Participants in the Kaspersky Lab survey were asked to choose which version of the song ‘Yesterday’ by the Beatles they would download when presented with .wma, .exe, .zip and .scr file choices.
The file ‘Betles.Yesterday.wma’, containing a deliberate typo in its name to throw respondents off, was the only safe file but was only chosen by 26 per cent of respondents.
The most popular option was also the most dangerous option: 34 per cent of respondents picked the file ‘Beatles_Yesterday.mp3.exe’ because it contained ‘mp3’ in its name.
However, an .exe file can lead users to install third-party software and grant it permissions on their device, posing a serious risk to their security.
26 per cent selected the .zip option, which could also contain dangerous files, and 14 per cent picked the .scr option, which has recently been used to spread malicious material.
Kaspersky Lab found that user incapacity to spot dangers was not limited to music files with many users also choosing a range of online sources to download materials, which Kaspersky classified as risky behaviour that could increase user risk of encountering malicious suppliers.
21 per cent of users regularly downloaded files from different websites, and of those users only a quarter were able to spot a genuine web page rather than a phishing option.
Furthermore, 58 per cent of users named fake sites when picking websites they would readily submit their data to.
With increasingly sophisticated and prevalent phishing, spear phishing and ransomware attacks, the research highlights the criticality of IT user security awareness training, all at levels in the organisation.