2021-12-26 00:00:00

Securitycriminal|cyber|email|phishing|research|study

Here is why cyber criminals favor phishing: it can catch up to 30% of people

When a clever phishing message or phone call happens to be delivered to a person at the right moment, it is possible that the target follows the instructions given by cyber criminals. A recent research discovered that up to 30 percent of people may fall for phishing attempts if they go on long enough. This and other bits of valuable information is available in the research paper P hishing in Organizations: Findings from a Large-Scale and Long-Term Study by the ETH Zurich University, Switzerland.

If 30 percent (32.10% to be exact) seems like a high number for people who fall for phishing attempts, it is. According to the research, the reason is that when people are exposed long enough to phishing attempts, even the sharpest internet user may fail to avoid the trap. This is what makes the Zurich study exceptional: the researchers had agreed with the leaders of a large multi-industry company that they could run their experiment with 14,733 participants over a 15-month period. The researchers selected their phishing targets from a large variety of employee groups, ages and experience level.

25.43% of users followed phishing instructions, and performed a harmful action that simulated what cyber criminals would have wanted.

In addition, a number of employees learned nothing but fell for the phishing attempts multiple times. Out of those who clicked a phishing message, about 30% did it more than once.

Age groups that were most likely to fall for phishing were the youngest and the oldest employees. People who have experience with computers, who have encountered phishing earlier, or are higher up in the organizational hierarchy were the least likely to fall for phishing.

email program menu. Phishing in organizations research report.
The rightmost button allows reporting of potentially harmful messages. Source: Phishing in organizations research report.

Methods to prevent phishing

So, are we doomed? Phishing is the technique ransomware criminals typically use to get into an organization's computer systems. Phishing is also used by attackers who, for instance, want to install a spy software or a program that silently runs cryptomining for them on your computer. It doesn't look promising if a third of computer users can be relatively easily misled to do harmful actions.

Fortunately, the report Phishing in Organizations gives us some hints for measures that can help prevent phishing.

Short warnings about potential problems inserted into messages help avoid phishing. Phishing messages that didn't include a warning were followed three times more often than messages that had a warning. The researchers probably inserted warnings in messages manually, but some day, spam filter programs and artificial intelligence can be applied to do the same as well. The warnings in the experiment were inserted in the beginning of messages: " Be careful! This message might be trying to steal your personal information."

Crowdsourcing is a potential method to increase detection of phishing attempts. People who actually receive potentially harmful messages and phone calls can easily report ongoing attacks. Large organizations have the resources to manage the process of reporting phishing, performing counter measures, and keeping the organization up-to-date on the situation.

The research doesn't give high hopes for training. Especially, online courses that employees can simply view and answer some questions, wasn't an effective way to improve awareness. Active training, such as game-like simulations that show what actually happens during an attack are more effective.

News

2025-01-15 08:59:00

Not to mention travel – when real life experiences in a destination don’t match the expectations and everything that can go wrong, goes wrong. Well, that’s the beauty of #travel. #Europehttps://klaava.com/nitpickers-travel-journal-travel-lessons-learned-in-2024/


News

2025-01-11 13:25:00

A conclusion from the Traffic Scorecard 2024 results is it takes about double the time to drive along the streets of London (the most congested city in #Europe) than the streets of Munich, which is ranked the 21st most congested European city. #traffic #travelhttps://klaava.com/the-cities-in-europe-where-people-are-stuck-in-traffic-most-often/


A shop dedicated to tasty juice

2025-01-09 14:04:10

arihak

A shop dedicated to tasty juice


in the busy old town center.

2025-01-08 16:16:08

in the busy old town center.


News

2025-01-07 14:56:00

A reminder for keeping your data safe when traveling. Why? It is likely that you have to access your most critical data in risky situations on the road.https://cybernews.com/privacy/how-to-protect-your-sensitive-information-while-traveling/


News

2025-01-02 16:33:00

What about the scenery, you who are hurrying to the other side?#streetphotography#streetphoto


News

2025-01-01 16:06:00

According to a survey, third of travelers are victims of online booking scams. Since it is so convenient to make travel reservations online, that’s what we do. The problem is that we haven’t adopted new methods to avoid online scams. #travel #scamhttps://klaava.com/a-traveler-is-more-likely-to-get-scammed-when-booking-a-trip-than-being-robbed-in-a-destination/


Perhaps road builders had too much time?

2024-12-29 15:19:44

Perhaps road builders had too much time?


News

2024-12-27 18:25:00

#Photography is full of so-called “rules” that can feel overwhelming. However, some of these “rules” are downright myths.https://www.diyphotography.net/debunking-seven-common-myths-photographers-still-believe-in/


What should I read next?

2024-12-25 15:18:22

arihak

What should I read next?


News

2024-12-23 11:34:00

Since #EU #DMA has specified #Apple as a #gatekeeper in #mobile devices, EU considers Apple should implement several iOS connectivity features, predominantly used for and by connected devices. For instance, notifications, automatic Wi-Fi connection, AirPlay, AirDrop, or Bluetooth audio switching.https://digital-markets-act.ec.europa.eu/commission-seeks-feedback-measures-apple-should-take-ensure-interoperability-under-digital-markets-2024-12-19_en


News

2024-12-21 14:51:00

Smartphone users in the US are not impressed with the latest artificial intelligence features on their devices with 73 percent of Apple users and 87 percent of Samsung users unsatisfied, according to a new study. #phone #AIhttps://petapixel.com/2024/12/19/majority-of-smartphone-users-are-unimpressed-with-ai-features-study-finds/


There should be enough ice already to open the hotel

2024-12-20 16:40:17

There should be enough ice already to open the hotel


Hiking on a mountain experience: the end of an ancient tunnel

2024-12-09 14:12:31

arihak

Hiking on a mountain experience: the end of an ancient tunnel


on a hot summer day

2024-12-02 18:47:01

on a hot summer day


Cloudy day in a valley

2024-11-25 16:31:59

arihak

Cloudy day in a valley


In the shade of a lone palm tree

2024-11-25 15:46:29

In the shade of a lone palm tree


an abandoned town?

2024-11-07 18:35:22

an abandoned town?


A quiet moment between heavy rain

2024-10-24 17:34:45

A quiet moment between heavy rain


Everyone loves a pretty mountain scenery

2024-10-24 16:54:02

arihak

Everyone loves a pretty mountain scenery