1 in 10 Phishing E-mails Fool Users in Education

In a recent study, 10 percent of simulated phishing e-mails sent to users in education institutions were successful, causing the recipient to click on a fraudulent link. That's according to the 2018 State of the Phish report from Wombat Security Technologies, in which researchers measured the average click rates on phishing tests across various industries. Education had an average click rate of 10 percent; the industries that performed worst in the tests were telecommunications and retail, with 15 percent and 14 percent average click rates, respectively. 

The study, which looked at user awareness and behavior around phishing and other data security issues, gathered data from several sources:

  • Analysis of tens of millions of simulated phishing attacks sent through Wombat's Security Education Platform between Oct. 1, 2016, and Sept. 30, 2017;
  • Survey responses from 10,000-plus information security professionals in more than 16 industries; and
  • A third-party survey of about 3,000 technology users in the United States, United Kingdom and Germany.

Other findings include:

  • Across all industries, 76 percent of organizations experienced phishing attacks in 2017;
  • Nearly half of information security professionals believe the rate of attacks has increased compared to 2016;
  • 76 percent of organizations now measure their susceptibility to phishing, up from 66 percent in 2016;
  • 95 percent of organizations train their end users on how to identify and avoid phishing attacks; and
  • 61 percent of users in the U.S. could correctly define what phishing is, while just 46 percent knew what ransomware is.

The report also pointed to one area where awareness is particularly low among U.S., U.K. and German adults: "smishing," or SMS/text message phishing. Just 16 percent of survey participants could correctly define smishing, while 67 percent couldn't even venture a guess.

"Smishing (SMS/text message phishing) has generally been considered a regional, consumer-based threat as opposed to a global cybersecurity concern," the report noted. "However, media coverage of successful smishing attacks rose during 2017 — a trend that's sure to increase in 2018 given that awareness of this threat vector is low."

For the full report, visit the Wombat site (registration required).

About the Author

Rhea Kelly is editor in chief for Campus Technology, THE Journal, and Spaces4Learning. She can be reached at [email protected].

Featured

  • glowing digital brain-shaped neural network surrounded by charts, graphs, and data visualizations

    Google Launches Advanced AI Model for Complex Reasoning Tasks

    Google has introduced Gemini 2.5 Deep Think, an advanced artificial intelligence model designed for complex reasoning tasks.

  • teacher writing on whiteboard in office

    It's Never Too Early to Plan for Back-to-School

    School's out for summer, but teacher planning and purchasing for the upcoming year has only just begun.

  • red brick school building with a large yellow "AI" sign above its main entrance

    New National Academy for AI Instruction to Provide Free AI Training for Educators

    In an effort to "transform how artificial intelligence is taught and integrated into classrooms across the United States," the American Federation of Teachers (AFT), in partnership with Microsoft, OpenAI, Anthropic, and the United Federation of Teachers, is launching the National Academy for AI Instruction, a $23 million initiative that will provide access to free AI training and curriculum for all AFT members, beginning with K-12 educators.

  • magnifying glass highlighting a human profile silhouette, set over a collage of framed icons including landscapes, charts, and education symbols

    New AI Detector Identifies AI-Generated Multimedia Content

    Amazon Web Services and DeepBrain AI have launched AI Detector, an enterprise-grade solution designed to identify and manage AI-generated content across multiple media types. The collaboration targets organizations in government, finance, media, law, and education sectors that need to validate content authenticity at scale.