According to the most recent Verizon data breach report, a phishing email is often the first phase of an attack. That’s because it works well, with 30 percent of phishing messages opened, but only 3 percent reported to management.
But when employees are trained on how to spot phishing emails, and then get tested with mock phishing emails, the percent who fall victim decreases with each round.
Of course, it’s impossible to get to a zero response rate. The criminals are becoming extremely clever with their messages. Fortunately, it’s not necessary. If enough employees forward phishing emails to security, then the company becomes aware that it is the target of a campaign, and be prepared to deal with those messages that do slip through.