I had some numbers run on the usage of our new, dedicated COVID-19 phishing templates to find out what the Phish-prone percentage was, since this is an unprecedented worldwide event.
Since these templates were released—note, we warned against this for the first time Jan 31, 2020—here are the numbers. You will not see figures as reliable as these anywhere else because we are by far the largest provider of new-school security awareness training in the world:
- COVID-19
- Delivered: 2,183,318
- Failed: 192,042
- PPP: 8.80%
Now, to give you some comparison of other templates that traditionally have high click rates because they are using social engineering attacks related to money or password security. Banking phishing scored as follows:
- Banking Templates:
- delivered: 1,582,493
- failed: 59,096
- PPP: 3.73%
The IT Templates are spoofed and look like they come from the IT department of their own organization, and claim an urgent password reset is required.
- IT Templates:
- delivered: 1,925,059
- failed: 137,936
- PPP: 7.17%
So, Since early Feb 2020, our customers sent more COVID related templates in the same time period than either Banking or IT (again, the stalwarts of template categories) and they had a higher phish prone percentage, more than double in the case of banking. You could draw some quick & dirty conclusion that people value their health twice higher than they value money, or that they are willing to take double the risk, but that is all just speculation at this time.
Fact is, people are clicking on simulated COVID-19 phishing attacks at high rates. In the wild, the bad guys are having a field day. If you have not done this yet, run a COVID-themed campaign in your own organization, and see how your employees stack up against the average. We have a free Phishing Security Test that allows you to do that for 100 users, so you get your own phish-prone percentage you can use to demand budget for security awareness training!
Yes, in the free test we have just added a Coronavirus template you can choose to phish your users with. Try it now.