90% of UK workers surveyed have clicked on a web link embedded in an email with two-thirds (66%) admitting they very rarely first check to ensure the link is genuine, according to Sourcefire.
Not only does this expose the individual to a high risk of an IT security breach, it potentially leaves companies open to a hack attack as cybercriminal gangs target individuals to gain access to corporate networks and sensitive data.
The study identified three types of clicking behavior:
Compulsive clickers: 46% of surveyed workers fall into the Compulsive Clickers category. According to the research, 24-30 year olds are most likely to click on an unverified web link with 60% admitting that they always or often click.
Cautious clickers: 44% of those surveyed are Cautious Clickers who only occasionally click on a web link sent to them and when they do, 23% of them will check to see if the link is genuine. The most cautious are those in the 55+ age rage (47%).
Never clicks: Only 10% of those surveyed are in the Never Clicks category who say they would never click on a web link received via an email.
Dominic Storey, technical director EMEA at Sourcefire said: “It’s frightening to see how easily users can be duped into clicking what looks like an innocent web link, but which can actually give a hacker full control over the user’s computer in a matter of minutes without the victim knowing a thing about it.”
“For most organizations it’s a case of when they will be subjected to an IT security breach, not if. Professional cybercrime gangs are adept at social engineering using social media to develop a profile of an individuals’ interests and circle of friends to target them, often by pretending to be a friend or family member. They know often the easiest way into any corporate network is via the weakest link in the security chain of an organization – a staff member,” Storey added.
The issue of identity has never been more pertinent as more people are now shedding their real-world identities online and adopting digital personas. This makes it tricky to know whether an email received is from a “real’ person or a fraudster masquerading as a friend.
The study also revealed that 92% of those surveyed are more likely to trust a web link in an email if it came from a trusted source, yet only 34% of UK workers would always take precautions to ensure that the link is genuine. Worryingly, 5% of the sample stated that they never check to see if a link is genuine and 10% have no idea how to check. Almost twice as many women as men admitted they did not know how to check the origin of a web link (13% versus 7%).
The study was carried out by independent research firm Opinion Matters between 25th September and 2nd October 2013 and sampled 1,106 UK workers.