An email arrives to your inbox and it looks legitimate. But you don’t know the sender. Are you someone who trashes it or opens it?
If you click on the link, you’re in good company. Almost half of internet users worldwide clicked on links from unknown senders while at work, according to a recent Webroot study. To top it off: 29% of users admitted to doing it more than once.
And when it comes to phishing attacks, that’s just the kind of results cybercriminals like.
The 13-page report titled Hook, line and sinker: Why phishing attacks work does a deep dive into the clicking habits and phishing knowledge of 4,000 office workers across the U.S., U.K., Australia, and Japan. The survey was conducted in partnership with Wakefield Research.
Why phishing attacks succeed
The success of any phishing scam hinges on end users clicking on malicious links.
“Every link in every email is a chance for a phishing attempt to hit pay dirt,” said Briana Butler, senior engineering data analyst at Webroot.
Phishing attacks trick users into giving up their sensitive information and lead to identity theft and even data breaches.
Here’s some interesting statistics on users’ clicking habits that the survey uncovered:
- 74% of workers who’ve clicked through links from unknown sender messages admit the links were in emails and 34% said links were in social media.
- Only 43% verify that the links match their intended destination before clicking.
- 56% said they are more likely to click on a link or open an attachment from an unknown source on their personal computer or device
Social media phishing
With phishing strategies evolving, phishers have long moved away from betting on Nigerian prince scams to hook consumers.
Today, phishing scams emanate signs of increased sophistication and better implementation of social engineering techniques.
While email continues to be the most popular phishing vector, did you know phishers are increasingly using social media to carry out phishing attacks?
Recent phishing scams involve users are being sent a video link via Facebook messenger asking, “Is this you?” And the message looks like it came from someone you know. Users who click on the link are taken to a website that appears to be Facebook or YouTube and asked to log in again. Once the user provides their login information, the hacker takes over their social media account.
As phishers get better at their craft, remember that not clicking on links form unknown senders – via email, text or social media -- remains the best defense tactic against phishing. Add in best practices like practicing strong password security and setting up two-factor authentication to the mix, to keep phishers at bay.
More importantly, remember to install a robust antivirus software and keep it up to date. Deploying strong endpoint protection and implementing a backup strategy are also essential.