Data shows that 25-44 year olds are the most likely to receive a phishing message – but 35-44 year olds are most likely to click it.
A survey from the Office for National Statistics revealed that 35-44 year olds are the most likely age group to be targeted by phishing attacks, with the 25-34 year old age group not far behind.
60% of 35-44 year olds and 58% of 25-34 year olds reported having received a message that may have been phishing, while 5% of 35-44 year olds said they had either replied to or clicked on a link, compared to 2% of 25-34 year olds.
The finance industry was the most targeted in phishing attempts in the first quarter of 2022, seeing almost a quarter (23.6%) of total phishing attacks recorded worldwide. This was followed by software as a service (SaaS) and webmail at 20.5% and e-commerce and retail at 14.6%.
Aiming to improve peoples’ awareness of phishing for National Cyber Security Awareness month in October, information security business Hicomply shared advice for businesses.
Zoe Grylls, head of services at Hicomply, said: “Cyber criminals rely on creating a sense of urgency, so there are some key things that your employees can look out for to recognise a phishing attempt. Is the subject line alarming? Is the content designed to evoke emotion? Curiosity, fear and helpfulness are all used to create urgency so the recipient takes action immediately.
“For businesses, it’s important to invest in training. Run regular simulated phishing attacks, with targeted training if needed. Assess your organisational security awareness and use the results to decide on future training modules for your staff. You can also use tools from dedicated cybersecurity businesses like KnowBe4 or Cofense, which provide a phishing alert button employees can use to flag suspicious emails – you can then blacklist those reported email addresses if they are potentially harmful senders.”
Research company Statista found that phishing and its variations (smishing, vishing and pharming) were the most commonly reported cybercrimes worldwide in 2021, with 324,000 reports. This was almost four times the amount of non-payment/non-delivery reports, which was the second most commonly reported cybercrime with 82,500 reports.