Kaspersky, an internet security company, conducted a test with approximately 29,600 employees in 100 countries to determine whether the company’s employees would fall into phishing scams and put corporate data at risk. The survey results show that almost one in five fell for bait.
Kaspersky Security Awareness is a platform that trains employees to detect fake emails. According to the company, the tool brings a series of phishing models that simulate an attack without notifying employees so that the administrator can monitor the results and complete the training of those who fail the test.
Among the simulations, the most effective themes in deceiving employees were determined. Most of these are related to company news or basic errors such as a failed delivery attempt or emails that could not be delivered due to overloaded servers, both having a conversion rate of 18%.
However, emails that contain threats to the recipient or offer more severe and immediate benefits are not so convincing. According to survey data, “I hacked your computer and I know your search history” had a click-through rate of only 2%, and cash offers or free Netflix only 1%.
Kaspersky provides some recommendations for companies to know how to prevent data breaches or financial and reputational losses related to phishing attacks. These include preparing employees for key signs of identifying a fake email, such as typos, inconsistent sender addresses, and the dramatic subject. Another important point is that when you detect phishing attacks, you should always avoid opening the message and report it.
Source: Tec Mundo
