The threat of phishing looms over us all the time. Whether it’s our work address, our personal email or our social media accounts, we always have to keep an eye out for suspicious messages.
Although scams can catch us out at any time, Proofpoint’s The Human Factor 2018 Report has found that 52% of all successful phishing emails are clicked within one hour of being sent. A quarter of messages are clicked within five minutes, and 11% within one minute.
What does this mean?
People’s rush to click on phishing emails suggests that complacency plays a huge role in being tricked. Crooks often create a sense of urgency, telling recipients that they need to act now or there will be major repercussions.
If someone clicks on an email right away, the crooks already have an advantage. They’ve piqued the recipient’s interest and made them stop what they were doing to read the message. The recipient is in a mindset of ‘this is important’ and is therefore prone to open the malicious link or attachment.
By contrast, those who see an email more than an hour after it has arrived are less likely to fall victim. This is because they’re probably checking their inbox as a matter of routine and are taking a little more time to read through the message. Alternatively, they might have received a notification about the email but not opened it until later. In these cases, recipients give themselves even more time to think about the message (perhaps subconsciously) and will have doubts before even opening it.
However you approach a phishing email, it’s essential that you don’t blindly accept it on face value. There will always be clues that it’s phony, and sometimes it only takes a moment or two to spot them.
How to identify a phishing email
Proofpoint advises organisations to train employees on how to spot phishing scams. Staff should be educated on common techniques used by crooks, such as typosquatting, false links and the language phishing scams use.
We understand that, for many organisations, it’s simply impractical to conduct this training yourself. Even if you had the time and resources, you might not have an expert in-house to create the training material. That’s why we offer our Phishing Staff Awareness E-learning Course.
This interactive online course helps employees identify and understand phishing scams, explains what could happen should they fall victim, and shows them how they can mitigate the threat of an attack. It can help to reduce the chances that an employee will hand over confidential information or inadvertently infect your systems.
Take action against the increasing threat of targeted phishing attacks by educating your employees to be alert, vigilant and secure.