London, 27th December 2012 – Research from PhishMe has uncovered the scale of the phishing problem in UK businesses – with more than a quarter (27%) of office workers not knowing what phishing is, yet more than three quarters (78%) responding said that they had never fallen for a phishing attack. Phishing emails, which are spoofed emails that try to trick recipients into doing something they shouldn’t, let hackers gain access to the corporate network in order to acquire sensitive information such as usernames, passwords or R&D information.
The research, conducted by OnePoll amongst 1,000 office workers across the UK, showed that more than 1 in 5 people admit to having been tricked by a phishing email into clicking a link or opening an attachment, but more worrisome is the 78% that thinks they have never fallen for a phishing email. In PhishMe’s experience of tracking the responses of more than 3.5 million users, around 60% of people will fall for a phish if they have never been trained to recognize the signs of a phishing email.
Scott Greaux, Vice President, Product Management and Services from PhishMe said, “Spear phishing is the criminals’ method of choice if they want to get inside an organisation. They send well-researched emails to a handful of individuals inside companies they want to infiltrate. The emails are designed to get the recipient to react – either by clicking a link, opening an attachment or providing personal information. User education is essential – to change their behaviour and help ensure your employees don’t fall victim.”
If phishers want to get inside your company, they can be very imaginative. They might research an individual and learn that they were at an event last week, and send an email saying “It was great to meet you at ABC conference last week, here’s a link to some of the research we covered on the day which might be interesting to you”. It’s relevant to the recipient so they might click the link without thinking.
However, trained employees will know to look at the underlying URL, not just the displayed text, to see where it is actually going. They will look at email headers to try to understand if the email address has been spoofed. And they will use common sense – if they don’t remember meeting that person they won’t click on the link. (Likewise, if they didn’t enter a raffle for an iPad, they won’t believe the email that tells them they won!)
Greaux continued, “Effective education needs to be immersive. Mock up phishing emails and send them to your employees, and see what they do. If they click on the link, open the attachment or provide personal data, then provide immediate feedback in the form of training. Repeat the training on a regular basis and you will quickly see that the percentage of people who fall for it will quickly drop.”
PhishMe provides organizations the ability to train their employees and customers about the risks of spear phishing with just a few simple clicks. With over 3.5 million individuals trained since its launch in 2008, PhishMe provides a cost effective way to mitigate this challenge. The company has proven that its training can reduce the threat of employees and customers falling victim to phishing attacks by up to 85 percent.
PhishMe is a leader in anti-phishing training and focuses on educating users on how to best protect themselves from the latest scams. Using PhishMe’s built-in templates and simple functionality, companies can emulate real phishing attacks against their employees within minutes. PhishMe facilitates and automates the execution of mock phishing exercises against the employees and provides clear and accurate reporting on user behavior. Most importantly companies are able to focus their training efforts on the most susceptible employees by providing immediate feedback to anyone that falls victim to these exercises. Additionally, PhishMe adds customizable interactive games to the suite of training modules enterprises can deliver to their staff and customers. PhishMe works with Federal Agencies and Fortune 1000 companies across multiple vertical market sectors including financial services, healthcare, higher education and defense. For additional information, please visit. www.phishme.com