The Bad News: Only 5% of Your Users Can Effectively Spot a Phishing Attack

phishing attack userA recent phishing quiz promoted to U.K. users to see if they could identify the phish revealed dismal results where nearly all users couldn’t tell the difference 100% of the time.

Everyone knows no layered security can stop 100% of all phishing emails. According to recent research, the average employee visits a phishing domain once every 3 days. So, your users end up becoming the last line of defense. Now, you can probably tell when an email is fake. So, surely your users can as well, right?


According to a recent poll of 1,000 U.K. users U.K.’s Computer Disposals Limited asked to identify whether an email or text was legitimate or not by choosing to either click the provided link or delete the message, 95% of them failed to properly identify all 10 examples. Even when simply erring on the side of caution and choosing to delete messages rather than engage with them, only 44% identified the authentic messages.

This quiz demonstrates that it’s very difficult these days to spot the fake message from the real one. The really bad part of this is the examples provided don’t even use real logos (e.g., “PayMe” instead of “PayPal”), making us lose confidence in an untrained user’s ability to easily differentiate between what’s business-related and what’s a phish.

That’s the bad news.

The good news is, as with any skill, users need to be trained repeatedly on what to look for in a phishing message. Users that undergo continual Security Awareness Training are better equipped to scrutinize emails and text messages, able to identify telltale signs that the message is a scam.

If you’re not training your users, you need to assume they don’t (and won’t) know the difference between an email that’s going to move your business forward and one that will take it down. The only way to bridge this security gap is with proper Security Awareness Training.

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews