One in eight Americans would fall victim to a phishing attack
Phishing remains an effective attack mechanism, finds global test
A report from security company Terranova highlights while phishing is such a common technique: it still fools a large percentage of targeted victims.
Almost one in eight North American employees would follow the instructions in a phishing email to the point where they'd download a malicious document from a spoofed website, according to the company's Security Phishing Benchmark Global Report. That would render them vulnerable to infection by malware, including ransomware.
The report found that 19.2% of North American employees clicked on an initial link in a phishing email. Over half of those that did went on to download a document from the malicious site, which means that overall, 11.8% of Americans would download a malicious document from a phishing site.
North Americans were more skeptical than most. In the Asia-Pacific region, 16% of people got to the point where they downloaded a malicious document, followed by Africa (15.3%), South America (15.1%), and Europe (14.9%).
On average, one in five users around the world clicked the link in the initial email, while 14.4% ended up downloading the document.
The worst offender by industry sector was education, where 21.9% of people reached the stage where they downloaded a malicious document. The IT industry, where you'd expect people to be tech-savvy, was the second worst performer.
The best defence against ransomware
How ransomware is evolving and how to defend against itFree download
Healthcare and retail are the most diligent about phishing, with fewer than one user in 20 taking the bait. This could be because healthcare is so heavily regulated and retail has seen significant numbers of attacks.
The results came from the Global Phishing Tournament, an annual event that sent almost a million simulated phishing emails to test employee readiness during two weeks in October (Cyber Security Awareness Month).
The phishing emails, sent in 20 different languages, used templates from Microsoft that sent victims to a fake SharePoint page. The message included instructions on how to download the malicious file.
Phishing attackers continue to innovate so that their malicious emails bypass technical protections to reach users. Last month, researchers found them tampering with CSS to hide their phishing content from scanners.
Accelerating AI modernisation with data infrastructure
Generate business value from your AI initiativesFree Download
Recommendations for managing AI risks
Integrate your external AI tool findings into your broader security programsFree Download
Modernise your legacy databases in the cloud
An introduction to cloud databasesFree Download
Powering through to innovation
IT agility drive digital transformationFree Download