Contactez-nous Suivez-nous sur Twitter En francais English Language

De la Théorie à la pratique

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN



Phishing in a Pandemic: Over 1 in 5 of UK Workforce Received a COVID-19 Phishing Email

September 2020 by Webroot

Global cybersecurity company Webroot, an OpenText company, released a new report, COVID-19 Clicks: How Phishing Capitalized on a Global Crisis, which reveals that over one in five (22%) UK employees received a phishing email related to COVID-19.

With 56% of UK respondents admitting that they have increased the amount of time they spend working from home, and employees globally receiving 34% more emails than this time last year, it’s fair to say remote work fatigue and increased distractions may increase vulnerability to phishing.

Nick Emanuel, Sr. Director of Product at Webroot, said: “With mass work from home, an influx of emails and a general ‘always connected’ attitude, there are more opportunities for cybercriminals than ever before. Businesses and consumers must prioritize cyber resilience and recognise that it is everyone’s responsibility to protect their data.”

The report also suggests companies and consumers are falsely confident when it comes to cybersecurity, with three quarters of UK respondents (75%) believing that they know enough to keep themselves and their personal data safe from a cybersecurity attack, the highest level of confidence amongst surveyed countries. This contradicts the 66% of respondents who admit to opening emails from unknown senders, which goes against cybersecurity best practices.

“People are on guard more with the pandemic, with many at home reading and watching the news, frequently receiving more content on the internet and on social, and sharing news – fake or true – at a higher rate,” said Dr. Prashanth Rajivan, Assistant Professor at the University of Washington. “At the same time, people are also taking increased personal safety measures by social distancing and wearing masks. Together, these actions may be creating a false sense of confidence among employees that they’re more prepared to spot a phishing attack than they really are.”

UK Findings:

Companies and consumers are falsely confident when it comes to cyber safety. Despite knowing the risks, they’re still taking chances with data, impacting their ability to achieve cyber resilience:
• UK is the most cyber-confident nation – 75% of us believe we know enough to keep ourselves and our personal data safe from a cybersecurity attack
• 3 in 4 say they know enough to keep themselves and their personal data safe from cyberattacks, and 8 in 10 say they take steps to determine if an email message could be malicious
• But despite that, 1 in 4 have clicked a phishing link in the last year. The global average is 3 in 10. Of UK respondents who were phished, 9% never reported it

Workers in the UK don’t have stellar cyber resilience habits. In fact, more education and prevention measures are needed to achieve cyber resilience, especially as the future of work includes remote workers who are accessing company resources from personal or shared public networks:

• 66% of respondents click emails from unknown senders regularly
• 1 in 4 workers use their personal devices for work. An additional 13% of UK respondents use their work devices for personal matters, while 35% do both
• 71% don’t back up their data. Yet 36% have needed to recover lost files since the pandemic began
• Only 24% think all employees should play a role in their company’s cyber resilience, yet 69% seem to believe their companies are resilient against cyberattacks

Impacts of COVID-19 and Working from Home:
• Worldwide respondents received approximately 34% more emails than last year. More emails mean more opportunity for attack and more cognitive load to discern what’s legitimate and what’s a fraudulent request
• More than half (56%) have increased the amount of time they spend working from home
• Only 24% say their companies increased cybersecurity training during the pandemic, despite an influx of attacks and more risk associated with a distributed workforce
• 1 in 3 (34%) are more concerned about phishing now than they were at the beginning of the year
• 1 in 5 (22%) have received phishing emails specifically related to COVID-19

See previous articles


See next articles