Regardless of its size, every business is a potential target for cyberattacks. All bad actors are interested in exploiting a company’s critical assets. Confidential business information, money, financial, and personal information of staff and customers, etc. are at top risk. So, identifying the common motives allows you to understand the risks you may encounter and ways to address them. This article by Robert Lemos at Dark Reading explains why phishing attacks are so dominant with the help of findings from a phishing simulation study.
Phishing Attacks Simulation Study
A simulated phishing attack against more than 82,000 workers found that emails with a personal impact resulted in more clicks. Technical teams, such as IT workers and DevOps teams, clicked just as often and reported suspected phishing attacks a few times less than the non-technical teams.
F-Secure and four multinational companies collaborated to promote four types of phishing emails. A purported message from the human resource team, a fake CEO message, a spoof document-sharing notice, and another that claimed service failure.
Phishing emails generated 12% of clicks, but the rate varied significantly based on the content. According to Connor, F-Secure’s service delivery manager and lead author of the study report, a quarter of people clicked on the phishing email within the first five minutes of receiving it. So, the median time to report a phishing email was 30 minutes, which is not ideal.
Reporting Phishing Attacks Immediately
Increasing reporting frequency and its speed require companies to make reporting simple and easy, like clicking a button. A company without a simple reporting option had only 15% reporting, while a company with a simple option available throughout had 45% reporting. Neither working in IT nor DevOps enhanced judgment when evaluating potential phishing attacks, found the study.
The One-Click Attack
As part of the phishing chain, a user commonly clicks on an attachment or link in the email. The user is then prompted to allow a program to run or enter information on a website that appears legitimate but is controlled by the attacker. It is common for people to hesitate before entering their data into a website or clicking on the install button. So, one-click attacks are more common to gain access right away.
F-Secure had to work within limitations while building the phishing simulation email with regard to logo, language, and crafting email content for specific departments. Otherwise, F-Secure believed the click results would have been higher. To read the original article, click on https://www.darkreading.com/threat-intelligence/simulation-shows-why-phishing-attacks-continue-to-dominate
