{"id":6961,"date":"2016-10-17T08:59:40","date_gmt":"2016-10-16T21:59:40","guid":{"rendered":"https:\/\/www.backupassist.com\/blog\/?p=6961"},"modified":"2016-10-17T08:59:40","modified_gmt":"2016-10-16T21:59:40","slug":"counter-phishing-bait-half-of-users","status":"publish","type":"post","link":"https:\/\/www.backupassist.com\/blog\/counter-phishing-bait-half-of-users","title":{"rendered":"Does Counter-Phishing Work? Half of People Click Whatever They Are Sent"},"content":{"rendered":"

You know the feeling.<\/strong> A user has done something incredibly dumb. Like opening a strange attachment despite all the counter-phishing training you did last month. And your brain cells all scream at once, just one single word.<\/p>\n

“Whhhyyyyyyyy?”<\/em><\/p>\n

It’s said that common sense isn’t common. When it comes to IT, it’s even more true. A recent study<\/a>\u00a0found one in two users would click on links sent to them by strange senders via Facebook or E-mail.<\/p>\n

And even worse?\u00a0The same study\u00a0found even if the subjects knew the risks involved, they still<\/em> clicked on them.<\/p>\n

Given that phishing\u2014and in particular, spear phishing<\/a>\u2014can cost your company $150,000 or more, it’s a rather big deal. But the big question is this:\u00a0what in the heck can you actually do<\/em> about it?<\/p>\n

Users Are Natural Phish Bait – Hook, Line and Sinker<\/h2>\n

People aren’t just suckered in by e-mails and Facebook messages\u2014they’re equally susceptible to other forms of phishing as well.<\/strong> A joint study<\/a> by the University of Illinois, the University of Michigan, and Google found nearly half of people would not just pick up strange USBs they found lying around\u2014they’d plug them in, open the files inside and click on unfamiliar links.<\/p>\n

The study involved dropping hundreds of USBs in different locations. The first drives were connected in less than six minutes. In most cases, users were connecting them for innocent reasons\u2014discovering the owner so they could return them (68%) vs out of curiosity (18%)\u2014but they all lead to the same result. And in Australia, this very scam<\/a> is being used right now.<\/p>\n

\"counter-phishing<\/a>
Studies show the brand and label doesn’t matter: up to half of users would plug any of these in.<\/em><\/figcaption><\/figure>\n

It seems funny in an age when children are raised\u00a0on tablets and smartphones that people’s general knowledge of IT security is so lax. So why do even people who have gone through counter-phishing training still fall for this sort of scam?<\/p>\n

So Why Do Users Still Fall for It?<\/h2>\n

Counter-phishing research<\/a> has discovered several reasons your users may still be falling for phishing attacks, despite having gone through counter-phishing training.<\/p>\n

1.<\/strong> Even though users know there are risks, they don’t link these risks to their own situation. In short, they don’t believe it will happen to them.<\/p>\n

2.<\/strong> While users can identify familiar risks, they have difficulties generalizing what they know and applying it to unfamiliar risks. E.g. Someone who knows\u00a0clicking links in\u00a0unfamiliar e-mails might be bad won’t apply this knowledge to doing the same in unfamiliar Facebook messages.<\/p>\n

3.<\/strong> Internet users ignore\u00a0counter-phishing warnings by toolbars provided by their ISPs or web browsers.<\/p>\n

4.<\/strong> Since\u00a0illegitimate\u00a0e-mails are blocked by spam and anti-virus software, users place an unwarranted level of trust in e-mails they do<\/em> receive when they slip through the net.<\/p>\n

So, Is Counter-Phishing Training Useless?<\/h2>\n
\"training<\/a>
Sometimes, educating users\u00a0can be like this. Who am I kidding? This is most of the time.<\/em><\/figcaption><\/figure>\n

As much as we feel that we’re hitting our heads against a brick wall, we’re actually not.<\/strong> Studies show that well designed security education can be effective. Web-based training materials, contextual training, and embedded training have been shown to improve users’ ability to avoid phishing attacks in the future.<\/p>\n

Contextual training<\/strong> involves sending simulated phishing emails to your users to test their vulnerabilities. At the end of this, users are given materials to inform them about phishing attacks.\u00a0 It was discovered users who have seen an example in action and then received educational materials were better able to avoid future phishing attacks than those who just received only the materials.<\/p>\n

A related approach, known as Embedded training<\/strong>, involves teaching your users about phishing during their regular e-mail use. The user is asked to answer e-mails in their inbox, two of which include simulated phishing emails. At the moment they click on a link in the training email, an intervention is staged to train them to not fall for the attack. By training at the exact point of time the mistake is made, an association is made between the mistake and the proper approach.<\/p>\n

