One in eight Americans would fall victim to a phishing attack

Phishing remains an effective attack mechanism, finds global test

A report from security company Terranova highlights while phishing is such a common technique: it still fools a large percentage of targeted victims.

Almost one in eight North American employees would follow the instructions in a phishing email to the point where they'd download a malicious document from a spoofed website, according to the company's Security Phishing Benchmark Global Report. That would render them vulnerable to infection by malware, including ransomware.

The report found that 19.2% of North American employees clicked on an initial link in a phishing email. Over half of those that did went on to download a document from the malicious site, which means that overall, 11.8% of Americans would download a malicious document from a phishing site.

North Americans were more skeptical than most. In the Asia-Pacific region, 16% of people got to the point where they downloaded a malicious document, followed by Africa (15.3%), South America (15.1%), and Europe (14.9%).

On average, one in five users around the world clicked the link in the initial email, while 14.4% ended up downloading the document.

The worst offender by industry sector was education, where 21.9% of people reached the stage where they downloaded a malicious document. The IT industry, where you'd expect people to be tech-savvy, was the second worst performer.

Related Resource

The best defence against ransomware

How ransomware is evolving and how to defend against it

Blue padlock Free download

Healthcare and retail are the most diligent about phishing, with fewer than one user in 20 taking the bait. This could be because healthcare is so heavily regulated and retail has seen significant numbers of attacks.

The results came from the Global Phishing Tournament, an annual event that sent almost a million simulated phishing emails to test employee readiness during two weeks in October (Cyber Security Awareness Month).

The phishing emails, sent in 20 different languages, used templates from Microsoft that sent victims to a fake SharePoint page. The message included instructions on how to download the malicious file.

Phishing attackers continue to innovate so that their malicious emails bypass technical protections to reach users. Last month, researchers found them tampering with CSS to hide their phishing content from scanners.

Featured Resources

How virtual desktop infrastructure enables digital transformation

Challenges and benefits of VDI

Free download

The Okta digital trust index

Exploring the human edge of trust

Free download

Optimising workload placement in your hybrid cloud

Deliver increased IT agility with the cloud

Free Download

Modernise endpoint protection and leave your legacy challenges behind

The risk of keeping your legacy endpoint security tools

Download now

Recommended

Education and government most at risk from email threats
phishing

Education and government most at risk from email threats

26 Nov 2021
Attackers use CSS to fool anti-phishing systems
phishing

Attackers use CSS to fool anti-phishing systems

11 Nov 2021
Senate report slams agencies for poor cyber security
cyber security

Senate report slams agencies for poor cyber security

3 Aug 2021
Most employees put their workplace at risk by taking cyber security shortcuts
cyber security

Most employees put their workplace at risk by taking cyber security shortcuts

27 Jul 2021

Most Popular

How to move Microsoft's Windows 11 from a hard drive to an SSD
Microsoft Windows

How to move Microsoft's Windows 11 from a hard drive to an SSD

4 Jan 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

6 Jan 2022
Microsoft Exchange servers break thanks to 'Y2K22' bug
email delivery

Microsoft Exchange servers break thanks to 'Y2K22' bug

4 Jan 2022