Rhea Kelly | September 19, 2017

End Users Getting Better at Identifying Phishing Attacks

Users today are more likely to recognize a phishing attack than they were a year ago, according to data from Wombat Security Technologies. In the 2017 Beyond the Phish Report, the security awareness and training company analyzed the results of more than 70 million questions answered by end users who completed its assessments and training modules, covering a variety of information security topics. The users came from a range of industries, including healthcare, retail, manufacturing and education. Across all industries, users performed better this year on questions around identifying phishing attacks, answering incorrectly only 24 percent of the time on average, compared to 28 percent in 2016.

Other bright spots include:

  • Questions on social media were answered incorrectly 22 percent of the time, compared to 31 percent last year — giving the category the largest year-over-year improvement in the study;
  • In the category of working safely outside the office, users answered incorrectly 20 percent of the time, compared to 26 percent last year;
  • Overall, users did well in the area of protecting yourself against scams (a new category for 2017), answering incorrectly 14 percent of the time. Education users out-performed the average here, with just 10 percent of questions answered incorrectly; and
  • Password safety was the best understood category, with users answering incorrectly just 12 percent of the time.