Why we get hooked by phishing attacks
What makes us click on phishing links? A new study from Webroot has surveyed 4,000 office professionals from the US, UK, Japan and Australia to find out.
While a majority (79 percent) of people report being able to distinguish a phishing message from a genuine one, 49 percent also admit to having clicked on a link from an unknown sender while at work.
When asked about phishing methods, 81 percent of participants are aware that phishing attempts can occur through email, but they fail to recognize the many other ways hackers conduct phishing attacks. 60 percent of participants believe phishing attempts can come through social media, 59 percent via text or SMS messages, 43 percent believe that phishing attempts are made via phone calls and only 22 percent believe they can come through video chat.
In addition 48 percent of respondents say their personal or financial data has been compromised by a phishing message. However, of that group more than a third (35 percent) didn't take the basic step of changing their passwords following a breach. Not only is this false confidence potentially harmful to an employee’s personal and financial data, but it also creates risks for companies and their data. Having been phished only 48 percent of participants ordered a new credit card and just 43 percent set up alerts with their credit agency.
George Anderson, product marketing director at Webroot says:
Phishing attacks continue to grow in popularity because, unfortunately, they work. Hackers and criminals weaponize the simple act of clicking and employ basic psychological tricks to inspire urgent action. It is vital that consumers educate themselves on how to protect both their personal and financial data and what steps to take if their information is compromised or stolen.
For businesses that means implementing regular simulated phishing and external attacks that address the various ways hackers attempt to breach organizations through their users. By combining the latest detection, protection, prevention and response technology with consistent attack training and education, IT Security departments can tackle the people, process and technology combinations needed to successfully mitigate attacks.
The full report is available from the Webroot site.