New research from Webroot, a Carbonite company, revealed that 61% UK office workers would open an email appearing to be from their boss first, followed by a message from a family or friend, despite potentially putting the entire organisation at risk.
The research report titled ‘Hook, Line and Sinker: Why Phishing Attacks Work’ analysed the psychological factors impacting an individual’s decision to click on a phishing email. A sense of urgency combined with a familiar context are strong incentives for employees to open potentially malicious correspondence.
Phishing is the most popular method of cyberattack in the UK(1) and Webroot’s research has found that over three-quarters (77%) of office workers reported receiving a phishing email at work. However, following an attack, cybersecurity processes fall apart as 40% did not bother changing their passwords and fewer an a third (29%) failed to report these emails to the government.
In addition, this lack of cybersecurity awareness extends to other tactics that can be used in a phishing attack. While the majority of employees (89%) felt confident in identifying malicious emails, only half (50%) correctly identified phone calls as vulnerable to phishing attacks, and even fewer recognised post mail (42%), app notifications (41%) or video chat (28%).
Paul Barnes, Vice President Product Strategy & UX, Webroot:
“Cybercriminals weaponise the simple act of clicking and use psychological tricks to inspire urgent action. A high-pressure office environment coupled with a desire to appear responsive to the boss will encourage an ‘act first and think later’ attitude, potentially putting valuable data at risk.
Organisations must implement regular simulated phishing attacks that address the various ways hackers attempt to breach businesses through their employees. A layered security approach that includes consistent training is essential. Armed with this approach, IT Security departments can tackle the people, process and technology needed to successfully mitigate attacks.”
Read the full ‘Hook, Line and Sinker: Why Phishing Attacks Work’ Report