McAfee research shows phishing is alive and well

The latest Threats Report from McAfee has revealed that phishing has lost none of its  effectiveness.

Of the 16,000 commercial users who were involved in the Phishing Quiz from the security software company – which asks respondents to differentiate between valid emails or phishing messages – 80 per cent were fooled by one or more of seven individual scam emails.

Human resources staff were the weakest participants, with finance and accounting professionals a close second. The best performers were R&D staff, with IT workers second in successfully identifying which emails were which.

Spoof email addresses were most efficient at pulling the wool over the eyes of the participants; a UPS-branded phishing email utilising this method, along with strategically integrated branding elements, achieved the highest success rate.

PhishMe CEO Rohyt Belani told SCMagazine.com that just one successful phishing email can lead to a breach, giving cyber criminals access to organisational networks:

“Rather than trying to reduce susceptibility to zero (which is impossible), organizations should focus on improving attack detection by nurturing human sensors that will report suspicious emails.”

He said that should an employee fall foul of the attack, others targeted by one of a similar nature can recognise and file it to incident response staff quick enough for it to be resolved.

With recognising phishing emails not an easy task as some company bosses may have been led to believe, firms may be prompted to take another look at their IT security recruitment strategy to ensure they have the necessary personnel in place. It may just allow them to avoid a significant breach.