Skip to main content

3 in 10 workers worldwide have clicked a phishing link in the past year. In the US, it’s 1 in 3.

With the massive increase in remote work due to COVID-19, there has also been an explosion in cybercriminal activity like phishing. Not only is phishing still prevalent, but it continues to be on the rise. In fact, more than 1 in 4 Americans has received a phishing email related to the pandemic.

Why are people still clicking?

For our new report, COVID-19 Clicks: How Phishing Capitalized on a Global Crisis, we surveyed 7,000 office workers in the United States, United Kingdom, Australia/New Zealand, Germany, France, Italy and Japan on their understanding of phishing, their email and click habits, and how their online lives have changed since the beginning of the COVID-19 pandemic. We then worked with Dr. Prashanth Rajivan, assistant professor at the University of Washington and expert in human behavior and cybersecurity, to get his take on why phishing still works.

According to Dr. Rajivan, what we need to consider is that human beings aren’t necessarily good at dealing with uncertainty, which is part of why cybercriminals capitalize on upheaval (such as a global pandemic) to launch attacks.

“People aren’t great at handling uncertainty. Even those of us who know we shouldn’t click on emails from unknown senders may feel uncertain and click anyway. That’s because we’ve likely all clicked these kinds of emails in the past and gotten a positive reward. The probability of long-term risk vs. short-term reward, coupled with uncertainty, is a recipe for poor decision-making, or, in this case, clicking what you shouldn’t.” – Prashanth Rajivan, Ph.D.

Additionally, the report suggests that many of us are overconfident when it comes to cybersecurity. Nearly all respondents worldwide (95%) recognize that phishing remains a problem, but 76% admit to opening emails from unknown senders, with over half (59%) blaming it on the fact that phishing emails look more realistic than ever before. The survey also revealed an opportunity for more security awareness education. Just 59% of people believe they know what to do to keep their data safe, with nearly one third (29%) admitting they’ve clicked on a phishing scam in the last year and one in five (19%) confirming receipt of a phishing scam related to COVID-19.

Be sure to get your copy of COVID-19 Clicks

 

Global Call-outs

  • United States  44% of respondents are more concerned about phishing attempts this year, but 1 in 3 admit they have clicked a phishing link in the last year. 8% of those didn’t report it.
  • United Kingdom UK respondents have the highest level of confidence in their ability to keep themselves and their data safe from cyberattacks. 1 in 4 have clicked a phishing link in the last year.
  • Australia/New Zealand1 in 5 AU/NZ respondents reported having received phishing emails specifically related to COVID-19. But only 1 in 3 respondents are more concerned about phishing now than they were at the beginning of the year. 
  • Germany 79% of German respondents say they open emails from unknown senders. Of those, 13% said they do so all the time, while 15% said they do so only rarely.
  • France  A full 55% of French respondents admitted to clicking a phishing link in past year, even though 8 in 10 say they take steps to determine if messages are malicious when checking email.
  • Italy  Of Italians who clicked on a phishing link, 23% did not report it. While many recognize the cyber risks COVID-19 has brought, they aren’t really worried about them.
  • Japan Japanese respondents were the least likely to fall for a phishing scam, with only 16% of people having clicked a phishing link in the last year. They were also the least confident about their cyber-safety knowledge.

We all need to do better.

Dr. Rajivan says there are a lot of things we could do to improve. First, he says that, “if we want to enable employees to assess risk properly, we need to cut down on uncertainty and blurring of context lines. That means both educating employees and ensuring we take steps to minimize the ways in which work and personal life get intertwined.”

Additionally, he encourages us all to subscribe to cybersecurity-related content, such as podcasts, social feeds, security-related blogs (and this community!) so that knowledge about the latest threats and how to avoid them stays top-of-mind.

For more details, statistics, and concrete tips on how businesses and individuals can stay safe from phishing and other threats, I encourage you to check out the full report, as well as the other resources we’ve put together.

 

Additional Resources

 

With or without COVID19, phishing is here to stay.


Spot on, @smith2006 . Not going anywhere soon, that’s for sure. 

Have you experienced a recent phishing attempt during COVID? 


As for me I don’t see any phishing via emails or sites, but I get so many phishing calls so it’s best we all keep educated! https://crtc.gc.ca/eng/phone/telemarketing/cust.htm

 

https://www.canada.ca/en/revenue-agency/corporate/security/protect-yourself-against-fraud.html


Spot on, @smith2006 . Not going anywhere soon, that’s for sure. 

Have you experienced a recent phishing attempt during COVID? 


So far I have not encountered one with COVID19 theme


As for me I don’t see any phishing via emails or sites, but I get so many phishing calls so it’s best we all keep educated! https://crtc.gc.ca/eng/phone/telemarketing/cust.htm

 

https://www.canada.ca/en/revenue-agency/corporate/security/protect-yourself-against-fraud.html

I totally agree Triple helix. I haven't received any phishing emails for a while but have had several phishing phone calls. 


Phishing attacks pre-date COVID-19 but now there are more opportunists seeking to take advantage of poorly secured IT systems and there are more gullible people susceptible to being adversely impacted.


I am one of the lucky ones, I don’t get phishing e-mails at all or sites come up either.
The phone calls though any suspicion of a scam of any kind I hang up, the ones I get are those from supposedly microsoft.


Since we moved and have a different phone number our phone is silent (knock on wood). Before we moved with the old phone number I would get 2 or 3 scam phone calls a day. As for my cell phone, when I’m home I turn it off. When I turn it on when I’m going some where I just delete the few scam messages, if I have any.


Most of my phone calls are blocked if they are unknown numbers. I get voice messages sometimes and I just delete them. One has to be careful and smart with what one opens in a an email. Most of my email will go to junk. Never ever click an email links ...it's better to put the address in the Web browser yourself. Especially banking....Media sites are bad too like Facebook,  Instagram..etc..One has to always be alert when online! 

Great information @freydrew 😉


Training, Training, Training, then retraining is the key.   It is the best way to combat phishing.  There will always by new innovative ways to attempt to phish or infiltrate and it needs to be a constant reminder to your staff, and the customers your service.


Training, Training, Training, then retraining is the key.   It is the best way to combat phishing.  There will always by new innovative ways to attempt to phish or infiltrate and it needs to be a constant reminder to your staff, and the customers your service.

Totally agree. That’s why Security Awareness Training is so popular :) 


Reply