You remind your organization’s staff at least once a year about the risk of phishing attacks. Heck, you may even have a regular awareness training program.
But is the effort sinking in?
Not so much, according to an online test run by Intel between December and February of this year. It presented 10 e-mails and asked participants to identify which were phishing attempts designed to steal personal information and which were legitimate.
Of the approximately 19,000 respondents from 144 countries, only three per cent were able to correctly identify every example correctly. Eighty per cent of all respondents misidentified at least one.
Ironically, the e-mail most often misidentified was actually a legitimate message asking the recipient to take action and “claim their free ads.” People often associate free prize offers with phishing or spam, Intel reasons, which is likely the reason a large number of people misidentified the e-mail.
Canadians ranked 26th overall in ability to detect phishing, just ahead of the U.S. People in the five best performing countries came from (in order) France, Sweden, Hungary, the Netherlands, and Spain.
Arguably the good news in the survey is that globally the 35-44 year old age group — who make up an increasing number of employees — performed best, answering an average of 68 per cent questions accurately.
(How can you spot a phishing scam? This graphic from Intel offers tips)
For those who aren’t getting the message Intel [Nasdaq: Intc] passes on these tips:
– Keep your security software and browsers up to date
– Hover over links to identify obvious fakes
– Take your time and inspect e-mails for obvious red flags (i.e. misspelled words, incorrect URL domains, unprofessional and suspicious visuals)
– Instead of clicking on a link provided in an e-mail, visit the website of the company that allegedly sent the e-mail
– Click on any links in an e-mail sent from unknown or suspicious senders
– Send an e-mail that looks suspicious to friends or family as this could spread a phishing attack to unsuspecting loved ones
– Download content that your browser or security software alerts you may be malicious
– Give away personal information like your credit card number, home address, or social security number, to a site or e-mail address you think may be suspicious