Almost every cybersecurity lecture involves at least a few slides on phishing. The concept seems basic enough that even a child should be able to avoid it, yet it’s still covered in-depth by professionals at all levels. It’s natural to wonder whether phishing is a real problem in an increasingly sophisticated online world, and whether the tactics described by concerned lecturers actually work on anyone. The truth is a bit more frightening than you might think, and taking the time to analyze why phishing tactics work can give you a great deal of insight into the need for greater security education.
Is it Real?
If you’re wondering if phishing is real, you’ll just need to look at the raw numbers. According to at least one study, around eight percent of all American internet users had their antivirus software and/or e-mail filters triggered by a phishing attempt. Phishing is easy, sometimes quite unsophisticated, and often relatively difficult to detect. The fact that eight percent of users reported encountering an attempt only tells you the number of attempts that were actually caught. This puts phishing in a unique category of being incredibly prolific, while still almost certainly incredibly under-reported.
Do Phishing Tactics Work?
The short answer is a definitive yes. If they didn’t work, there wouldn’t be conversations about phishing. While it may seem that phishing is an attractive topic to bring up because it is so technologically simple, the reality is that phishing is a type of malicious activity that users are both likely to encounter and that a fair number are likely to fall for. Phishing attempts may not make up all – or even the bulk – of the causes of data breaches in company around the world, but attempts are successful enough that they certainly cause problems for businesses and individuals.
Why Does Phishing Work?
Phishing works because an increasing number of people are using online applications who have absolutely no experience dealing with cybersecurity issues. Phishing has been a problem as long as there have been official accounts to spoof, of course, but as more users turn aspects of their lives to online services, more attempts can be made. Phishing services have become increasingly sophisticated, and even the most basic attempts can still defraud users who are simply uneducated about the tactics used. It’s easier to get caught by a scam than you might think, especially if you aren’t usually careful with your online security.
Does phishing work? Of course. It’s an attractive, low-tech way for those with low moral fiber to get access to data and funds. While it might seem like only an idiot could fall for these scams, remember that most people don’t have the background knowledge to detect the attempts in the first place. If you are willing to put yourself in the shoes of an unskilled user, you can begin to see how phishing is not only effective, but also quite frightening. Phishing rightfully deserves its place in the pantheon of major cybersecurity threats.