U.K. Charity Workers Most At Risk From Phishing


Tessian report finds a large amount of U.K. charity workers aren't getting proper security awareness training. Michael Moore at ITProPortal wrote: "UK charities are leaving themselves exposed to phishing attacks due to a lack of proper security training, a new report has claimed.

Research from cybersecurity firm Tessian found that charity workers are some of the most likely to fall victim to online scams due to a lack of security knowledge.

Tessian found that just 11 percent of charity employees say they regularly receive training about cyber threats on email, and just over a third (37 percent) saying they have never had any training on spotting or dealing with email security threats. 

This is despite the number of data breaches in the charity sector doubling over the last two years, with a recent DCMS report claiming that one in five charities experienced a cybersecurity breach last year - the vast majority of which resulted from a phishing email. 

“When you consider the wealth of certain charities and how much valuable donor data they hold, such as the personal data and payment information of high net-worth individuals, it is little wonder why hackers target this sector," said Tim Sadler, CEO at Tessian.

"Through sophisticated phishing attacks, criminals can not only cause significant financial damage but they can also erode public trust in the charity and potentially expose donors’ private interests. With so much at stake, and as phishing attacks grow in frequency and severity, charities need a more proactive approach to email security training.”

It isn't just charities that are at risk, though, as  overall, Tessian found that just one third of UK employees (34 percent) say they regularly receive training about cyber threats on email.

Over a fifth of respondents (22 percent) say they've never had email security training at their company, with a similar amount (26 percent) say they received training when they first joined but have had nothing further since. 

Even of those that do receive training, just 22 percent said they remembered the knowledge they were given, showing that companies need to ensure their training is much more effective going forward.


Cross-posted with grateful acknowledgement to ITProPortal.

Don’t get hacked by social media phishing attacks!

Many of your users are active on Facebook, LinkedIn, and Twitter. The bad guys use these platforms to scrape profile information of your users and organization to create targeted spear phishing campaigns in an attempt to hijack accounts, damage your organization's reputation, or gain access to your network.

KnowBe4’s Social Media Phishing Test is a complimentary IT security tool that helps you identify which users in your organization are vulnerable to these types of phishing attacks that could put your users and organization at risk.

SPT-monitorHere's how the Social Media Phishing Test works:

  • Immediately start your test with your choice of three social media phishing templates
  • Choose the corresponding landing page your users see after they click
  • Show users which red flags they missed or send them to a fake login page
  • Get a PDF emailed to you in 24 hours with your percentage of clicks and data entered

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:


Subscribe To Our Blog

Ransomware Has Gone Nuclear Webinar

Get the latest about social engineering

Subscribe to CyberheistNews