Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

Study: Phishing Messages Elude Filters, Frequently Hit Untrained Users

Many users don't know how to respond to fraudulent email, according to survey of Black Hat attendees

Many users are faced with multiple phishing messages every day, but few are trained in how to recognize or respond to them, according to a study released today.

Click here for more of Dark Reading's Black Hat articles.

In a survey of 250 attendees at last month's Black Hat USA conference in Las Vegas, more than two-thirds (69 percent) of security professionals said they encounter phishing messages that get past anti-spam filters and reach users’ email boxes at least a few times a week. Almost a quarter of the respondents said they see such messages in users’ mailboxes multiple times every day, according to the study, which was conducted by security firm PhishMe.

"There are a lot of people who think that because they have a spam filter, they are safe," says Scott Greaux, vice president of product management at PhishMe. "But we see in the survey that it's not just the occasional phishing message that gets through -- in some cases, users are getting multiple messages every day."

More than one quarter (27 percent) of the Black Hat respondents said that top executives or other privileged users in their enterprises have been compromised by spear-phishing attacks within the past 12 months. Another 31 percent of security pros said they weren’t sure whether their executives or privileged users had been hit with such attacks.

PhishMe, which offers a service that helps users recognize phishing and social engineering attacks, asked attendees how they are training their users in security practices.

Nearly half (49 percent) of the respondents said their users receive training once a year; nearly one-tenth (9 percent) said their organizations have no security training programs at all. Three of the top four training methods listed by Black Hat attendees -- recorded video/computer-based training (39.3 percent), paper tests/quizzes (32.9 percent), and handbooks/printed guides (28.5 percent) -- involve no live interaction with humans.

"What that says is that not only are the phishing messages getting through, but most users aren't trained what to do when they get them," Greaux says.

Have a comment on this story? Please click "Add a Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message. Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
macker490
50%
50%
macker490,
User Rank: Ninja
8/21/2012 | 2:31:37 PM
re: Study: Phishing Messages Elude Filters, Frequently Hit Untrained Users
unfortunately an e/mail can be sent without authentication.- I can send you an e/mail and say I'm Richard Nixon.- All I need is an e/mail service program -- of which there are a plenty for free downloads

the solution really isn't difficult: just get a PUBLIC KEY from people at the same time you get their e/mail address -- and adopt a secure e/mail system such as ENIGMAIL(with Thunderbird) or PGP/Desktop(with OUTLOOK) .

this will allow you to verify the identity of those who subscribe to this concept.

which should be everyone who is not a spammer.
COVID-19: Latest Security News & Commentary
Dark Reading Staff 6/3/2020
Data Loss Spikes Under COVID-19 Lockdowns
Seth Rosenblatt, Contributing Writer,  5/28/2020
Abandoned Apps May Pose Security Risk to Mobile Devices
Robert Lemos, Contributing Writer,  5/29/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-13777
PUBLISHED: 2020-06-04
GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version is 3.6.4 (2018-09-24) because of an error in a 2018-09-18 commit. Until the first key rotation, the TL...
CVE-2020-10548
PUBLISHED: 2020-06-04
rConfig 3.9.4 and previous versions has unauthenticated devices.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.
CVE-2020-10549
PUBLISHED: 2020-06-04
rConfig 3.9.4 and previous versions has unauthenticated snippets.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.
CVE-2020-10546
PUBLISHED: 2020-06-04
rConfig 3.9.4 and previous versions has unauthenticated compliancepolicies.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.
CVE-2020-10547
PUBLISHED: 2020-06-04
rConfig 3.9.4 and previous versions has unauthenticated compliancepolicyelements.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.