- Darktrace survey shows US workers are overconfident in spotting phishing
- 80% felt safe, but only 32% passed the real-world test.
- AI makes phishing harder to detect; Experts say conventional training lacks personalization and measurable impact.
Many American workers believe they are pretty good at identifying phishing emails in their inboxes, but the reality is different, new research claims.
Darktrace recently surveyed 1,000 US office workers and around 430 IT and security decision makers on security awareness training and actual preparedness for modern phishing attacks, and found that four in five (80%) were confident in their ability to spot a phishing email in their daily work.
However, after using realistic messages in a real-world test, only a third (32%) were able to detect the attack.
Article continues below.
Safety training is failing workers
Phishing has evolved dramatically in recent years. Before the emergence of AI, one could detect a phishing email simply by reviewing it, as attackers are rarely native English speakers and messages would come with spelling and grammatical errors, as well as clumsy language construction.
Nowadays, with AI doing most of the writing, correctly identifying a phishing email is more difficult, but not impossible.
Checking the sender’s domain, analyzing links before clicking, and looking for telltale signs like a sense of high urgency or threats are still a solid technique.
Researchers said last year that more than a third (38%) used “novel social engineering techniques, likely enabled by AI” in their attacks, suggesting the landscape is evolving rapidly.
The report also says that security professionals are “not very convinced” that conventional security awareness training is on par with modern phishing. The majority (62%) agree that it is effective in preparing employees to identify phishing attempts, but only 11% “strongly agree” and only 2% say they see “no limitations to conventional training.”
The biggest limitations are a lack of personalization (31%), focusing on failure (27%), and being too difficult to measure in a meaningful way beyond completion or click-through rates (23%).
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
