Hook, Line, and Sinker: Why Phishing Attacks Work

When we talk about phishing, it might conjure up memories of scam emails from foreign princes, chock-full of terrible typos, grammar mistakes, and other easy-to-spot signs that the message might not be legitimate. If you’re thinking in those terms, it might shock you to find out how many people actually fall for such attacks.

But these days, phishing attacks are getting increasingly believable. More scams are being reported in which an employee receives a message from their boss, CEO, or another higher-up, typically demanding that they take an action right away. And with strong pressure to perform well at work, people are more likely to take this kind of bait.

In partnership with Wakefield Research, we surveyed 4,000 office workers across the U.S., U.K., Australia, and Japan on their phishing knowledge and clicking habits. We then consulted with Dr. Cleotilde Gonzalez, research professor in the Department of Social and Decision Sciences at Carnegie Mellon University, to gain a deeper insight into the question: what is it that makes people click?

According to Dr. Gonzalez, the short answer to the question is “urgency, familiarity, and context.”

In this report, we’ll dig deeper into the survey results and present our own understanding of these statistics, as well as analysis from Dr. Gonzalez, insights from cybersecurity experts, real-world phishing stories from our customers and partners, and tips on how to stay safe from phishing threats.