Study Finds Consumers Consistently Deceived by Phishing Messages

Study conducted by ICONIX finds that users opened one of every six spoofed messages linked to phishing scams.

SANTA CLARA, Calif., — February 5, 2007 — ICONIX, Inc., the leading provider of visual email identification solutions, today announced results from an end-user study which found that on average, email users opened one in six phishing messages — fake email messages created to defraud consumers. The study also found that consumers' tendency to open spoof messages varied widely according to the type of message. Open rates ranged from a high of one in four fake messages claiming to be from social networks to a low of one in ten fake messages purportedly from dating services.

The study included 10,557 participants, and was conducted during a six month time period from May-October 2006. Results of the study, which recorded actual email behavior, were categorized into eight segments based on the type of message received. The open rate of spoofed messages breaks down as follows:

  • Social networks - 24.9%
  • E-cards - 17.1%
  • Payment - 16.2%
  • Financial - 15.5%
  • Auction - 14.7%
  • Info - 12.9%
  • Retail - 12.1%
  • Dating - 9.5%

"It's no secret that phishing attacks have significantly increased during the past few months," said Jeff Wilbur, vice president of marketing for ICONIX. "What is surprising is how effective the phishers are at motivating users to open spoofed messages. Based on the industry estimates that 59 million phishing messages are sent per day, our study indicates that as many as 10 million fake messages may be opened per day, creating huge risk for people receiving the messages. It's also interesting to see that social networks and e-cards top the list of open rates for spoof messages, indicating to us that users need to be cautious, regardless of the type of messages they receive. As phishing becomes more sophisticated and pervasive, it's easy for even the most discriminating email users to fall victim to such attacks."

In order to help consumers identify legitimate messages and avoid phishing attacks, ICONIX has developed its Truemark service, which now supports email clients used by over 120 million consumers. When an email arrives, the Truemark service uses industry standard technologies such as Domain Keys and Sender ID to verify the authenticity of the message. The email sender is then checked against a list of registered senders with ICONIX. Once the email has been verified, a Truemark icon is displayed in the user's inbox, identifying the sender and signifying that it is a legitimate message. The software plug-in for the Truemark service is free to consumers and is available at

About ICONIX, Inc.
ICONIX, Inc. is the leading provider of trusted email identification solutions. ICONIX provides the industry's first visual eMail ID solution for businesses and consumers. The Iconix® solution enables consumers to quickly identify messages from legitimate senders, which proactively combats widespread email-based identity theft techniques, such as phishing. The Truemark service is the only standards-based visual authentication solution that works across various email platforms. For more information, visit

# # #

Iconix and Truemark are registered trademarks in the United States and Iconix, Check-lock, the Iconix logo, the Iconix enabled logo, and the Check-lock icon are trademarks or service marks of ICONIX, Inc. Other trademarks are the property of their respective owners.