At The Identity Organisation, we're here to help!

    Or drop us a mail!

    Your privacy is important to us, and we want to communicate with you in a way which has your consent and which is in line with UK Law on data protection. As a result of a change in UK law on 25th May 2018, by providing us with your personal details you consent to us processing your data in line with current GDPR requirements.

    Here is where you can review our Privacy & GDPR Statement

    To remove consent at any time, please e-mail info@tidorg.com with the word "unsubscribe" as the subject.

    +44 (0) 1628 308038 info@tidorg.com

    New EU Phishing Study Shows That Crowd-sourcing Phishing Alerts Is Successful

    Time taken to report suspicious emails Source: Arxiv.org

    A Swiss phishing study involving roughly 15,000 participants in a 15-month experiment produced some interesting results. The study was run by researchers at ETH Zurich, working together with a company that remained anonymous. The company did not inform their employees about the simulated phishing program they were going to be part of. The four goals of the study were to determine:

    1. Which employees fall for phishing
    2. How vulnerability evolves over time
    3. How effective embedded training and warnings are
    4. Whether employees can do anything to help in phishing detection.

    The test deployed an email client “phish alert” button that employees to report suspicious emails easily, and then sent simulated phishing tests to employees’ work email address. 

    A few takeaways were that gender did not seem to matter much related to phishing susceptibility, and regarding repeat-clickers, 23.91% of those performing a dangerous action (enabling macros, submitting credentials), did it more than once. The research paper study showed that if an employee failed a phishing test and was sent voluntary training (i.e. the employee was not required to complete the training) that this does not work to improve security behavior. 

    Crowd-sourcing Turns Out To Be Feasible

    As stated, employees in the tested company were given a ‘Phish Alert‘ button in their email client to report suspicious messages.  In terms of the effectiveness of crowd-sourcing of phishing mitigation, the researchers looked into reaction time and flagging accuracy. 

    The user reports were accurate in 68% for phishing and 79% if spam is accounted for as well. The most active reporters reached an accuracy of over 80%. And here is an important point: the time for these reports to be submitted after reception was 5 minutes for 10% of the total volume and half an hour for 35% of the total number of reports.

    arvixdororg-reports

    “To apply these numbers to a hypothetical company of 1,000 employees where 100 of them are targeted by a phishing campaign, we would have between 8 and 25 reports of the email by employees—of which one within 5 minutes with high probability, and a larger number within 30 minutes,” details the paper.

    In other words, in case of an active attack, the SOC would get a user-generated warning in 5 minutes and is able to PhishRIP the message immediately. 

    Bleepingcomputer commented: “These findings show that utilizing a corporate-wide crowd-sourced phishing detection service [like PhishER] could significantly reduce the threat of phishing attacks. It is also important to note that such a system wouldn’t produce a sizable operational workload as a result, so a corporation implementing crowd sourced phishing protection wouldn’t incur much additional burden.  Also, the researchers concluded that there is no “reporting fatigue,” suggesting that crowd-sourcing anti-phishing data is feasible.

    We like it when scientific studies confirm what we have been saying here for a while…

    Live Demo: Identify and Respond to Email Threats Faster with PhishER

    With only approximately 1 in 10 user-reported emails being verified as actually malicious, how do you not only handle the phishing attacks and threats—and just as importantly—effectively manage the other 90% of user-reported messages accurately and efficiently? PhishER.

    phisher-01

    To learn how, get a product demonstration of the new PhishER Security Orchestration, Automation and Response (SOAR) platform. In this live one-on-one demo we will show you how easy it is to identify and respond to email threats faster:

    • Automate prioritization of email messages by rules you set that categorize messages as Clean, Spam, or Threat
    • Augment your analysis and prioritization of messages with PhishML, a PhishER machine-learning module
    • Search, find, and remove email threats with PhishRIP, PhishER’s new email quarantine feature for Microsoft 365 and G Suite
    • NEW! Automatically flip active phishing attacks into safe simulated phishing campaigns with PhishFlip. You can even replace active phishing emails with safe look-alikes in your user’s inbox.
    • Easily integrate with KnowBe4’s email add-in button, Phish Alert, or forwarding to a mailbox works too!
    Watch Now!

    PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/phisher-request-a-demo-partner?partnerid=001a000001lWEoJAAW

    Sign Up to the TIO Intel Alerts!

    Back To Top