More than half engage with suspicious emails and SMSs
Only 3% can correctly identify which emails and SMS are legitimate or scams
KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, today announced new research which has found more than half of APAC office workers (59 per cent) don’t believe using their work email for personal activity is a security risk to their employer.
Furthermore, less than four in ten (39 per cent) say they always report suspicious emails and SMSs to the IT team responsible for cyber security. More than half (51 per cent) say they engage with suspicious emails and SMSs. Almost half of APAC office workers (46 per cent) say they are not confident in identifying which emails are legitimate and which are scams, and 48 per cent feel the same way about identifying SMSs. However, when tested, that number fell even more with only three per cent able to correctly identify all the real and scam emails and SMSs.
Jacqueline Jayne, Security Awareness Advocate for APAC at KnowBe4 is concerned: “The obvious first issue with this is that if APAC office workers are unable to identify scam emails and SMS messages then they are at significant risk of getting phished or smished*, risking both their security and that of their employer. According to the ACCC, Australians lost a record $323 million to scams in 2021 (up a massive 84 per cent from the previous year). Meanwhile, 790 Singaporean victims fell prey to the recent OCBC smishing scam with a total loss amount of SGD$13.7 million, so the potential cost to APAC businesses is huge.”
In addition, more than one in ten admit to using their work phone (14 per cent) and their work email address (11 per cent) for personal activities and more than one in three (34 per cent) APAC office workers admit to using the same password for more than one account.
Jayne continues: “When employees are using their work email address for personal activities such as online shopping, they are much more likely to fall victim of a phishing attack that uses a hook such as delivery delays to entice the victim to click through. Having a clear separation between work and personal activities makes it much easier to spot when an email is a scam – if you know you never shop online using your work email address then you know that email from Amazon can’t be real.”
Advice to stay safe:
Awareness is the number one way to avoid falling for a phishing or spam email so it is imperative employees are educated to stop and think before they act on anything. You need to be very careful of any emails or text messages that require you to click a link, open an attachment, share your login details, or change your password.
Here are some examples of the wording used in these tactics:
- Your credit card has been used in fraudulent activities, update your details now.
- Open the attachment to see all of the people in your suburb with Covid19.
- Click here to claim your $200 shopping voucher.
- Like, share and comment to go in the draw to win a $50,000 car.
- Unsubscribe from this mailing list.
- You can jump the queue for your Covid19 vaccine, click here.
- Account Deactivation Notification – click here to confirm your details.
- You have a new connection request on LinkedIn – click here to find out more.
- Password change notification – your account has been compromised.
- Congratulations! You have won a computer – click here to claim your prize.
For more information on KnowBe4, visit www.knowbe4.com.
*Phishing – malicious emails. Smishing – malicious SMSs. Vishing – malicious phone calls (live or recorded)
-ends-
About the Research
This study was conducted online between the 2nd – 7th December 2021. The sample comprised of: 1,045 Australian office workers (any industry), 204 Australian IT decision makers (any industry), 1,012 Singaporean office workers (any industry) and 200 Singaporean IT decision makers (any industry). YouGov designed the questionnaire. Following the completion of interviewing, the office workers data was weighted by age, gender and region to reflect the latest population estimates in Australia and Singapore.
About KnowBe4
KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, is used by more than 47,000 organizations around the globe. Founded by IT and data security specialist, Stu Sjouwerman, KnowBe4 helps organizations address the human element of security by raising awareness about ransomware, CEO fraud, and other social engineering tactics through a new-school approach to awareness training on security. Kevin Mitnick, an internationally recognized cybersecurity specialist and KnowBe4’s Chief Hacking Officer, helped design the KnowBe4 training based on his well-documented social engineering tactics. Tens of thousands of organizations rely on KnowBe4 to mobilize their end users as their last line of defense.