According to
estimates, 91% of all cyberattacks begin with a phishing email, and phishing techniques are involved in 32% of all successful data breaches.
To provide further insight into this threat, Kaspersky analyzed data gathered from a phishing simulator, provided voluntarily by users
[1]. Integrated into
Kaspersky Security Awareness Platform, this tool helps companies check if their staff can distinguish a phishing email from a real one without putting corporate data at risk. An administrator chooses from the set of templates, mimicking common phishing scenarios, or creates a custom template, then sends it to the group of employees without pre-warning them and tracks the results. A large number of users clicking the link is a clear indication that additional cybersecurity awareness training is required.
According to recent phishing simulation campaigns, the five most effective types of phishing email are:
- Subject: Failed delivery attempt - Unfortunately, our courier was unable to deliver your item. Sender: Mail delivery service. Click conversion: 18.5%;
- Subject: Emails not delivered due to overloaded mail servers. Sender: The Google support team. Click conversion: 18%;
- Subject: Online employee survey: What would you improve about working at the company. Sender: HR Department. Click conversion: 18%;
- Subject: Reminder: New company-wide dress code. Sender: Human Resources. Click conversion: 17.5%;
- Subject: Attention all employees: new building evacuation plan. Sender: Safety Department. Click conversion: 16%.
Among the other phishing emails that gained a significant number of clicks are; reservation confirmations from a booking service (11%), a notification about an order placement (11%), and an IKEA contest announcement (10%).
On the other hand, emails that threaten the recipient, or offer instant benefits, appeared to be less “successful”. A template with the subject “I hacked your computer and know your search history” gained 2% of clicks, while offers for free Netflix and $1,000 by clicking a link tricked just 1% of employees.
