An IT security firm has raised the scale of the phishing problem in UK businesses – with nearly 60pc of office workers receiving phishing emails at work every single day, and 6pc receiving more than ten phishing emails every day.
Phishing emails try to trick the recipient into doing something they shouldn’t, by disguising malicious attachments or links within seemingly genuine content. If the user does respond, then it could let the hacker gain access to the corporate network in order to acquire sensitive information such as usernames, passwords or R&D information.
The survey, by OnePoll for PhishMe among 1,000 office workers across the UK, shows how many phishing emails are bypassing technical controls and ending up in users’ inboxes. PhishMe says that its experience of tracking the responses of more than 3.8 million users shows that around 60pc of people will fall for a phish if they have never been trained to recognise the signs of a phishing email — revealing the scale of the problem these phishing emails can cause.
Scott Greaux, Vice President, Product Management and Services from PhishMe said: “Nearly 60 per cent of employees receive phishing emails every day, so clearly technical controls are failing to stop these messages as they pass through the system. They end up in users’ inboxes, and for many companies it is purely down to luck if that employee responds. Our research shows that almost 60% of people will fall for a well-designed phishing email – opening your systems to the criminals and hackers.”
“Many users could click on a link or open an attachment and then carry on working, without being fully aware of the implications of their actions. User education is essential – adding ‘human sensors’ to your security infrastructure improves overall security posture and helps ensure users don’t fall victim,” Greaux added.
The firm added that effective training will ensure employees stop and think twice before believing every email they receive. For example, they will know to look at the underlying URL, not just the displayed text, to see where the link is actually going. They will look at email headers to try to understand if the email address has been spoofed. And they will use common sense – if something doesn’t seem true (or is too good to be true!) then they won’t automatically believe it. The PhishMe survey was conducted by One Poll amongst 1,000 office workers across the UK.
