3 Out of 10 Workers Clicked a Phishing Link in the Past Year: Webroot Survey

Phishing attacks continue to grow in popularity simply because they work. In the new world order, remote workers have become enablers of cyberattacks. A study from WebrootOpens a new window , an OpenText company, reveals that three in 10 workers worldwide have clicked a phishing link in the past one year. The report also explains how phishing has become a pervasive threat, with more people falling for phish clickbaits as hacks become more real than ever before.

The massive rise in remote work gifted hackers and phishers a whole new audience to distribute their wares via malicious emails. On top of that, an influx of emails and an always-on attitude heightened by the lockdown restrictions is turning out to be counter-productive for the very naïve users, unfamiliar with techniques to protect themselves from phishing scams. 

The findings from a new Webroot reportOpens a new window , COVID-19 Clicks: How Phishing Capitalized on a Global Crisis quantifies the general cybersecurity habits of 7000 office workers across eight countries during times of crisis. The study brings to light how  phishing emails are looking so realistic that users fail to recognize the warning signs.  Need proof — a whopping 59% of global respondents confessed phishing hacks look more real than ever. 

Prashanth Rajivan, Ph.D. & Assistant Professor at the University of Washington believes the success of phishing attempts has something to do with expectations of a reward based on past behavior. “People aren’t great at handling uncertainty. Even those of us who know we shouldn’t click on emails from unknown senders may feel uncertain and click anyway. That’s because we’ve likely all clicked these kinds of emails in the past and gotten a positive reward. The probability of long-term risk vs. short-term reward, coupled with uncertainty, is a recipe for poor decision-making, or, in this case, clicking what you shouldn’t,” he explains. 

Source: Webroot/OpenText

The upside is that 81% of respondents are cautious and are using these tactics used to spot phishing emails: 

• 64% check the sender address
• 64% are wary of the email containing suspicious attachments
• 56% are attentive toward misspellings or bad punctuation
• 46% disregard if email isn’t relevant to them
• 45% hover over the link to verify the link address
• 29% perform a quick internet search about the sender
• 14% see the appropriateness of the time the email is sent

Despite this, 76% admitted they opened emails from unknown senders.

See Also: Best Practices to Fight Phishing & Strengthen Cybersecurity in COVID-19 Era

3 in 10 Workers Worldwide Have Clicked a Phishing Link 

Oddly enough, 24% of respondents still don’t know what to do to keep data safe from cyberattacks.  

And the result is that a significant majority of respondents have chatted with a scammer in the past year. Three in ten workers worldwide are certain they’ve clicked a phishing link in the past year.

Source: Webroot/OpenText

Experts estimate phishing is the primary attack vector for launching sophisticated cyberattacks and the remote work landscape has opened up new cybersecurity risks. OpenText CEO & CTO Mark J. Barrenechea said, “With mass work from home, an influx of emails and a general ‘always connected’ attitude, there are more opportunities for cybercriminals than ever before.” 

Amid the pandemic, people turned to e-commerce sites to fulfill their daily needs; 45% of people are shopping more frequently online. “We saw phishing URLs impersonating streaming services skyrocket during quarantine, as cybercriminals target people where they are most often. Businesses and consumers must prioritize cyber resilience and recognize that it is everyone’s responsibility to protect their data,” Barrenechea adds,

See Also: Coronavirus Raises Cybersecurity Risks, Malware & Phishing Scams on the Rise

When asked if they think their organizations are resilient to cyberattacks, 60% of respondents said they think they are, while 18% said they aren’t, while the remaining 23% have no clue. According to anonymous written responses, many employees think their organization can improve cyber resilience.

OpenText’s reportOpens a new window also outlines the trends in cybersecurity training of employees.

Only 21% of employees responded that their organizations increased cybersecurity training while 63% said it remained the same.  Philipp Karcher, principal product manager, Carbonite + Webroot, OpenText Companies said, “If you want people to make lasting changes to their behavior, you have to run consistent, relevant training courses and phishing simulations that are also varied enough that people won’t get bored or find them predictable. Running a second simulation makes a dramatic impact — and it only gets better from there.”

The good news is that with consistent training, organizations can reduce click rates on phishing scams by up to 86.5%.

See Also: Why Phishing Is A Bigger Problem Than You Think

How to Stay Cyber Resilient In the Future

Source: OpenText

“By creating a feeling of personal investment in the individuals who make up a company, you encourage the employees to return that feeling of investment toward their workplace. That’s a huge part of ensuring that cybersecurity is part of the culture. Additionally, if we want to enable employees to assess risk properly, we need to cut down on uncertainty and blurring of context lines. That means both educating employees and ensuring we take steps to minimize the ways in which work and personal life get intertwined,” Rajivan notes. 

Note: 7,000 office professionals participated in the survey conducted by Webroot in partnership with Lewis Research across the U.S., U.K., Japan, Germany, France, Italy, Australia and New Zealand in June 2020.