Users Are Still Falling for Phishing Attacks. Want to Know Why?



user phishing attackWith phishing and spear phishing so prevalent as the primary initial attack vector for malware, ransomware, and data breach attacks, why aren’t users getting wise.

There’s no denying that phishing is a problem. With increases in phishing attacks as much as 6000%, cybercriminals have zeroed in on their easiest (and most helpful) part of your security to bypass: your users. Your users play a needed role in attacks – the initial launching of malicious software, scripts, or documents through links or attachments.

Without your users, the bad guys have no ability to infect your environment.

But, it’s not like phishing is something new. Organizations are keenly aware that it’s a problem – so much, that they spend material portions of the IT budget on solutions aimed at detecting and blocking malicious web and email content. Even so, a portion of phishing attacks still make it all the way to the user’s Inbox… and users fall for the well-crafted social engineering incorporated in the phishing attack.

So, why do users still fall for these attacks when they know phishing emails exist and they are a target?

Suelette Dreyfus, an academic specialist at the School of Computing and Information Systems at the University of Melbourne, spoke at Australia’s ITWeb Security Summit this year on the very subject. According to Dreyfus, part of the issue is the massive amount of email received: “Surely, people getting a lot of external mails, would ‘wise up?’ In real life, any awareness of phishing was often overwhelmed by the constant ‘tsunami’ of mails.” Another problem is the

Another issue is the perceived security of the office environment by users. According to Dreyfus, “so, goes the thinking of the employee, there is less chance they’ll encounter a suspicious mail.” It demonstrates that organizations aren’t doing enough educating of their employees through Security Awareness Training about their importance and necessity of their role in the organization’s security.

Lastly, the security culture within the organization is important. According to Dreyfus, “Cyber security has to wrap around the processes of the human, not impose from the top down.” In essence, organizations need to make good cybersecurity practices an integral part of a user’s everyday functions. This, too, is stressed within Security Awareness Training.

Users remain the weakest link in your security strategy. It’s time to “patch” this vulnerability through proper education, teaching users not just what to do to avoid becoming a victim, but why as well.


Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before the bad guys do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

https://www.knowbe4.com/phishing-security-test-offer

Subscribe To Our Blog


Free Cybersecurity Awareness Month Resource Kit




Get the latest about social engineering

Subscribe to CyberheistNews