However, to play devil’s advocate, counter-phishing education has been around for years… and the problem hasn’t exactly disappeared. We seem to be able to reduce the risks of phishing to some degree with proper training, but the threat isn’t entirely eliminated. And approaches that target the non-user part of the equation seem to do more damage than good.<\/p>\n

So is there a perfect way to deal with these pesky phishers, or are we stuck with having to drill in counter-phishing techniques into users heads and hope for the best?<\/p>\n

One thing you can do is backup your data in case users leave the door open to malware or ransomware attacks. This year is turning out to be\u00a0the worst for ransomware on record<\/a> and emails are still the preferred infection route. By preemptively protecting your data, you’re not leaving things up to a 50-50 coin toss that your users will put counter-phishing training to\u00a0good use. For small to medium businesses, we suggest BackupAssist<\/a> (Free trial here<\/a>).<\/p>\n

Got any stories about your lovably thick users or counter-phishing training at your business?<\/em><\/p>\n

Post them here in the\u00a0comments section, tweet @BackupAssist<\/a> or post to facebook<\/a>.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"

You know the feeling. A user has done something incredibly dumb. Like opening a strange attachment despite all the counter-phishing training you did last month. And your brain cells all scream at once, just one single word. “Whhhyyyyyyyy?” It’s said that common sense isn’t common. When it comes to IT, it’s even more true. A … Read more Does Counter-Phishing Work? Half of People Click Whatever They Are Sent<\/span><\/a><\/p>\n","protected":false},"author":3,"featured_media":6963,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[22,23],"tags":[501,388,389,390],"class_list":["post-6961","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-interest","category-news","tag-counter-phishing","tag-malware","tag-security","tag-spear-phishing"],"yoast_head":"\nDoes Counter-Phishing Work? Half of People Open Any E-Mail<\/title>\n<meta name=\"description\" content=\"You know the feeling. A user has done something incredibly dumb. They open a strange attachment despite the counter-phishing training last month. Why?\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.backupassist.com\/blog\/counter-phishing-bait-half-of-users\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Does Counter-Phishing Work? Half of People Click Whatever They Are Sent\" \/>\n<meta property=\"og:description\" content=\"It's said that common sense isn't common. When it comes to IT, it's even more true. A recent study found one in two users would click on links sent to them by strange senders via Facebook or E-mail. So what can be done? #SysAdmin #security\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.backupassist.com\/blog\/counter-phishing-bait-half-of-users\" \/>\n<meta property=\"og:site_name\" content=\"Cyber Resilience Blog\" \/>\n<meta property=\"article:published_time\" content=\"2016-10-16T21:59:40+00:00\" \/>\n<meta name=\"author\" content=\"Adam Ipsen\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/www.backupassist.com\/app\/uploads\/sites\/3\/2016\/10\/jackie-chan-feature.jpg\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Adam Ipsen\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.backupassist.com\/blog\/counter-phishing-bait-half-of-users#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.backupassist.com\/blog\/counter-phishing-bait-half-of-users\"},\"author\":{\"name\":\"Adam Ipsen\",\"@id\":\"https:\/\/www.backupassist.com\/blog\/#\/schema\/person\/7a3a759eceffd2e597d435c34ed3519d\"},\"headline\":\"Does Counter-Phishing Work? Half of People Click Whatever They Are Sent\",\"datePublished\":\"2016-10-16T21:59:40+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.backupassist.com\/blog\/counter-phishing-bait-half-of-users\"},\"wordCount\":901,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.backupassist.com\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.backupassist.com\/blog\/counter-phishing-bait-half-of-users#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.backupassist.com\/app\/uploads\/sites\/3\/2016\/10\/jackie-chan-feature.jpg\",\"keywords\":[\"Counter-Phishing\",\"malware\",\"security\",\"spear phishing\"],\"articleSection\":[\"Interest\",\"News\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.backupassist.com\/blog\/counter-phishing-bait-half-of-users#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.backupassist.com\/blog\/counter-phishing-bait-half-of-users\",\"url\":\"https:\/\/www.backupassist.com\/blog\/counter-phishing-bait-half-of-users\",\"name\":\"Does Counter-Phishing Work? Half of People Open Any E-Mail\",\"isPartOf\":{\"@id\":\"https:\/\/www.backupassist.