Arrow back

Your Email isn’t Protecting You from Phishing, Study Finds

06 August, 2019

It will come as little surprise to anyone who’s ever received a suspect looking invoice, but the major technology firms - including Apple, Google and Microsoft - are failing to protect users from phishing email threats.

The confirmatory news-flash comes from Plymouths Centre for Security, Communications and Network (CSCAN), who set about finding what action the big tech firms were taking to protect users and businesses from phishing threats.

Their research reveals shocking flaws in the automatic detection software employed across the major email service providers, but first, it’s vital to understand what ‘phishing’ actually is.

What is Phishing?

Phishing emails are, quite simply, the most common way for cybercriminals to steal your personal information like credit card details or password information.

Phishing attacks are conducted through emails which are carefully designed to look just like the real thing. Oftentimes, they’ll use urgent language to force you through to a page which is designed to harvest your personal information. From there, compromising your accounts is as simple as inputting the details you provided.

The threats are even more significant to businesses, with phishing emails posing one of the biggest threats to any organisation.

What did the Study Find?

Plymouth's Centre for Security, Communications and Network started by sending two sets of messages to ‘victim accounts’, using email templates pulled from the archives of reported phishing attacks.

The first of those emails was simply plain text, with no links included. The second set of emails had all the original links in place, pointing to their original destination.

Researchers then studied which emails made it through to users inboxes and whether users were warned that these emails were malicious. The result? Well, it certainly doesn’t reflect well on the big tech firms.

75% of the phishing emails without links and 64% of those with links made their way into the target inboxes. Even worse, only 6% of those emails were marked as malicious.

Commenting on the findings, Bob’s Business CEO Melanie Oldman said: “This study only further illustrates how, when it comes to phishing, we can’t trust technology alone to protect us. With instances of ever-more sophisticated phishing attacks on the rise, all businesses should implement simulated phishing training to educate staff on the risks associated with phishing emails before they cause significant harm”.

What can you do to Avoid Phishing Attacks?

The key to avoiding phishing attacks is raising awareness and creating a secure culture. Whether in your personal life or in a business environment, being aware of the telltale signs of a phishing email can make all the difference.

We’ve written extensively on how to spot a phishing email in the past. For those short on time though, we’ve included seven ways to spot a phishing email here:

  1. Check the sender's email address - Phishing email addresses often give themselves away with misspellings or odd strings of letters and numbers.
  2. Check the spelling and grammar of the email - Phishing emails commonly feature spelling or grammatical errors. No serious business would send out an email with a grammatical error.
  3. Look for odd use of imagery - Blurry, old or oddly laid out imagery might be a giveaway that an email isn’t from a legitimate source.
  4. The email is designed to push you into a rash decision - Many phishing emails are designed to encourage you to make a decision you’ll later regret. Always take time to carefully read an email before you do anything.
  5. The email sounds too good to be true - Much like phishing emails designed to cause panic, many phishing emails are built around good news, hoping you won’t think clearly about what you’re doing until it’s too late.
  6. Check the links - Most phishing emails try to get you to click on a link. Look closely at these links to spot fakery.
  7. Compare emails to legitimate versions - If the email is from a company you’ve interacted with in the past, compare the new email to the old one to look for discrepancies.

For businesses, the fastest and most reliable way of ensuring your staff are aware of the serious risks that phishing emails pose and how to mitigate them is to combine our award-winning eLearning course with our phishing simulation solution.

Back to resources

Ready to build your cybersecurity culture?

Whether you’re looking for complete culture change, phishing simulations or compliance training, we have solutions that are tailor-made to fit for your organisation.

Girl with laptop
Boy with laptop
man and woman with laptops
Global Cyber Alliance