As a cybercriminal tactic, phishing is not new. In fact, one of the very first records of the term appeared in an early internet “cracking” application in January of 1996. Despite its age, phishing continues to be one of the most pervasive cyber threats individuals and businesses face. When technology moves at today’s astonishing rates, why is such an old method of internet trickery still so common? The answer is simple: because it’s still wildly successful. Perhaps the more important question, then, is: why are people still clicking?
We surveyed 7,000 office workers in the United States, United Kingdom, Australia/New Zealand, Germany, France, Italy and Japan on their understanding of phishing, their email and click habits, and how their online lives have changed since the beginning of the COVID-19 pandemic. First, we compared our new data with answers from our survey last year, featured in the report Hook, Line, and Sinker: Why Phishing Attacks Work. We then worked with Dr. Prashanth Rajivan, assistant professor at the University of Washington, to get his take on why 8 in 10 people worldwide claim to take adequate steps to determine the legitimacy of emails, yet 3 in 10 admit to having fallen for a phishing scam in the last year.
According to Dr. Rajivan, what we need to consider is that human beings aren’t necessarily good at dealing with uncertainty, which is part of why cybercriminals capitalize on upheaval (such as a global pandemic) to launch attacks.
In this report, we’ll dive into the survey results, present insights and analysis from Dr. Rajivan and our own cybersecurity experts and reveal real-world concerns from workers around the globe. Finally, we’ll offer steps to help businesses and individuals stay resilient against phishing attacks.