New research commissioned by Sourcefire has revealed that 90% of UK workers surveyed have clicked on a web link embedded in an email with two-thirds (66%) admitting they very rarely first check to ensure the link is genuine. Not only does this expose the individual to a high risk of an IT security breach, it potentially leaves companies open to a hack attack as cybercriminal gangs target individuals to gain access to corporate networks and sensitive data.
The study identified three types of clicking behaviour:
• Compulsive Clickers: 46% of surveyed workers fall into the Compulsive Clickers category. According to the research, 24–30 year olds are most likely to click on an unverified web link with 60% admitting that they always or often click.
• Cautious Clickers: 44% of those surveyed are Cautious Clickers who only occasionally click on a web link sent to them and when they do, 23% of them will check to see if the link is genuine. The most cautious are those in the 55+ age rage (47%).
• Never Clicks: Only 10% of those surveyed are in the Never Clicks category who say they would never click on a web link received via an email.
The issue of identity has never been more pertinent as more people are now shedding their real-world identities online and adopting digital personas. This makes it tricky to know whether an email received is from a ‘real’ person or a fraudster masquerading as a friend.
The study also revealed that 92% of those surveyed are more likely to trust a web link in an email if it came from a trusted source, yet only 34% of UK workers would always take precautions to ensure that the link is genuine. Worryingly, 5% of the sample stated that they never check to see if a link is genuine and 10% have no idea how to check. Almost twice as many women as men admitted they did not know how to check the origin of a web link (13% versus 7%).
The study was carried out by independent research firm Opinion Matters between 25th September and 2nd October 2013 and sampled 1,106 UK workers.
Dominic Storey, technical director EMEA at Sourcefire “It’s frightening to see how easily users can be duped into clicking what looks like an innocent web link, but which can actually give a hacker full control over the user’s computer in a matter of minutes without the victim knowing a thing about it.
For most organisations it’s a case of when they will be subjected to an IT security breach, not if. Professional cybercrime gangs are adept at social engineering using social media to develop a profile of an individuals’ interests and circle of friends to target them, often by pretending to be a friend or family member. They know often the easiest way into any corporate network is via the weakest link in the security chain of an organisation – a staff member.
On a positive note, this survey shows that nearly one third of UK workers are checking the web link is genuine by hovering their mouse over the link so clearly the message is beginning to get through.”