A recent study on phishing activity in the Irish market has revealed that up to 185,000 office workers in the country have fallen victim to phishing scams.
Phishing messages are broadcast in bulk in the hope that some people will reply, or campaigns can be much more targeted. The latter is referred to as spear phishing. With spear phishing attacks, hackers often research their victims and tailor messages to maximize the probability of them eliciting a reply.
A successful phishing attack can see workers share their email credentials which allows their accounts to be accessed. Then the hackers can search emails accounts for sensitive data or use the accounts to conduct further phishing attacks on other employees. When financial data is shared is disclosed, business bank accounts can be drained.
Businesses can suffer major financial losses due to employees responding to phishing emails, the reputation of the business can be damaged, customers can be lost, and there is also a risk of major regulatory penalties.
The Irish phishing study surveyed 500 Irish office workers using consultancy firm Censuswide. Respondents to the Irish phishing study were asked questions about phishing, whether they had fallen for a phishing scam historically, and how they rated their ability to spot phishing attacks.
In line with findings from surveys carried out in other countries, 14% of respondents confirmed that they had been a victim of a phishing attack. There were also marked differences between different age groups. Censuswide analyzed three age groups: Millennials, Gen X, and baby boomers. The latter two age groups were fairly resistant to phishing efforts. Gen X were the most phishing-savvy, with just 6% of respondents in the age group admitting to having been tricked by phishing emails in the past, closely followed by the baby boomer generation on 7%. However, 17% of millennials confirmed that they have fallen for a phishing scam – The generation that should, in theory, be the most familiar with technology.
Interestingly, millennials were also the most confident in their ability to spot phishing attempts. 14% of millennials said they would not be certain that they could spot fraud, as opposed to 17% of Gen X, and 26% of baby boomers.
It is simple to be confident about one’s ability to recognize standard phishing efforts, but phishing attacks are becoming much more complex and very realistic. Complacency can be harmful.
The outcomes of the Irish phishing study make it obvious that companies need to do more to protect themselves from phishing attacks. Naturally, an advanced spam filtering solution is necessary to ensure that employees do not have their phishing email identification skills put to the test constantly. SpamTitan, for example, prevents more than 99.9% of spam and phishing emails, thus reducing reliance on employees’ ability to spot scam emails.
The Irish phishing study also emphasises the importance of providing security awareness training to employees. The study showed that 44% of the over 54 age group had opened an attachment or clicked on a link in an email from an unknown source, as had 34% of millennials and 26% of the Gen X age group. Alarmingly, one in five respondents said that their employer had not given any security awareness training whatsoever.
Employees need to be aware of how to identify scams, so security awareness training must be provided. Since cybercriminals’ tactics are always evolving, training needs to be continuous. Annual or biannual training sessions should be conducted along with shorter refresher training sessions. Businesses should also think about conducting phishing email simulations to test resilience to phishing attacks and uncover weak links.