With cybersecurity risks steadily growing, it’s no wonder so many companies are investing in security awareness training. Phishing is a particularly popular way for modern hackers to scam their victims. A simple definition of phishing: a method of frauding individuals with tactics designed to make them believe they are corresponding with a legitimate organization.
The overarching goal is to con victims into forking over personal details, like social security numbers or bank logins. This hacking strategy comprises one-third of all hacking attempts, and chances are you’ve seen a phishing scam before. And yet, so many employees are still falling for phishing scams. After all, the average mid-sized company pays $1.6 million to fix a phishing scam. With that in mind, here are a few reasons why today’s employees are still falling for phishing scams:
According to the 2017 State of the Phish report from Wombat, 35% of surveyed employees in the United States had no idea what phishing was. Without any thorough understanding, it becomes difficult to take the best course of action when presented it. And this is all the more difficult when a phishing attempt appears to come from someone you trust.
A whaling attack is a specific attack that targets high-level executives. The goal of a whaling attack is to extra data by impersonating the CEO of an organization. There have been numerous instances where hackers were able to initiate wire transfers or steal employee data by convincing recipients of their false identity. An increase in whaling attacks prompted the Phoenix division of the FBI to issue a warning to business owners, citing that since 2015, the FBI saw a 270% increase in identified victims and expected loss.
The fact is, most people don’t properly understand the statistics surrounding phishing. And this unintentional level of ignorance results in overconfidence, which leads to naivete. When employees are too comfortable in their setting, it can create the “it won’t happen to me” illusion. This is all the more true if they’ve never seen a phishing email in the workplace. Although 92% of respondents who acknowledged phishing said that actively look for signs of phishing, although only 43% said they verify that the links in their emails match their destinations.
Fast-paced Working Days
One of the biggest reasons employees might inadvertently click a link or forget what they’ve learned in cybersecurity training is because they’re moving too quickly throughout their day. The average office worker gets 52 emails per day. In a rush to remain efficient, it’s no wonder that many employees are quickly scan email content and clicking without much thought.
A report titled Hook, Line, and Sinker: Why Phishing Attacks Work, 85% of the 4,000 staffers surveyed said they click on one email link per day. When employees aren’t paying attention, it’s easy to make a mistake. Phishing emails are often disguised to look like company emails, and if enough attention isn’t given, chances are you’ll become a victim.
“One of our clients’ employees got an email that was supposedly from their CEO, asking the employee to help them purchase GoogleTM Play Store gift cards with the company credit card,” business owner Larry Dukhovny said in the HLS report. “The employee did it and sent over the codes right away, without ever questioning the request.”
Everyone Makes Mistakes
The reality is, no matter how effective your training is, people make mistakes. Having a 100% success rate against phishing is unrealistic. What’s important is how you manage those mistakes. This includes the technology in place to combat malware that employees might unintentionally bring into their systems by clicking a malicious link or opening a fraudulent attachment. The more educated your staff is, the more aware they’ll be and the less likely they are to make mistakes. However, as a business owner, it’s important that you always manage those expectations.
- How Hackers Are Impersonating Google and Microsoft When Preying on Remote Workers
- 15 Tips to increase the email CTR by 200% higher
- 6 Cybersecurity Risks Small Businesses Should be Wary Of
- Get People to Receive and Open Your Marketing Emails
- How to Hire and Retain Good Employees