In a test administered by the network security company McAfee, most business users were tricked at least once by phishing email, with employees in accounting, finance and human resources faring the worst in detecting fraud, the company said in its latest quarterly threat report.
“Of the 16,000 business users who have taken the test, 80 percent fell for at least one phishing email,” McAfee said. “Although the respondents were not really in their own inboxes, we find this figure shockingly high.”iStock Computer
Users in the accounting and finance, and human resources departments, which all performed significantly worse in detecting the phishing threats, have access to the most sensitive data in their organizations, the report said. The percent of phishing samples that were correctly identified by these departments was about 60 percent, according to data in the report.
“Certainly there is a need for additional security education in these areas,” McAfee said.
Information technology and research and development departments did the best in the test, averaging closer to 70 percent in detecting fraudulent emails, the data showed.
The report said that most effective tactic in fooling email recipients includes the use of spoofed email addresses. In many cases official logos are also used as part of the phishing email, making the emails look more legitimate.
Human behavior remains critical in detecting phishing attacks.
“Although technology can assist in detecting malware and bad senders, much of the onus for detecting fraud lies with the email recipient,” McAfee said.
The report said the most significant security event of the second quarter of 2014 was the Heartbleed virus, which was publicly disclosed in April and affected more than 600,000 websites. McAfee said that within days of the disclosure, the security industry worked collaboratively to secure affected systems.
However, the report said, thousands of websites may still be vulnerable as many sites, applications and devices remain unpatched.
McAfee is part of computer chip maker Intel Corp. [INTC].