Infosec Cloud
Solutions. Services. Training.

The 'chat' from the cloud

Keep up-to-date with the latest trends, hints and tips on cloud-based security

Most internet users fail to spot malicious files

Date: Nov 25, 2015

Category: Blog

The majority of users have difficulty distinguishing between potentially malicious files and harmless ones, according to new research.

Three quarters of internet users would download files that were potentially malicious, a global survey from Kaspersky Lab has found.

74 per cent of users, when presented with a scenario where they had to choose which of four files was safe to download, picked options that would leave their devices open to cyber crime.

Participants in the Kaspersky Lab survey were asked to choose which version of the song ‘Yesterday’ by the Beatles they would download when presented with .wma, .exe, .zip and .scr file choices.

The file ‘Betles.Yesterday.wma’, containing a deliberate typo in its name to throw respondents off, was the only safe file but was only chosen by 26 per cent of respondents.

The most popular option was also the most dangerous option: 34 per cent of respondents picked the file ‘Beatles_Yesterday.mp3.exe’ because it contained ‘mp3’ in its name.

However, an .exe file can lead users to install third-party software and grant it permissions on their device, posing a serious risk to their security.

26 per cent selected the .zip option, which could also contain dangerous files, and 14 per cent picked the .scr option, which has recently been used to spread malicious material.

Kaspersky Lab found that user incapacity to spot dangers was not limited to music files with many users also choosing a range of online sources to download materials, which Kaspersky classified as risky behaviour that could increase user risk of encountering malicious suppliers.

21 per cent of users regularly downloaded files from different websites, and of those users only a quarter were able to spot a genuine web page rather than a phishing option.

Furthermore, 58 per cent of users named fake sites when picking websites they would readily submit their data to.

Increase Employee Security Awareness with Interactive Training delivered at the Desktop >>

Comments are closed.

  • Employee GDPR Awareness Training

  •  Identity-as-a-Service (IDaaS) solution

  • Tokenless Strong Authentication (MFA)

  • Next Gen Endpoint Security

  • Enquiry LinkedIn Spiceworks