IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

One in eight Americans would fall victim to a phishing attack

Phishing remains an effective attack mechanism, finds global test

A report from security company Terranova highlights while phishing is such a common technique: it still fools a large percentage of targeted victims.

Almost one in eight North American employees would follow the instructions in a phishing email to the point where they'd download a malicious document from a spoofed website, according to the company's Security Phishing Benchmark Global Report. That would render them vulnerable to infection by malware, including ransomware.

The report found that 19.2% of North American employees clicked on an initial link in a phishing email. Over half of those that did went on to download a document from the malicious site, which means that overall, 11.8% of Americans would download a malicious document from a phishing site.

North Americans were more skeptical than most. In the Asia-Pacific region, 16% of people got to the point where they downloaded a malicious document, followed by Africa (15.3%), South America (15.1%), and Europe (14.9%).

On average, one in five users around the world clicked the link in the initial email, while 14.4% ended up downloading the document.

The worst offender by industry sector was education, where 21.9% of people reached the stage where they downloaded a malicious document. The IT industry, where you'd expect people to be tech-savvy, was the second worst performer.

Related Resource

The best defence against ransomware

How ransomware is evolving and how to defend against it

Blue padlock Free download

Healthcare and retail are the most diligent about phishing, with fewer than one user in 20 taking the bait. This could be because healthcare is so heavily regulated and retail has seen significant numbers of attacks.

The results came from the Global Phishing Tournament, an annual event that sent almost a million simulated phishing emails to test employee readiness during two weeks in October (Cyber Security Awareness Month).

The phishing emails, sent in 20 different languages, used templates from Microsoft that sent victims to a fake SharePoint page. The message included instructions on how to download the malicious file.

Phishing attackers continue to innovate so that their malicious emails bypass technical protections to reach users. Last month, researchers found them tampering with CSS to hide their phishing content from scanners.

Featured Resources

Accelerating AI modernisation with data infrastructure

Generate business value from your AI initiatives

Free Download

Recommendations for managing AI risks

Integrate your external AI tool findings into your broader security programs

Free Download

Modernise your legacy databases in the cloud

An introduction to cloud databases

Free Download

Powering through to innovation

IT agility drive digital transformation

Free Download

Recommended

Education and government most at risk from email threats
phishing

Education and government most at risk from email threats

26 Nov 2021
Attackers use CSS to fool anti-phishing systems
phishing

Attackers use CSS to fool anti-phishing systems

11 Nov 2021
Senate report slams agencies for poor cyber security
cyber security

Senate report slams agencies for poor cyber security

3 Aug 2021
Most employees put their workplace at risk by taking cyber security shortcuts
cyber security

Most employees put their workplace at risk by taking cyber security shortcuts

27 Jul 2021

Most Popular

LockBit 2.0 ransomware disguised as PDFs distributed in email attacks
Security

LockBit 2.0 ransomware disguised as PDFs distributed in email attacks

27 Jun 2022
The UK's best cities for tech workers in 2022
Business strategy

The UK's best cities for tech workers in 2022

24 Jun 2022
Carnival hit with $5 million fine over cyber security violations
cyber security

Carnival hit with $5 million fine over cyber security violations

27 Jun 2022