Do Employees Really Fall Victim to Phishing Attacks?

28 Jun
Company, Industry, News

A recent study conducted by security firm Positive Technologies found that 27% of participants fell victim to a form of social engineering.

In the study, white hat hackers at Positive Technologies acted as true hackers and sent three groups of employees forms of phishing emails. One group received emails to a webpage requesting credentials, another received emails with attachment and link to a webpage, the final group received just an attachment.

27% of the first group fell victim to the email and clicked the link 15% of the second group fell victim to an attachment and a link to a website and 7% of the third group fell victim to an email where they were prompted to download a file from the webpage. In this case, nothing happened as the links were safe. However, in a real case, these employees just placed the company at considerable cyber risk.

Do Employees Really Fall Victim to Phishing Attacks?

Source: Positive Technologies

From the above statistics, it’s clear that each additional action makes a user more suspicious; this is a good sign, because often attachments cause more damage than links, it is still a worrying statistic. However, it reinforces the point that employees are the weakest link within a cybersecurity network.

Yet, it is also important to note that employees are not completely unaware. Emails sent from fake companies only had an 11% success rate. Yet, official looking emails from real companies fooled 33% of employees.

Subject Lines

Some of the most successful test emails in this study had a subject line about ‘Firing’, ‘Bonus’ or ‘Wage Increase’. These subject lines prompt an employee to open the email without paying close attention to the file they are asked to download or the link they are opening.

The best way to defend yourself against phishing attacks is to always be alert. Before opening any unknown attachments or links check they are safe. You can do this by scanning attachments with an anti-virus. At the very least, if you’re still not sure about the contents of an email, send it to your IT department, it’s much better to be safe than sorry.

Also, you can read our other blogs on phishing to learn more about past phishing attacks and how to protect yourself;

  1. Hackers Shooting for World Cup Success with New Phishing Attack
  2. 6 Lessons from Horror Films for Avoiding Phishing Attacks
  3. Phishing Testing: Building your Human Firewall
  4. A Song of Phishing and Passwords via Cylance

Secure Sense is the security provider that cares. We are a team of experts with a passion for IT and protecting your organization is what motivates us daily. If you have questions, want to learn more about our services or just want to chat security please give us a shout. If you’re looking to guest blog, please send an email here.

You can also find us on TwitterFacebook,  LinkedIn.