What Traps Do Employees Fall for in Phishing Simulations?

June 03, 2022

Phishing has been the reigning champion of data breach risks for three consecutive years because it’s versatile, cheap for cybercriminals to run and highly effective. Every day, employees are inundated with dangerous messages, and some are harder for employees to spot than others, opening their employers up to trouble if a tricky message slips through. An estimated  97% of employees are unable to detect a sophisticated phishing message. Cybercriminals are more than happy to press their advantage by crafting sophisticated messages that can easily slip under an employee’s radar. But phishing simulations paired with strong email security can help stem the tide of phishing risk that businesses face today.  


Explore today’s biggest threats & what’s next in The State of Email Security 2022 GET IT>>


Employees Will Click Suspicious Links & Download Dodgy Attachments 


Cybercriminal gangs are always looking for ways to maximize efficiency, and phishing fits the bill. It’s the cheapest, easiest and most effective way to penetrate a company’s security. The bad guys know this, and they’re constantly evolving their attacks to create compelling phishing messages. Interacting with a phishing email is the most likely scenario that an employee will cause a security breach, and unfortunately, cybercriminals are very good at enticing employees to do just that. 


Learn the secret to ransomware defense in Cracking the RANSOMWARE Code. GET BOOK>>


Combine Two Security Powerhouses to Avoid Phishing Trouble


Businesses must treat phishing as a clear and present danger to their continued success. That puts taking action to reduce phishing risk and prevent phishing messages from reaching employees mission-critical for any organization’s defensive posture. A two-pronged approach to solving this problem can go a long way toward closing security gaps and putting businesses in a strong position to defend against cyberattacks today and tomorrow. 


Engage in Phishing Simulations to Train Employees to Resist Phishing 


Security and compliance awareness training is an affordable and effective way to reduce a company’s cyberattack risk across the board. It may not sound very exciting, but the results of training sure are. This one simple security measure is powerfully effective in preventing employees from falling for cybercriminal tricks that lead to disasters like ransomware, credential compromise, business email compromise and more. It also prevents employees from making expensive compliance mistakes. Organizations that engage in regular security awareness training have 70% fewer security incidents than those who don’t – and no company can afford to pass up that massive security benefit.  

One essential tool that a good security and compliance awareness training solution will offer is the ability for businesses to engage in phishing simulations. This is a practical, hands-on way to teach employees how to spot phishing threats using simulations of threats they might actually encounter at work. A quality training solution will offer trainers a variety of options that enable them to run effective simulations that reflect the threats that employees face every day. Phishing simulations are also called campaigns. Typically, trainers running phishing simulations can choose between using a pre-made campaign kit from their solution’s library or fully customizing the content for each campaign including attachments and URLs to realistically simulate the unique threats that endanger their organization.   


AI is the secret weapon you’re looking for to boost business email security. SEE WHY>>


What Messages Are Likely to Reel in Employees in Phishing Simulations? 


Taking a look at the results of effective phishing simulations can offer businesses an opportunity to see just which cybercriminal tricks are likely to ensnare employees. This 2021 data from a leading phishing simulation solution provides a valuable look at the phishing messages that convinced employees to take the bait. BullPhish ID by ID Agent is used by organizations of all sizes in a wide variety of industries. Analyzing the results of thousands of phishing resistance training sessions and phishing simulations with BullPhish ID illustrates the degree to which phishing is an ongoing challenge to conquer


See more data like this that illustrates today’s threats and tomorrow’s in The Global Year in Breach 2022.


2021 BullPhish ID phishing resistance training totals    

    Total number of training campaigns created – 81,484 

    Total number of phishing simulation emails sent – 2,424,762   

    Total number of clicks on phishing simulation emails – 106,670 

Top 3 security awareness training courses of 2021 

    Phishing: Introduction to Phishing – 150,163 created trainings 

    How to Avoid Phishing Scams – 129,666 created trainings 

    Phishing: The Dangers of Malicious Attachments – 100,265 created trainings 

Top phishing simulation campaigns that successfully drew employee interaction   

    Office 365 – Suspicious Login – 10,879 clicked   

    FedEx – Package Delivery – 6,535 clicked   

    Google Docs – Invitation to Edit – 4,492 clicked   

Top phishing simulation campaigns that captured credentials & data    

    FedEx – Package Delivery – 2,056 captures   

    Office 365 – Suspicious Login – 1,736 captures   

    COVID-19: SharePoint Webinar – 1,440 captures  

Top 10 industries where employees failed a phishing simulation and supplied their credentials 

  1. High-Tech & IT — 3,755    
  1. Medical & Healthcare — 3,504  
  1. Other — 4647  
  1. Manufacturing — 1,801    
  1. Non-Profit Organization — 1,758   
  1. Education & Research — 1,522  
  1. Finance & Insurance – 1,239  
  1. Business & Professional Services – 1,144  
  1. Retail & Ecommerce — 1,046  
  1. Legal — 704 

Total number of credentials submitted in simulations in 2021 — 23,353 


Learn how to add to your security team without adding to your headcount. FREE EBOOK>>


Eliminate More Threats with Powerful, Automated, API Email Security   


Strong email security is essential, but many companies are relying on email security solutions that don’t get the job done, like onboard security in Microsoft 365 or an old-fashioned SEG. That often leads to major phishing-related security trouble. In a new study from Osterman Research, 89% of IT professionals said their organizations had experienced one or more successful email security breaches in the last 12 months. Even more worryingly, less than half of the organizations studied reported that they can block the delivery of email threats.   

Application Program Interface (API) based email security is the answer. Organizations that choose automated API-based email security enjoy a host of advantages including huge cost savings, lower false positive rates and a major security boost as well as the innate benefits of cloud-native architecture. In fact, automated email security is up to 40% more effective at spotting and stopping malicious messages than a SEG or conventional security, giving businesses an invaluable advantage in the fight against phishing.  


Still relying on an old-fashioned SEG? See why Graphus is better! SEE THE COMPARISON>>


Graphus Catches Threats Before They Reach Employees


As you can see, these advantages and many more make this the perfect time to invest in affordable, powerful API email security with Graphus. Choose AI-powered, automated email security to quickly and efficiently protect your company from some of today’s nastiest phishing-related cyberattacks and you’ll enjoy the peace of mind that comes from knowing that you’re blocking sophisticated phishing messages before users see them.  

  • Forget old-fashioned safe sender lists. Graphus analyzes the content of messages using more than 50 points of comparison to suss out fakes fast. 
  • Don’t waste time on fussy configuration or adding threat reports. AI does that for you, getting everything up and running with just a few clicks and minimal maintenance.   
  • Click here to watch a video demo of Graphus now. 

Stay safe from even the most sophisticated cyberattacks and social engineering scams

Put the powerful TrustGraph® AI of Graphus to work for your business, and in minutes you’ll get a powerful, easy-to-use, and customizable EmployeeShield® against phishing attacks.
Get a Demo of Graphus