U.K. Charity Workers Most At Risk From Phishing


Tessian report finds a large amount of U.K. charity workers aren't getting proper security awareness training. Michael Moore at ITProPortal wrote: "UK charities are leaving themselves exposed to phishing attacks due to a lack of proper security training, a new report has claimed.

Research from cybersecurity firm Tessian found that charity workers are some of the most likely to fall victim to online scams due to a lack of security knowledge.

Tessian found that just 11 percent of charity employees say they regularly receive training about cyber threats on email, and just over a third (37 percent) saying they have never had any training on spotting or dealing with email security threats. 

This is despite the number of data breaches in the charity sector doubling over the last two years, with a recent DCMS report claiming that one in five charities experienced a cybersecurity breach last year - the vast majority of which resulted from a phishing email. 

“When you consider the wealth of certain charities and how much valuable donor data they hold, such as the personal data and payment information of high net-worth individuals, it is little wonder why hackers target this sector," said Tim Sadler, CEO at Tessian.

"Through sophisticated phishing attacks, criminals can not only cause significant financial damage but they can also erode public trust in the charity and potentially expose donors’ private interests. With so much at stake, and as phishing attacks grow in frequency and severity, charities need a more proactive approach to email security training.”

It isn't just charities that are at risk, though, as  overall, Tessian found that just one third of UK employees (34 percent) say they regularly receive training about cyber threats on email.

Over a fifth of respondents (22 percent) say they've never had email security training at their company, with a similar amount (26 percent) say they received training when they first joined but have had nothing further since. 

Even of those that do receive training, just 22 percent said they remembered the knowledge they were given, showing that companies need to ensure their training is much more effective going forward.


Cross-posted with grateful acknowledgement to ITProPortal.

Free Social Media Phishing Test

Would your users fall for a phishing email that looks like it originated from a credible social media site such as Facebook, LinkedIn or Twitter? Attackers use social media to target both your brand, your users, and even your customers by distributing malware or using social engineering to phish for credentials. These platforms have become a goldmine for the bad guys to carry out social media phishing attacks against your organization. Don't get hacked by social media phishing attacks!

SPT-monitorHere’s How the Social Media Phishing Test works:

  • Immediately start your test with your choice of three social media phishing templates
  • Choose the corresponding landing page your users see after they click
  • Show users which red flags they missed or send them to a fake login page
  • Get a PDF emailed to you in 24 hours with your percentage of clicks and data entered

Go Phishing Now!

Don't like to click on redirected buttons? Copy & paste this link into your browser:

Subscribe To Our Blog

Weak Password Test Contest

Get the latest about social engineering

Subscribe to CyberheistNews