Guess what the top 3 phishing e-mails are…
We were listening to a podcast the other day where the CEO of a company asked “What kind of an idiot gets phished?” So, naturally, his employees phished him. (Gimlet Media, his company, shared the story on the Reply All podcast.)
Of course, phishing campaigns are one of the easiest tools at a cybercriminal’s fingertips. According to Osterman Research phishing emails have been a top source for infection for the past 3 years. Which is why security awareness is so important, especially awareness around phishing emails.
One of our partners, KnowBe4 (a security awareness training company), ran millions of tests to uncover the most clicked Phishing emails and here’s what they found:
- Business is priority: Users click most frequently on business-related subject lines like “Security Alert”
- Another hot topic: Subjects relating to Social Media, many of which have the subject line “Reset Password”, “Join Network” or “Add Me”.
- “In the Wild Attacks”: These attacks have been geared toward personal financials and cause a knee jerk reaction due to the severity if not taken seriously
Typically, KnowBe4 states that 16% of people who open a phishing email click on the links the email contains. (With training, that percentage drops, the firm says.) The fact is – your employees are the lock and key when it comes to your security. Without training as a layer of protection, your company doors could be wide open to cybercrime.
Some tips to get you started
First and foremost – educate your employees. You’d be surprised, but some employees do not know what a phishing campaign is. Let them know!
If an employee receives an email that has a suspicious subject line? Is extremely important the IT staff be alerted immediately. This is one of the easiest ways to convert your employees from potential targets and victims into allies and partners in the fight against cybercrime.
Most importantly, use the right tools to avoid scams like these. There are great tools out there that can help you train your employees and even filter these emails out of your inboxes. If you need a partner to help you decide which tools are right for your organization, we can help. We’ve even helped companies develop their own security awareness training programs from scratch that are unique and work for them.