Kaspersky Phishing Simulation Proves That Cybersecurity Company Employees Are Still Fraudulent
JAKARTA - Phishing simulation data from Kaspersky Security Awareness Platform shows that employees are less likely to be aware of the latent dangers of emails with the subject of company issues and email delivery issues notifications.
This is evident because there are still one in five employees (16-18%) still click on email templates that mimic phishing attacks.
Based on estimates, of all existing cyberattacks, 91% started with phishing emails, and of all data leaks 32% were caused by the use of appropriate phishing techniques.
To provide deeper insight into this threat, Kaspersky analyzes data collected from phishing simulators, which are provided voluntarily by users.
Integrated into the Kaspersky Security Awareness Platform, this tool helps companies check whether their employees can distinguish real emails from phishing emails without compromising company data.
The simulation starts with a company administrator selecting from a list of existing templates, then mimicking a common phishing scenario, or creating a new template, then sending that email to a group of employees without the simulation warning.
As a result, a large number of employees actually clicked on phishing emails and this is an indication that the company needs additional cybersecurity training for employees.
Based on the phishing simulation activities above, the five most effective types of phishing emails are:
Subject: Failed delivery attempt - Unfortunately, our courier was unable to deliver your item. Sender: Mail delivery service. Number of clicks (opened emails): 18.5% Subject: Emails not delivered due to overloaded mail servers. Sender: The Google support team. Number of clicks: 18% Subject: Online employee survey: What would you improve about working at the company. Sender: HR Department. Number of clicks: 18% Subject: Reminder: New company-wide dress code. Sender: Human Resources. Number of clicks: 17.5% Subject: Attention all employees: new building evacuation plan. Sender: Safety Department. Number of clicks: 16%Other phishing emails that many employees clicked on were service order confirmations (11%), notification of order entry (11%), and IKEA contest announcements (10%).
On the other hand, emails that harm the recipient, or offer certain benefits, are less likely to attract employees.
According to Elena Molchanova, Head of Security Awareness Business Development at Kaspersky, phishing simulations are one of the easiest ways to determine employee cyber resilience and evaluate the efficiency of their cybersecurity training.
"However, there are important aspects that must be considered when deciding to carry out this activity so that the results can really be felt," he said in a Kaspersky press release, Monday, July 4.
However, Molchanova continued, because the methods used by cybercriminals are constantly changing, in addition to using common cybercrime scenarios, simulations must also imitate the latest social engineering trends.
"It is important to note that attack simulations are carried out routinely and supported by proper training, so that employees can increase their awareness which allows them to avoid targeted attacks or spear-phishing," he said.