Kaspersky reveals phishing emails that employees find most confusing – PCR

according to Estimate91% of all cyberattacks begin with phishing emails, and phishing techniques are involved in 32% of all successful data breaches.

To provide further insight into this threat, Kaspersky analyzed data collected from user-provided phishing simulators.[1]..Integrated into Kaspersky Security Awareness Platform, This tool helps businesses see if their staff can distinguish between phishing emails and real emails without compromising corporate data. Administrators can choose from a set of templates that mimic common phishing scenarios, or create custom templates and send them to a group of employees without prior warning to track the results. Many users who click on the link clearly indicate that they need additional cybersecurity awareness training.

According to recent phishing simulation campaigns, the five most effective phishing emails are:

  • subject: Failure of delivery attempt-Unfortunately, the courier was unable to deliver the item. Sender: Email delivery service. Click conversion: 18.5%
  • Subject: Mail is not delivered because the mail server is overloaded. Sender: Google support team. Click conversion: 18%
  • Subject: Online Employee Survey: What would you improve about working for the company? Sender: HR department. Click conversion: 18%
  • Subject: Reminder: New company-wide dress code. Sender: Human resources. Click conversion: 17.5%
  • Subject: Attention to all employees: Evacuation plan for new building. Sender: Safety department. Click conversion: 16%

Other phishing emails that have received quite a few clicks include: Reservation confirmation from booking service (11%), order notification (11%), and IKEA contest notification (10%).

on the other hand, Emails that threaten or immediately benefit recipients seemed less “successful.” The template with the subject “Hacking a computer and knowing the search history” got 2% of clicks, but by clicking the link with free Netflix, the $ 1,000 offer is only one of the employees. I cheated%.

“Phishing simulation is one of the easiest ways to track employee cyber resilience and assess the efficiency of cybersecurity training, but consider it when performing this assessment to actually impact it. There are important aspects to do, “commented Elena Molchanova, Head of Security Awareness Business Development at Kaspersky. “Since the methods used by cybercriminals are constantly changing, simulations need to reflect the latest social engineering trends in addition to common cybercrime scenarios on a regular basis. It is important to perform it in a targeted manner and add appropriate training, so that users can acquire powerful alert skills to prevent targeted attacks and so-called spear phishing. ”

Please read the latest version of the monthly PCR magazine below.

Do you like this content?sign up Free PCR Daily Digest An email service for sending the latest technical news directly to your inbox. You can also follow the PCR twitter When Facebook.. Kaspersky reveals phishing emails that employees find most confusing – PCR

Back to top button