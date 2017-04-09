Americans recognize the need for strong passwords and know that public Wi-Fi hot spots aren’t necessarily safe for online banking or e-commerce. But U.S. adults are not as good at recognizing email “phishing” schemes or determining if a website is encrypted, a Pew survey shows.

SAN DIEGO — When it comes to cybersecurity, Americans recognize the need for strong passwords and know that public Wi-Fi hot spots aren’t necessarily safe for online banking or e-commerce.

But U.S. adults are not as good at recognizing email “phishing” schemes or determining if the website where they’re entering credit-card information is encrypted.

That’s according to a new Pew Research Center survey titled “What the Public Knows about Cybersecurity.” It tallied responses from 1,055 adults last year about their understanding of concepts important to online safety and privacy.

The results were mixed, highlighting that public awareness of online security measures remains a potential weak link in thwarting cyberthreats.

“It is probably our No. 1 concern and No. 1 vulnerability,” said retired Rear Adm. Ken Slaght, head of the San Diego Cyber Center of Excellence, a trade group for the region’s cybersecurity industry. “These attackers keep upping their game. It has gone well beyond the jumbled, everything misspelled email.”

The Pew Research survey asked 13 questions about cybersecurity. The median score was five correct answers. Just 20 percent answered eight questions correctly.

A relatively large percentage of respondents, however, answered “not sure” to questions rather than providing the wrong answer.

Participants had a good understanding of some security basic practices such as the importance of strong passwords and less knowledge of others — particularly more technical aspects of web safety such as multifactor authentication and virtual private networks.

“One of the things you see from the Pew study, as you drill down in security knowledge, the numbers really do drop off,” said Stephen Cobb, security researcher for anti-virus software firm ESET. “I was disappointed that only 33 percent were aware of what the ‘s’ in ‘https’ meant.”

It stands for secure, with website authentication and encryption of digital traffic. It is used mostly for online payments. Security researchers often suggest computer users examine the website addresses — known as the URL — as a first step before they click on a link.

“You wonder if people know what a URL is,” said Cobb. “Do they know how to read a URL? So there is plenty of work to be done” in terms of public awareness.

Only 54 percent of respondents correctly identified a phishing attack. For cybercriminals, phishing remains a favorite trick for infecting computers with malware. Phishing schemes usually involve an email that directs users to click on a link to an infected website.

Computer-security software does a good job of blocking most phishing schemes, Cobb said. Even so, cybersecurity technology can’t yet deliver a “completely automated response to phishing,” he said. “So we have to proceed with user education and with attempts to make phishing a poor career choice” by prosecuting those who do it.