Business Express is an online portal that covers the latest developments in the world of business and finance. From startups and entrepreneurship to mergers and acquisitions, Business Express provides reporting on the stories that matter most to business leaders and decision-makers.The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.
touch screen mobile phone and buttons e mail SBI 300008774 - Business Express
close up of business man hand hold touch screen mobile phone and buttons e-mail

Best bite: Kaspersky reveals phishing emails that employees find most confusing


 

June 27, 2022

Phishing simulator data from Kaspersky Security Awareness Platform shows that workers tend not to notice pitfalls hidden in emails devoted to corporate issues and delivery problem notifications. Almost one in five (16% to 18%) clicked the link in the email templates imitating these phishing attacks.  

According to estimates, 91% of all cyberattacks begin with a phishing email, and phishing techniques are involved in 32% of all successful data breaches.

To provide further insight into this threat, Kaspersky analysed data gathered from a phishing simulator, provided voluntarily by users[1]. Integrated into Kaspersky Security Awareness Platform, this tool helps companies check if their staff can distinguish a phishing email from a real one without putting corporate data at risk. An administrator chooses from the set of templates, mimicking common phishing scenarios, or creates a custom template, then sends it to the group of employees without pre-warning them and tracks the results. A large number of users clicking the link is a clear indication that additional cybersecurity awareness training is required.  

According to recent phishing simulation campaigns, the five most effective types of phishing email are:

  • Subject: Failed delivery attempt – Unfortunately, our courier was unable to deliver your item. Sender: Mail delivery service. Click conversion: 18.5%
  • Subject: Emails not delivered due to overloaded mail servers. Sender: The Google support team. Click conversion: 18%
  • Subject: Online employee survey: What would you improve about working at the company. Sender: HR Department. Click conversion: 18%
  • Subject: Reminder: New company-wide dress code. Sender: Human Resources. Click conversion: 17.5%
  • Subject: Attention all employees: new building evacuation plan. Sender: Safety Department. Click conversion: 16%

Among the other phishing emails that gained a significant number of clicks are; reservation confirmations from a booking service (11%), a notification about an order placement (11%), and an IKEA contest announcement (10%).

Don't miss out on any breaking news or insightful opinions!
Subscribe to our free newsletter and stay updated on the go!


By submitting this form, you are consenting to receive marketing emails from: Global Banking & Finance Review. You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email.

On the other hand, emails that threaten the recipient, or offer instant benefits, appeared to be less “successful”. A template with the subject “I hacked your computer and know your search history” gained 2% of clicks, while offers for free Netflix and $1,000 by clicking a link tricked just 1% of employees. 

“Phishing simulation is one of the simplest ways to track employees’ cyber-resilience and evaluate the efficiency of their cybersecurity training. However, there are significant aspects that must be considered when conducting this assessment to make it really impactful,” comments Elena Molchanova, Head of Security Awareness Business Development at Kaspersky. “Since the methods used by cybercriminals are constantly changing, the simulation has to reflect up-to-date social engineering trends, alongside common cybercrime scenarios. It is crucial that simulated attacks are carried out regularly and supplemented with appropriate training – so users will develop a strong vigilance skill that will allow them avoid falling for targeted attacks or so-called spear phishing.”     

To prevent data breaches, and any related financial and reputational losses caused by phishing attacks, Kaspersky recommends the following for businesses:

  • Remind your employees about the basic signs of phishing emails. A dramatic subject line, mistakes and typos, inconsistent sender addresses and suspicious links;
  • If there is any doubt about the received email, check the format of attachments before opening them and the link accuracy before clicking. This can be achieved by hovering over these elements – make sure the address looks authentic and the attached files are not in an executable format;
  • Always report phishing attacks. If you spot a phishing attack, report it to your IT security department and, if possible, avoid opening the malicious email. This will allow your cybersecurity team to reconfigure anti-spam policies and prevent an incident;
  • Supply your employees with basic cybersecurity knowledge. Education should be aimed at changing the behavior of learners and teaching them how to deal with threats. As a major cybersecurity vendor, Kaspersky possesses a relevant base of information on real attacks and continuously supplements its Security Awareness Trainings in accordance with the current threat landscape;
  • Since phishing attempts can be confusing, and there’s no guarantee of avoiding all accident clicks, protect your working devices with reliable security. Choose a solution that provides anti-spam capabilities, tracks suspicious behavior, and creates a backup copy of your files in case of ransomware attacks. Anti-phishing protection is included in some security solutions, even for small and very small businesses, such as Kaspersky Small Office Security.

About Kaspersky

Kaspersky is a global cybersecurity and digital privacy company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialised security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 240,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.

 

Recent Post: