Do People Really Fall for Email Phishing Scams? Oh Yes.

If you consider yourself a savvy email user, you probably have a hard time believing people actually fall for spam and phishing email scams. How can they not tell the email is fake?

Email scams are becoming increasingly sophisticated. We’ve seen some that spoof a company owner’s name, email address, and even email signature, complete with logo and headshot. As employees get savvier, so do the hackers.

Recently, a Now IT Connects client asked our team to test their employees’ email acuity. Here’s a look at what happened.

Something’s Phishy

The Now IT Connects team designed a phishing email that spoofed one of the company’s leader’s emails. The email looked as if it came from the leader and used their name in the From line of the email. The email asked employees to submit their network username and password through a link in the email. The link appeared to be the login page for the company network, but that was fake as well. If employees took the bait, it would allow us to capture their network credentials and log into the company’s actual network.

. . . or Not

The email looked as though the boss was asking for an employee’s credentials, which seems legit. But reassuringly, 93 percent of employees thought the email looked phishy and ignored it.

However, 7 percent of employees took the bait! Of that number, four actually tried to submit their credentials to the fake login page. Fortunately, none of them remembered their credentials, so no sensitive data was compromised.

The Debrief

After our test, our customer asked us to come in and speak with their team. We explained that the email was indeed a fake, but that some people in the company fell for it. Then, we helped everyone understand what to look for when judging whether or not an email is legitimate. The test was a real-world example of how easy it is to be tricked by a phishing or spam email.

Now IT Connects offers these email tests to anyone who would like to evaluate the email acumen of their staff. You do not have to be a current client of ours to take advantage of this valuable service. If you’d like to schedule an email test for your company, contact Now IT Connects today.