14 DAY TRIAL // A new study by PhishMe, a company specialized in cyber-security training, shows that phishing email campaigns are most effective in the first hours of the first day after the campaign was started.
Despite being one of the first-ever techniques employed in cyber-attacks, even 20 or so years after it was first used, phishing and spear phishing remain one of the favorite methods of compromising users and infecting computers.
In a report that compiles data from over 400 customers, from over 4,000 training simulations, and after sending more than 8 million simulated phishing emails to more than 3.5 million employees in 23 different industry sectors in the last 13 months, PhishMe has gathered some insightful statistics.
According to their findings, 87% of the employees that opened their simulated phishing email did so on the same day it was sent. This puts them in danger because, even if the company had a security incident response team (SIRT) hired to deal with such threats, if enterprise security systems don't pick up the phishing campaign, by opening the email so quickly, employees don't allow the SIRT team enough time to react and blacklist the threat on the company's email servers.
Most phishing emails are opened in the morning
Additionally, regardless of the time of day the phishing email was sent, most employees opened it first thing in the morning, as part of their regular routine, usually around 08:00 AM each day.
Furthermore, in 67% of cases, persons that opened one phishing email would also open another one.
Business-themed emails proved to be the most effective, which makes sense, since that's what employees usually do all day at work: answer business emails.
The good news is that the report also reveals that, after four simulated phishing attempts, 97.14% of all employees stopped responding to such threats.
"With repetition, a sustained and well-executed phishing simulation program provides a significant reduction in overall exposure to risk from this ever-changing attack vector and improves the security posture of an organization," PhishMe analysts conclude.
If you want to learn more details, the PhishMe Enterprise Phishing Susceptibility Report is available for download.
