Bob’s Business has released the findings of their analysis of over 67,000 phishing emails, revealing the phishing tactics which are successful 94% of the time.
Analysis found that phishing success rates could hit 94% when the email posed as an internal source and included a danger. An internal source may be an organisation’s IT team, whilst a danger could be the loss of an account if an action is not taken.
Conversely, phishing emails that posed as external sources and utilised a benefit were successful only 37% of the time. External sources are organisations like Amazon and GCHQ, whilst a benefit might be a free gift card or a tax rebate.
The analysis, published in a blog post, was conducted on data from simulated phishing attacks on businesses and organisations. It reveals the efficacy of various types of phishing emails in a bid to understand the psychological phenomena behind phishing attacks.
Phishing attacks are used by cybercriminals to gain access to accounts and systems, typically to inflict financial and reputational damage. Designed to look credible, phishing emails are traps to encourage unwitting participants into giving up private information.
Given that it only takes one successfully phished employee to compromise the cyber security of an entire company, these results highlight the credible and persistent dangers facing organisations of any size.
Melanie Oldham, CEO of Bob’s Business, commented:
“Phishing attacks are perhaps the most pressing cyber security issue facing any organisation. Technological solutions can form part of the solution, but not all of it. Human error must also be addressed as part of any serious cyber security awareness effort.
“Analysing what makes a phishing attack successful and attempting to ascertain the psychological factors at play is vital to creating effective phishing awareness training and adjusting workforce behaviour.”
To avoid falling victim to a phishing attack, Melanie Oldham recommends:
- Pay close attention to the address that sent the email, looking for oddities
- Hover over links before clicking them to check their legitimacy
- Closely scrutinise email content for red flags including spelling errors, suspicious visuals and language designed to make the user act impulsively
- Report any suspicious emails
- Regularly training employees to spot and avoid phishing attempts
- Be extra vigilant of emails which appear to come from an internal source and suggest a ‘danger’ to inaction
- Click a link or download an attachment on any emails from suspicious senders
- Give away any personal information to a sender deemed suspicious
- Read the full analysis here: https://bobsbusiness.co.uk/blog/these-two-elements-create-devastatingly-effective-phishing-emails
The post #Privacy: Study highlights most effective phishing tactics used by cyber criminals appeared first on PrivSec Report.