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.backupassist.com\/blog\/counter-phishing-bait-half-of-users#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.backupassist.com\/blog\/counter-phishing-bait-half-of-users#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.backupassist.com\/app\/uploads\/sites\/3\/2016\/10\/jackie-chan-feature.jpg\",\"datePublished\":\"2016-10-16T21:59:40+00:00\",\"description\":\"You know the feeling. A user has done something incredibly dumb. They open a strange attachment despite the counter-phishing training last month. Why?\",\"breadcrumb\":{\"@id\":\"https:\/\/www.backupassist.com\/blog\/counter-phishing-bait-half-of-users#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.backupassist.com\/blog\/counter-phishing-bait-half-of-users\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.backupassist.com\/blog\/counter-phishing-bait-half-of-users#primaryimage\",\"url\":\"https:\/\/www.backupassist.com\/app\/uploads\/sites\/3\/2016\/10\/jackie-chan-feature.jpg\",\"contentUrl\":\"https:\/\/www.backupassist.com\/app\/uploads\/sites\/3\/2016\/10\/jackie-chan-feature.jpg\",\"width\":745,\"height\":406},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.backupassist.com\/blog\/counter-phishing-bait-half-of-users#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.backupassist.com\/blog\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Does Counter-Phishing Work? Half of People Click Whatever They Are Sent\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.backupassist.com\/blog\/#website\",\"url\":\"https:\/\/www.backupassist.com\/blog\/\",\"name\":\"Cyber Resilience Blog\",\"description\":\"Protect Your Cloud Data with BackupAssist\",\"publisher\":{\"@id\":\"https:\/\/www.backupassist.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.backupassist.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.backupassist.com\/blog\/#organization\",\"name\":\"Cyber Resilience Blog\",\"url\":\"https:\/\/www.backupassist.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.backupassist.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.backupassist.com\/app\/uploads\/sites\/3\/2019\/09\/BA-Logo-Full-Logo.svg\",\"contentUrl\":\"https:\/\/www.backupassist.com\/app\/uploads\/sites\/3\/2019\/09\/BA-Logo-Full-Logo.svg\",\"caption\":\"Cyber Resilience Blog\"},\"image\":{\"@id\":\"https:\/\/www.backupassist.com\/blog\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.backupassist.com\/blog\/#\/schema\/person\/7a3a759eceffd2e597d435c34ed3519d\",\"name\":\"Adam Ipsen\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.backupassist.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d1cb7aaf3e3a12c73b037ce2cd62192517634d57a26edc34ff6b01f40fce1a50?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d1cb7aaf3e3a12c73b037ce2cd62192517634d57a26edc34ff6b01f40fce1a50?s=96&d=mm&r=g\",\"caption\":\"Adam Ipsen\"},\"url\":\"https:\/\/www.backupassist.com\/blog\/author\/adam-ipsen\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Does Counter-Phishing Work? Half of People Open Any E-Mail","description":"You know the feeling. A user has done something incredibly dumb. They open a strange attachment despite the counter-phishing training last month. Why?","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.backupassist.com\/blog\/counter-phishing-bait-half-of-users","og_locale":"en_US","og_type":"article","og_title":"Does Counter-Phishing Work? Half of People Click Whatever They Are Sent","og_description":"It's said that common sense isn't common. When it comes to IT, it's even more true. A recent study found one in two users would click on links sent to them by strange senders via Facebook or E-mail. So what can be done? #SysAdmin #security","og_url":"https:\/\/www.backupassist.com\/blog\/counter-phishing-bait-half-of-users","og_site_name":"Cyber Resilience Blog","article_published_time":"2016-10-16T21:59:40+00:00","author":"Adam Ipsen","twitter_card":"summary_large_image","twitter_image":"https:\/\/www.backupassist.com\/app\/uploads\/sites\/3\/2016\/10\/jackie-chan-feature.jpg","twitter_misc":{"Written by":"Adam Ipsen","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.backupassist.com\/blog\/counter-phishing-bait-half-of-users#article","isPartOf":{"@id":"https:\/\/www.backupassist.com\/blog\/counter-phishing-bait-half-of-users"},"author":{"name":"Adam Ipsen","@id":"https:\/\/www.backupassist.com\/blog\/#\/schema\/person\/7a3a759eceffd2e597d435c34ed3519d"},"headline":"Does Counter-Phishing Work? Half of People Click Whatever They Are Sent","datePublished":"2016-10-16T21:59:40+00:00","mainEntityOfPage":{"@id":"https:\/\/www.backupassist.com\/blog\/counter-phishing-bait-half-of-users"},"wordCount":901,"commentCount":0,"publisher":{"@id":"https:\/\/www.backupassist.