Millennials most likely to fall for phishing attacks – survey
A new survey by Censuswide for Datapac has found that millennials (17%) were most often victims of a phishing attack compared to 6% of Gen X and 7% of Baby Boomers.
The survey found that 14% of Irish office workers – approximately 185,0002 people – have fallen victim to a phishing scam at some stage.
Phishing is a tactic used by cybercriminals which involves sending emails that appear to come from genuine sources, that encourage users to reveal confidential information, such as banking details or sensitive company data, which is then used fraudulently. Phishing can have a major impact on the victim and their company, with hackers gaining a foothold into the corporate system. This can lead to a breach of customer data, the loss of confidential company information, and could leave organisations vulnerable to fines under GDPR.
The survey findings revealed significant differences in phishing awareness among different age groups. Millennials (aged 23-41) were found to be the most confident age group in their ability to detect an e-mail scam – just 14% said they were not confident they could detect a fraudulent phishing e-mail. This rises to 17% for Generation X (aged 42-53) and to just over one-quarter (26%) for baby boomers (aged 54 and over).
Conversely, the findings also reveal that more than twice as many millennials (17%) have fallen victim to a phishing scam than members of Generation X (6%) or baby boomers (7%).
Karen O’Connor, general manager, Datapac, said: “Despite millennials’ confidence in their ability to spot an email scam, they were in fact found to have been victims most often. This confidence may stem from complacency and emphasises the need for employers to provide cybersecurity training and ongoing refresher training to ensure all staff remain alert.”
On the other end of the spectrum, senior employees are also regularly the focus of hackers attention, with almost half (48%) of Generation X and 36% of baby boomers revealing that they have been targeted by a phishing attack.
Some 44% of baby boomers admitted to clicking on a link or attachment in an e-mail from a sender they didn’t recognise – significantly more than millennials (34%) and Generation X (26%). This unadvised cyber practice puts both individuals and organisations at a much greater risk of experiencing a data breach through phishing.
The survey also explored the extent to which employers provided IT security and awareness training to staff. Only 20% of workers said they never received such training. An additional 20% said they received training either less than once a year or only once during their induction.
O’Connor continued: “Phishing is not just a problem for the IT department to solve, but is an organisational issue requiring cross-department buy-in. Operational and HR teams play a crucial role in creating a culture of awareness. Under GDPR, organisations are obligated to put in place adequate safeguards for customer data, making this a key business concern. User awareness training should be provided on an ongoing basis in the same way as other vital employee training such as health & safety.
“Cyber education delivered only at an induction level, doesn’t accommodate long-standing and senior employees, who, as the survey shows, are in most need of security refresher courses. Technology can play a part in addressing phishing in a cost-effective way by educating and testing all end users through automated attack simulations and continued interactive security awareness training. A chain is only as strong as its weakest link and, as attacks become more prevalent, businesses must make every effort to educate all employees on the very real threat of phishing.”