To Click or Not to Click? That Is the Question.


Subject: Please Confirm Your Account Information

Dear Trusted Customer,

This e-mail is to inform you of a recent update we made to our systems. To avoid service interruption, please take a moment to confirm your account by going to the following address: http://this-is-definitely-a-fake-email .


If you saw this e-mail in your inbox, would you click on the link? Or would you recognize it as a phishing e-mail fraudulent but pretending to be from a trustworthy entity?

According to information technology security company KnowBe4, the answer may depend on whether you’re a man or a woman.

Through an analysis of more than 200,000 phishing e-mails sent during a 30-day period, KnowBe4 found that men are twice as likely to fall for phishing attacks as women. When tested over the course of a 120-day period—by requesting information via phishing emails—men were 225 percent more likely to provide their credentials than women, KnowBe4 said.

As for companies in general, KnowBe4 found that, on average, 16 percent of employees are prone to being phished. But after training, and practice with simulated phishing attacks, the likelihood of employees being fooled dropped all the way down to 1 or 2 percent. 

In a real-life phishing simulation, the U.S. Postal Service found that more than a quarter of 3,125 employees who were tested clicked on a fake phishing link. Furthermore, more than 90 percent of the fooled employees didn’t report the incident, according to the USPS Office of Inspector General

To avoid data breaches and effectively deal with cyberattacks, industry professionals agree that preparation and employee education are essential. Promoting digital hygiene and identifying employee vulnerabilities—such as careless workers—can help prevent a crisis. 

To keep up with the constantly evolving world of privacy and security, sign up for the Bloomberg BNA Privacy and Security Update.