Why do people click on phishing links so quickly?
Someone asked me a question at a cybersecurity seminar recently. “What do you think has been the single biggest change to the business environment in recent decades?” I replied with the obvious answer, “Technology.” “Yes”, he said. “But what else?”
“Thinking time”, he said.
The essence of what we spoke about really stuck with me. He explained how, back in the 70s (I’m giving his age away a little), there would be at least 5 or 6 stages involved in producing a formal business document. The process started with a hand-written first draft proposal and ended with a typed, well-thought-out proposal that the business could move forward on, with several steps in between.
Fast forward to today and the business world has got a lot faster. Today, your boss sends you an email with a question, copying in a few other interested parties. In a few minutes, the phone rings and you are asked “What do you think?” So, you scan the email and give your instant answer. If you’d had more time to think it through you may have answered differently.
I’m being hypothetical here. But the reality is that staff are flooded daily with emails and expected to respond in very short timeframes. This manufactured sense of urgency can also be applied when it comes to phishing emails.
A report by KnowBe4 reveals that 55% of users will click on a phishing link in less than an hour. Why is that? One contributing factor, I certainly believe, is thinking time. Users are instilled with the need for a quick response. So, they automatically click on the link.
Whether it’s your alleged CEO demanding urgent transfer of funds or your bank threatening “your account will be deleted unless you verify your details”, these high priority requests give us little time to think.
Has our business world gone backwards by getting faster?
I wouldn’t go that far. But perhaps the lack of consideration for thinking time is having a detrimental effect on our decision making, the rise of successful phishing attacks on businesses being a prime example.
So, what can you do about it?
To manage the problem of phishing, it is vital that businesses have a structured and regular cybersecurity awareness training program and implement regular phishing simulations. You can speak to us about how to do this.
Inspire your employees to take a little more time to think before they click.
You can read the full report by KnowBe4 here: https://blog.knowbe4.com/when-do-end-users-click-on-phishing-links.