An easy catch? 6 out of 10 office workers phished daily

The Boardroom

by | 14 January 2013

6% get more than 10 phishing emails a day


Most in business will be familiar with the phenomenon: emails that try to trick you into doing something you really shouldn't, hitting your inbox on a regular basis.

The scams, which vary wildly in their sophistication, include all sorts of tricks from clicking a dubious link, to parting with your bank account details to help out the supposed ex-wife of some dictator who has several million dollars she needs to deposit urgently.

Well research from PhishMe, which says it can help firms train their employees and customers about the risks of spear phishing with just a few simple clicks, found that in the UK nearly 60% of office workers receive phishing emails at work every single day, and 6% receive more than 10 phishing emails every day.

Phishing attacks don't only put the individual at risk - a successful attack can let the hacker gain access to the corporate network in order to acquire sensitive information such as usernames, passwords or R&D information.

The research, which was conducted by OnePoll for PhishMe amongst 1,000 office workers across the UK, shows how many phishing emails are successfully bypassing technical controls and ending up in users' inboxes. PhishMe's experience of tracking the responses of more than 3.8 million users shows that around 60% of people will fall for a phish if they have never been trained to recognise the signs of a phishing email -- revealing the scale of the problem these phishing emails can cause.

Scott Greaux, vice president, product management and services from PhishMe said, "Nearly 60% of employees receive phishing emails every day, so clearly technical controls are failing to stop these messages as they pass through the system. They end up in users' inboxes, and for many companies it is purely down to luck if that employee responds. Our research shows that almost 60% of people will fall for a well-designed phishing email - opening your systems to the criminals and hackers.

"Many users could click on a link or open an attachment and then carry on working, without being fully aware of the implications of their actions. User education is essential - adding 'human sensors' to your security infrastructure improves overall security posture and helps ensure users don't fall victim," Greaux added.

The firm argues that education is the best form of defence against those phishing attacks that get through technical controls, which - just like the way that staff should deal with phishing attacks - seems like a simple case of applying common sense.

Comments
Post a comment

Comments may be moderated for spam, obscenities or defamation.

Join our network

756 people like this.
0 people follow this.

The Boardroom Intelligence

Privcy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.