front door of their house

The Threat is Real

  • 60% of consumers have had their computer infected with malware
  • 50% have visited a website that they feared could do harm to their computer or device

The good news is Global Cyber Alliance, along with IBM Security and Packet Clearing House launched Quad9, a free service that protects both consumers and businesses from the most popular phishing websites. In four easy steps, computers can be configured to automatically check every link that is clicked on – or address that is entered – against a directory of millions of bad web addresses compiled from companies that specialize in categorizing online threats and scams. If a user tries to access a website that is on any of the lists of malicious websites, they are blocked from accessing the site.