Many workers are overconfident at spotting phishing attacks

News
By published

Overconfidence creates a false sense of security, report warns

person at a computer
(Image credit: Photo by Jefferson Santos on Unsplash)
  • KnowBe4 surveyed employees around the world to gauge their confidence in spotting phishing
  • Many confident people have also fallen victim in the past
  • Education and transparency are key to combating phishing, researchers said

Despite being confident in their ability to spot phishing, many employees still fall for such scams, new research has claimed.

A report from KnowBe4 warns about “misplaced confidence” which can cause even more problems for businesses, showing almost all (86%) of respondents believe they can confidently identify phishing emails.

Yet more than half (53%) fell victim to some form of social engineering scams: 24% fell for a phishing attack, 17% were tricked by a social media scam, and 12% were tricked by a deepfake scam.

High confidence often leads to victimization

Employees in South Africa lead the way in both the highest confidence levels and highest scam victimization rate (68%), KnowBe4 explains, hinting that misplace confidence can create a false sense of security.

At the other end of the spectrum are UK employees, who reported the lowest scam victim rate (43%). However, this figure too is down 5% compared to 2021, indicating that vulnerability is rising even in regions with historically high confidence levels.

Training is paramount to combating phishing and social engineering, KnowBe4 says, adding that “fostering a transparent security culture” is equally important. While more than half (56%) of employees feel “very comfortable” reporting security concerns, 1 in 10 still hesitate, either out of fear, or uncertainty.

“The Dunning-Kruger effect, which is a cognitive bias where people overestimate their ability, is alive and well in cybersecurity,” commented Anna Collard, SVP Content Strategy & Evangelist at KnowBe4.

“This overconfidence fosters a dangerous blind spot - employees assume they are scam-savvy when, in reality, cybercriminals can exploit more than 30 susceptibility factors, including psychological and cognitive biases, situational awareness gaps, behavioral tendencies, and even demographic traits.”

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
Read more
Fraude en ligne phishing
Phishing clicks nearly tripled in 2024 as criminals aim for smarter attacks
A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system
Everything you need to know about phishing
Fraude en ligne phishing
Google forced to step up phishing defenses following ‘most sophisticated attack’ it has ever seen
Phishing
Corporate executives are being increasingly targeted by AI phishing scams
Best email services: image of email with one unread message alert
Over 400 million unwanted and malicious emails were received by businesses in 2024
Paper craft illustration of a suspicious email that contains a snake
How to spot a phishing email
Latest in Security
person at a computer
Many workers are overconfident at spotting phishing attacks
Data Breach
Thousands of healthcare records exposed online, including private patient information
China
Juniper patches security flaws which could have let hackers take over your router
Representational image depecting cybersecurity protection
GitLab has patched a host of worrying security issues
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.
AI agents can be hijacked to write and send phishing attacks
China
Volt Typhoon threat group had access to American utility networks for the best part of a year
Latest in News
person at a computer
Many workers are overconfident at spotting phishing attacks
Google Pixel 8a in aloe green showing
Google Pixel 9a benchmark link teases the performance of the upcoming mid-ranger
Quordle on a smartphone held in a hand
Quordle hints and answers for Monday, March 17 (game #1148)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Monday, March 17 (game #379)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Monday, March 17 (game #645)
Apple iPhone 16 Pro HANDS ON
Leaked iPhone 17 dummy units may have given us our best look yet at all four models
More about security
Money

Financial leaders still rely on regular tools like Excel for automation tasks over AI
Half man, half AI.

Generative AI has a long way to go as siloed data and abuse of its capacity remain a downside – but it does change the game for security teams
A cloud symbol imposed over a bank of servers in a data center.

What is cloud hosting and who needs it?
See more latest
Most Popular
BraX3
This obscure brand wants to launch the most privacy-friendly smartphone ever without Google, but with a mysterious open-source OS at its core
HAMR
Seagate reportedly sold two billion GBs worth of storage to two of the world's largest tech companies
Google Pixel 8a in aloe green showing
Google Pixel 9a benchmark link teases the performance of the upcoming mid-ranger
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Monday, March 17 (game #645)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Monday, March 17 (game #379)
Quordle on a smartphone held in a hand
Quordle hints and answers for Monday, March 17 (game #1148)
Oracle
Bluehost owner is moving to Oracle Cloud, so could thousands of websites be about to migrate?
Money
Financial leaders still rely on regular tools like Excel for automation tasks over AI
Two examples of the Asus Fragrance Mouse MD101 sitting on a table
Your next computer mouse could have a fragrance compartment for aromatherapy oils – and this Asus idea is nothing to sniff at
Apple iPhone 16 Pro HANDS ON
Leaked iPhone 17 dummy units may have given us our best look yet at all four models