Despite repetitive training, warnings and even threats of punishment from some workplaces, employees still click on phishing emails. Why? The National Institutes of Standards and Technology (NIST) explored this issue in a recent study and found some simple answers.
Phishing emails contain links that, when clicked, lead to a site that will collect credentials and other key information. Phishing schemes are estimated to cost workplaces $9 billion in 2018, making this a serious problem needing to be addressed.
NIST found that despite training and reminders, context plays a big role in a successful phishing attempt. If an employee who is responsible for invoicing receives an email that appears to fit that job responsibility, they are more likely to click on it.
NIST recommends treating employees as partners in the battle against phishing. Educate them about new scams, make it easier to report attacks and make sure your technology keeps up and is proactive instead of reactive.