Can you accurately detect a phishing email when you receive one?
That is the question GreatHorn and Inspired eLearning sought to gain answers to based on responses from 1,123 email users in a recent survey to find out whether they could accurately detect the difference between a phishing email and an authentic one.
The September 2020 “To Catch a Phish” survey found that 52% of email users failed to detect an actual phishing email. This is an alarming percentage as phishing attacks and other cybersecurity threats are on the rise.
Users received a series of 10 emails and were asked to identify whether each email was authentic or a phishing attack. The users were part of a wide cross-section based on age, gender, and status.
Several other key findings from this study include:
- Employees, on average, received a 52% on the phishing test. Employees were able to accurately identify whether an email was a phish or authentic in 5 out of 10 examples, showing that users need more security awareness training and tools to help them better detect potential phishing attacks.
- In comparison to the age range of 18-44, those who are 45 years old are more likely to view emails as phish — whether they are authentic or phishing emails.
- Individuals on mobile devices were about 13% less likely to identify phishing emails than individuals on desktops.
- Impersonated emails from common and well-known brands, such as Amazon and Gmail, are more likely to be identified accurately as a phishing attack, showing that individuals are learning to have a more critical eye towards emails from trusted brands.
- Business-related applications and coworking platforms were the most difficult for respondents to correctly identify, with 59% identifying them as phish when they were authentic emails, showing that organizations require more training to improve productivity.
Cybercriminals use phishing emails to get email users to click on links to presumed viable websites that have been created to deceive and steal sensitive information such as addresses, login details including usernames and passwords, as well as credit card information. In many cases, just clicking the malicious link without even putting in any details can download malware to the user’s computer unknowingly.
The collective results show that organizations have a long way to go in training employees and team members on the threats that are looking to penetrate emails and networks everywhere. Improving awareness requires frequent, effective and up-to-date security training aimed at helping to not only improve security, but also to improve workplace productivity.
It is important for users to protect themselves by reviewing emails carefully and checking for typical phishing clues such as misspellings or low-resolution visuals which could indicate the email is coming from a phishing attacker rather than an authentic person.
Download the full “To Catch a Phish” report here.
To better protect your organization, your team members, and yourself from becoming a victim pf a phishing attack, follow the advice given on GreatHorn’s Phishing Attack Education Center.