London: Research from PhishMe has uncovered the scale of the phishing problem in UK businesses – with nearly 60% of office workers receiving phishing emails at work every single day, and 6% receiving more than 10 phishing emails every day.
Phishing emails try to trick the recipient into doing something they shouldn’t, by disguising malicious attachments or links within seemingly genuine content. If the user does respond, then it could let the hacker gain access to the corporate network in order to acquire sensitive information such as usernames, passwords or R&D information.
The research, which was conducted by OnePoll for PhishMe amongst 1,000 office workers across the UK, shows how many phishing emails are successfully bypassing technical controls and ending up in users’ inboxes. PhishMe’s experience of tracking the responses of more than 3.8 million users shows that around 60% of people will fall for a phish if they have never been trained to recognize the signs of a phishing email — revealing the scale of the problem these phishing emails can cause.
Scott Greaux, Vice President, Product Management and Services from PhishMe said, “Nearly 60% of employees receive phishing emails every day, so clearly technical controls are failing to stop these messages as they pass through the system. They end up in users’ inboxes, and for many companies it is purely down to luck if that employee responds. Our research shows that almost 60% of people will fall for a well-designed phishing email – opening your systems to the criminals and hackers.”
“Many users could click on a link or open an attachment and then carry on working, without being fully aware of the implications of their actions. User education is essential – adding ‘human sensors’ to your security infrastructure improves overall security posture and helps ensure users don’t fall victim,” Greaux continued.
Effective training will ensure employees stop and think twice before believing every email they receive. For example, they will know to look at the underlying URL, not just the displayed text, to see where the link is actually going. They will look at email headers to try to understand if the email address has been spoofed. And they will use common sense – if something doesn’t seem true (or is too good to be true!) then they won’t automatically believe it.