Simulated Phishing Study Reveals Who Falls for Them Most Often

Phishing is quite dangerous because of the fact that this is the sort of thing that could potentially end up putting your log-in information in the hands of someone other than yourself. It usually involves you being tricked into entering your details into a form that looks like the log-in page of a site that you use, but in truth it would just be a facsimile that has been put in place by various malicious actors and the like.

With all of that having been said and now out of the way, it is important to note that researchers working at ETH Zurich decided to conduct a simulated phishing program that would test out various aspects of this phenomenon. These simulated attacks were conducted over a period of fifteen months. The primary goal of this study was to determine who was most likely to fall for these phishing attacks, especially when you look at it from the perspective of the various employees that might be working at a specific company.

A couple of other things that the study was attempting to determine was the kind of evolution that these attacks have seen over the testing period, as well as the efficacy of prompts and embedded notices with regards to preventing these attacks from happening in the first place. Both of these are important since phishing attacks tend to change dramatically over time, and what’s more is that embedded warnings are a prime tool that is utilized by companies that want to protect their employees and themselves from such attacks.

One of the most pertinent findings from this study was that there was no correlation between gender and the likelihood of falling for an attack. Rather, age seems to be a factor that can make you more or less likely to click on a phishing link without realizing what it might end up doing to you. People between the ages of eighteen to nineteen were the most likely to click on and enter information into phishing links and the like which dispels the notion that phishing is something that mostly old people suffer from.

Another phenomenon that was noted was that of repeat clickers. This is a term used to describe people that click on more than one phishing email. More than 30% of the people that fell for a phishing attack ended up falling for another one as well. That indicates that more education needs to be provided to these people since they might not be aware of the dangers that are posed by losing your log-in details to a malicious actor that might end up doing all sorts of things with them.

What’s more is that there was a limit to how useful warning emails and prompts could be with all things having been considered and taken into account. While a warning did reduce the likelihood of someone or the other clicking on a phishing link, this number didn’t go up with more complicated warnings or prompts. That basically means that a simple warning is enough, and putting more effort into that won’t really do anything to reduce the frequency with which phishing attacks might impact people as time goes by.


Read next: How to Deal With Personal Data Breaches (Infographic)
Previous Post Next Post