Why do people click on phishing links so quickly?

December 2, 2019 | Brigantia , Data Protection , Security ,

Written by

Someone asked me a question at a cybersecurity seminar recently. “What do you think has been the single biggest change to the business environment in recent decades?” I replied with the obvious answer, “Technology.” “Yes”, he said. “But what else?”

“Thinking time”, he said.

The essence of what we spoke about really stuck with me. He explained how, back in the 70s (I’m giving his age away a little), there would be at least 5 or 6 stages involved in producing a formal business document. The process started with a hand-written first draft proposal and ended with a typed, well-thought-out proposal that the business could move forward on, with several steps in between.

Fast forward to today and the business world has got a lot faster. Today, your boss sends you an email with a question, copying in a few other interested parties. In a few minutes, the phone rings and you are asked “What do you think?” So, you scan the email and give your instant answer. If you’d had more time to think it through you may have answered differently.

I’m being hypothetical here. But the reality is that staff are flooded daily with emails and expected to respond in very short timeframes. This manufactured sense of urgency can also be applied when it comes to phishing emails.

A report by KnowBe4 reveals that 55% of users will click on a phishing link in less than an hour. Why is that? One contributing factor, I certainly believe, is thinking time. Users are instilled with the need for a quick response. So, they automatically click on the link.  

Whether it’s your alleged CEO demanding urgent transfer of funds or your bank threatening “your account will be deleted unless you verify your details”, these high priority requests give us little time to think.

Has our business world gone backwards by getting faster?

I wouldn’t go that far. But perhaps the lack of consideration for thinking time is having a detrimental effect on our decision making, the rise of successful phishing attacks on businesses being a prime example.

So, what can you do about it?

To manage the problem of phishing, it is vital that businesses have a structured and regular cybersecurity awareness training program and implement regular phishing simulations. You can speak to us about how to do this.

Inspire your employees to take a little more time to think before they click.

You can read the full report by KnowBe4 here: https://blog.knowbe4.com/when-do-end-users-click-on-phishing-links.


Recommended reading

How Octiga makes managing your clients' Office 365 easier than ever before

Office 365 is becoming ubiquitous. It is linked to your client's data, employees, devices, processes, email, ...

Heimdal Threat Report 2023

Heimdal Security has published their Threat Report for 2023. 2022 was a very eventful year that had a ...

What does 2023 hold for us?

I have been asked to write about what is going to happen in 2023, where the biggest opportunities will be, ...