Webroot Report: Nearly Half of Employees Confess to Clicking Links in Potential Phishing Emails at Work

Global survey highlights a false confidence in the ability to distinguish a phishing email; An email from the boss tops list of phish clickbait

BROOMFIELD - September 24, 2019

Webroot, a Carbonite (CARB) company, released a report, Hook, Line and Sinker: Why Phishing Attacks Work, that sheds light on psychological factors impacting an individual's decision to click on a phishing email. Executed in partnership with Wakefield Research, the report surveyed 4,000 office professionals from the U.S., U.K., Japan and Australia (1,000 per region) to determine what people know about phishing attacks, what makes them click on a potentially malicious link and other security habits. 

While a majority (79%) of people reported being able to distinguish a phishing message from a genuine one, nearly half (49%) also admit to having clicked on a link from an unknown sender while at work. Further, nearly half (48%) of respondents said their personal or financial data had been compromised by a phishing message. However, of that group more than a third (35%) didn’t take the basic step of changing their passwords following a breach. Not only is this false confidence potentially harmful to an employee’s personal and financial data, but it also creates risks for companies and their data.

There is no foolproof way to prevent being phished but taking a layered approach to cybersecurity including ongoing user training will significantly reduce risk exposure. As Forrester points out in its report, Now Tech: Security Awareness and Training Solutions, Q1 2019, “your workforce should treat cybersecurity awareness with the same importance they use for ensuring that their projects, products, and messages are on key with company brand. Invest in solutions that weave security best practices throughout your corporate culture.”


Read the Full Webroot Report: Hook, Line and Sinker: Why Phishing Attacks Work

Notable Findings:

Employees are falsely confident when it comes to knowledge of phishing

  • 79% of participants say they can distinguish a phishing message from a genuine one
  • 81% of participants are aware that phishing attempts can occur through email, but fail to recognize the many other ways hackers conduct phishing attacks:
    • 60% of participants believe phishing attempts can come through social media
    • 59% of participants believe phishing can come via text or SMS messages
    • 43% of participants believe that phishing attempts are made via phone calls
    • Only 22% believe phishing attempts can come through video chat

Nearly half (48%) of participants say they have had their personal or financial data compromised, but many fail to take basic cyber hygiene action following that exposure

  • In the wake of a data exposure, only:
    • 65% of participants changed their passwords, meaning 35% did not change their password
    • 48% of participants ordered a new credit card
    • 43% of participants set up alerts with their credit agency

Security habits leave businesses vulnerable

  • Nearly half (49%) of participants admit to clicking on a link from an unknown sender while at work, with nearly one third of respondents overall (29%) admitting to doing so more than once
  • Of those who clicked a link from an unknown sender at work:
    • A majority (74%) did so via email
    • 34% clicked on links via social media
    • 29% clicked on links sent via text or SMS
    • Of the 67% of respondents who know they’ve received a phishing message at work, 39% did not report it

Employees are more click happy outside of work

  • In a typical day when not working, 70% of employees are likely to click on at least one link received via email
  • 31% of participants click on more than 25 personal-life links a day
  • 56% of participants are more likely to click on a link or open an attachment from an unknown source on their personal computer

Nearly two-thirds of respondents (60%) are most likely to open an email from their boss first, compared to:

  • 55% who would first open a message from a family member or friend
  • 31% who would first open a request from their bank to confirm a transaction
  • 28% of people would first open a message with a discount offer from a store

Key Quote:

George Anderson, Product Marketing Director, Webroot, a Carbonite Company

“Phishing attacks continue to grow in popularity because, unfortunately, they work. Hackers and criminals weaponize the simple act of clicking and employ basic psychological tricks to inspire urgent action. It is vital that consumers educate themselves on how to protect both their personal and financial data and what steps to take if their information is compromised or stolen.

For businesses that means implementing regular simulated phishing and external attacks that address the various ways hackers attempt to breach organizations through their users. By combining the latest detection, protection, prevention and response technology with consistent attack training and education, IT Security departments can tackle the people, process and technology combinations needed to successfully mitigate attacks.”

Key Quote:

Cleotilde Gonzalez, Ph.D., Research Professor, Carnegie Mellon University

“Security and productivity are always in a tradeoff. People put off security because they are too busy doing something with a more ’immediate’ reward. These findings illuminate the pertinent need for a mindset makeover, where the longer-term reward of security doesn’t get put on the back burner.”

Additional Resources:

About Webroot

Webroot, a Carbonite company, harnesses the cloud and artificial intelligence to protect businesses and individuals against cyber threats. We provide endpoint protection, network protection, and security awareness training solutions purpose built for managed service providers and small businesses. Webroot BrightCloud® Threat Intelligence Services are used by market leading companies like Cisco, F5 Networks, Citrix, Aruba, Palo Alto Networks, A10 Networks, and more. Leveraging the power of machine learning to protect millions of businesses and individuals, Webroot secures the connected world. Webroot operates globally across North America, Europe, Australia and Asia. Discover Smarter Cybersecurity® solutions at webroot.com.

Social Media: Twitter | LinkedIn YouTube | Facebook

About Carbonite

Carbonite provides a robust data protection platform for businesses, including backup, disaster recovery, high availability and workload migration technology. The Carbonite data protection platform supports businesses on a global scale with secure cloud infrastructure. To learn more, visit www.carbonite.com and follow us on Twitter at @Carbonite.

Carbonite, Inc. serves customers through three brands: Carbonite data protection, Webroot cybersecurity, and MailStore email archiving.

# # #

About Us

Webroot delivers next-generation endpoint security and threat intelligence services to protect businesses and individuals around the globe. Our smarter approach harnesses the power of cloud-based collective threat intelligence derived from millions of real-world devices to stop threats in real time and help secure the connected world.