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.backupassist.com\/blog\/counter-phishing-bait-half-of-users#primaryimage"},"thumbnailUrl":"https:\/\/www.backupassist.com\/app\/uploads\/sites\/3\/2016\/10\/jackie-chan-feature.jpg","keywords":["Counter-Phishing","malware","security","spear phishing"],"articleSection":["Interest","News"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.backupassist.com\/blog\/counter-phishing-bait-half-of-users#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.backupassist.com\/blog\/counter-phishing-bait-half-of-users","url":"https:\/\/www.backupassist.com\/blog\/counter-phishing-bait-half-of-users","name":"Does Counter-Phishing Work? Half of People Open Any E-Mail","isPartOf":{"@id":"https:\/\/www.backupassist.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.backupassist.com\/blog\/counter-phishing-bait-half-of-users#primaryimage"},"image":{"@id":"https:\/\/www.backupassist.com\/blog\/counter-phishing-bait-half-of-users#primaryimage"},"thumbnailUrl":"https:\/\/www.backupassist.com\/app\/uploads\/sites\/3\/2016\/10\/jackie-chan-feature.jpg","datePublished":"2016-10-16T21:59:40+00:00","description":"You know the feeling. A user has done something incredibly dumb. They open a strange attachment despite the counter-phishing training last month. Why?","breadcrumb":{"@id":"https:\/\/www.backupassist.com\/blog\/counter-phishing-bait-half-of-users#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.backupassist.com\/blog\/counter-phishing-bait-half-of-users"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.backupassist.com\/blog\/counter-phishing-bait-half-of-users#primaryimage","url":"https:\/\/www.backupassist.com\/app\/uploads\/sites\/3\/2016\/10\/jackie-chan-feature.jpg","contentUrl":"https:\/\/www.backupassist.com\/app\/uploads\/sites\/3\/2016\/10\/jackie-chan-feature.jpg","width":745,"height":406},{"@type":"BreadcrumbList","@id":"https:\/\/www.backupassist.com\/blog\/counter-phishing-bait-half-of-users#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.backupassist.com\/blog"},{"@type":"ListItem","position":2,"name":"Does Counter-Phishing Work? Half of People Click Whatever They Are Sent"}]},{"@type":"WebSite","@id":"https:\/\/www.backupassist.com\/blog\/#website","url":"https:\/\/www.backupassist.com\/blog\/","name":"Cyber Resilience Blog","description":"Protect Your Cloud Data with BackupAssist","publisher":{"@id":"https:\/\/www.backupassist.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.backupassist.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.backupassist.com\/blog\/#organization","name":"Cyber Resilience Blog","url":"https:\/\/www.backupassist.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.backupassist.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.backupassist.com\/app\/uploads\/sites\/3\/2019\/09\/BA-Logo-Full-Logo.svg","contentUrl":"https:\/\/www.backupassist.com\/app\/uploads\/sites\/3\/2019\/09\/BA-Logo-Full-Logo.svg","caption":"Cyber Resilience Blog"},"image":{"@id":"https:\/\/www.backupassist.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.backupassist.com\/blog\/#\/schema\/person\/7a3a759eceffd2e597d435c34ed3519d","name":"Adam Ipsen","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.backupassist.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d1cb7aaf3e3a12c73b037ce2cd62192517634d57a26edc34ff6b01f40fce1a50?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d1cb7aaf3e3a12c73b037ce2cd62192517634d57a26edc34ff6b01f40fce1a50?s=96&d=mm&r=g","caption":"Adam Ipsen"},"url":"https:\/\/www.backupassist.com\/blog\/author\/adam-ipsen"}]}},"_links":{"self":[{"href":"https:\/\/www.backupassist.com\/blog\/wp-json\/wp\/v2\/posts\/6961","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.backupassist.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.backupassist.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.backupassist.com\/blog\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.backupassist.com\/blog\/wp-json\/wp\/v2\/comments?post=6961"}],"version-history":[{"count":0,"href":"https:\/\/www.backupassist.com\/blog\/wp-json\/wp\/v2\/posts\/6961\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.backupassist.com\/blog\/wp-json\/wp\/v2\/media\/6963"}],"wp:attachment":[{"href":"https:\/\/www.backupassist.com\/blog\/wp-json\/wp\/v2\/media?parent=6961"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.backupassist.com\/blog\/wp-json\/wp\/v2\/categories?post=6961"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.backupassist.com\/blog\/wp-json\/wp\/v2\/tags?post=6961"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}