.jpg?width=400&height=226&name=iStock-1185282377%20(3).jpg)
The old rules for spotting a phishing email are changing. Remember looking for bad grammar and clumsy spelling? Thanks to AI, hackers' emails are increasingly polished and hard to spot. But a new poll from KnowBe4 reveals the modern worker's most reliable alarm bell for a cyberattack isn't a typo; it's a sense of manufactured urgency.
Pressure to Act is the New Phishing Red Flag
Our data shows that a shocking 34% of people now identify 'pressure to act quickly' as the primary red flag of a fraudulent email. This social engineering trick has surpassed traditional indicators like:
- Unknown sender addresses (23%)
- Requests for sensitive information (23%)
- Poor spelling or grammar (20%)
Thanks to AI, hackers’ emails are increasingly hard to spot, written perfectly in any language. However, the tell-tale sign is still their desire to get you to do something and do it quickly. By creating an artificial crisis, they hope to bypass the very diligence that organizations have worked so hard to build. But our data shows that workers are onto them; they now recognize that if an email demands immediate action, it deserves immediate suspicion.
The Internal Threat: Email Anxiety is Real
It’s not just outside attacks we need to worry about. Employees are also worried about making simple, yet costly, human errors.
Almost half (44%) of workers named 'sending to the wrong recipient' as their biggest concern when sending a work email. This simple blunder is now more worrying than a targeted phishing attack (20%). Another 19% are concerned about accidentally including confidential information in their emails.
How to Beat the Blunder
This 'email anxiety' is already changing how people work. To combat the fear of a professional mistake, more than half (52%) of workers verify recipients and attachments every single time. Surprisingly, only 12% take the arguably more critical step of checking for sensitive information.
The reality is that human intuition needs a digital safety net.
By combining real-time security coaching with automated protections, we can help employees navigate the 'Urgency Trap' and provide the peace of mind needed to catch any incidents of sensitive information being sent to the wrong person. We don't just want to stop the bad emails from coming in; we want to stop the mistakes from going out.
The good news is that security awareness is increasing—with only 6% of employees now ignoring suspicious emails. The proactive culture is there; it just needs to be backed by technology that reduces the mental load on the individual.
