Do you find phishing emails confusing?

Home » Blog » Do you find phishing emails confusing?

Have you ever found phishing emails confusing? You aren’t alone

While proper cybersecurity training is imperative to keeping organizations safe, users can still be confused about different types of attempted phishing attacks, leading to potential data breaches. With nearly all (91%) of cyberattacks beginning with an attempted phishing email, it is crucial that organizations and their employees are able to spot and snuff out a potential breach before it happens.

“Phishing simulation is one of the simplest ways to track employees’ cyber-resilience and evaluate the efficiency of their cybersecurity training,” comments Elena Molchanova, head of security awareness business development at Kaspersky. “However, there are significant aspects that must be considered when conducting this assessment to make it really impactful.”

The five most clicked on emails per the phishing simulator were:

  1. Subject: Failed delivery attempt (18.5%)
  2. Subject: Emails not delivered due to overloaded mail servers (18%)
  3. Subject: Online employee survey (18%)
  4. Subject: Reminder: New company-wide dress code (17.5%)
  5. Subject: Attention all employees: new building evacuation plan (16%)

In most of these cases, the employees skimmed these subjects on a surface level, as they appeared to be coming from reliable sources such as the company’s HR department or Google, but these were carefully crafted email templates attempting to pass off as legitimate.

Ways to avoid falling victim

1. It is encouraged for organizations to enforce best email practices wherever possible.

Remind employees of the common signs of phishing emails, such as an eye-catching subject line, typos or grammatical errors, suspicious links, and inconsistent sender addresses. In addition, users should be well-versed in zero-trust security principles and should not take any communication at face value until it has been verified to be legitimate. One way users can do this is by ensuring that the address the email was sent from is authentic and hovering to see if any files sent are in an executable format.

2. Advocate that employees report any email suspected of being phishing to their respective IT department or partner.

Organizations should also provide their workforce with basic cybersecurity knowledge.

3. Lastly, it is recommended that all devices be equipped with the proper antivirus software in case of an accidental click.

By utilizing cybersecurity tools such as email filtering, monitoring, and anti-spam, you can insure that even in the case of an incidental click that their sensitive data remains secure.

One Call. One Team. One Goal – Helping Grow Your Business


Subscribe To Our Newsletter

Newsletter Signup