Why do phishers waste their time with such obvious phishing scams when they can do so much better?
One possible answer: They don’t have to do better. They send out so many emails that they only need a very low percentage of people to click. And people always do. In fact, if phishing emails became more effective, phishers might get too many clicks and might not be able to process it all!
To break into an organization, all the phishers need to do is to catch just one person. They don’t need to overphish the seas. Victims are plentiful enough!
Don’t assume that people won’t fall for obvious phishing scams — they do. That’s why it is essential to train people. I am pleased to announce that TeachPrivacy now is offering a phishing simulator service. We’ve teamed up with QuickPhish to provide a platform where organizations can conduct simulated phishing exercises for their workforce. A great way to teach people not to fall for phishing emails is through direct experience. When people wrongly click, our training can follow to teach them how to improve.
* * * *
This post was authored by Professor Daniel J. Solove, who through TeachPrivacy develops computer-based privacy training, data security training, HIPAA training, and many other forms of awareness training on privacy and security topics.
Our New Phishing Training Course
(~5.5 minutes long)
See this course and our library of phishing,
social engineering, and data security courses.