You’re Not as Good at Spotting Phishing Emails as You Think You Are
Quick Answer
Most users overestimate their phishing detection ability. A Webroot survey found 79% of people believe they can spot phishing, yet 49% admit clicking a link from an unknown sender at work, 48% have had personal or financial data compromised by phishing, and 81% do not realize phishing happens through SMS, social media, calls, and video chat too, not just email. Awareness training is worth doing, but it tops out around 98% effectiveness, and at 50 phishing emails an organization gets phished anyway. When budget is limited and the choice comes down to training or technology, cloud-based email security with real-time link click protection is the better spend: it blocks most phishing mail before delivery, and on the few that get through, it re-checks the link at click time so a momentary lapse does not become a compromise.
Could you spot a phishing email if one made it into your inbox? I’ll bet you think you could. Most people do, but they’re wrong.
According to a Webroot survey, “While a majority (79%) of people say they are able to distinguish a phishing message from a genuine one, nearly half (49%) also admit to having clicked on a link from an unknown sender while at work. Further, nearly half (48%) of respondents said their personal or financial data had been compromised by a phishing message.”
Other findings from the survey include the fact that 81% of participants are unaware that they can get phished by something other than email. Other attack vectors include social media, text messaging, phone calls and even video chat.
So, there you have. A false sense of security when it comes to getting phished. But what to do about it?
The common response to revelations like these is to dive head first into employee awareness training. And generally speaking, that’s a good idea. Afterall, there’s no downside to having prepared and alert employees which it comes to phishing attacks.
There’s only one time when awareness training is a bad idea. That’s when the company is on a limited budget and must choose between awareness training and email security software. When that choice has to be made, software is the better one.
Why is that? It’s because even at it’s very best, employee awareness training is only 98% effective. And while that may sound good, if you’re employees receive only 50 phishing emails, you’re company is going to get phished. That’s not very good.
Cloud-based email security with real-time link click protection like that available from DuoCircle can not only keep most phishing emails out of inboxes where employees can’t click on anything, but they can also protect you when one gets through and employees do click on a malicious link.
That’s the beauty of real-time link click protection. No matter when an employee clicks on a malicious link, email security software checks the link and the linked-to website and if it’s malicious, it prevents it from going through.
Training employees to be aware of phishing emails is a smart move. But, if you only have a limited security budget, which most small businesses do, the better investment is cloud-based email security software with real-time link click protection.
General Manager
General Manager at DuoCircle. Product strategy and commercial lead across the email security portfolio.
Secure your email infrastructure
Protect, authenticate, and deliver. Contact our team to find the right solution.