Can anyone say anything new about the problem of people opening spam- and malware-laden email, even after being warned and re-warned, trained and re-trained? Perhaps.
Halon Security, which this week is highlighting its new Halon VApp, providing automated security for VMware users, also released results from a recent email security survey it carried out with TNS. The survey of 1,000 adult U.S. consumers found that 30 percent of respondents admitted they have opened suspicious, unsolicited emails. But we want to know why. Why do they keep at it? Has the information about how to spot the dangerous messages missed the mark? Are they unaware of the risk? Hardly.
Respondents know they’re being spammed, and they’re knowledgeable about the fact that the spam isn’t all coming in through email; text, phone and social media spam is well-known, also. And red flags are standing out to recipients on a regular basis: Weird subject lines (over 70 percent note them), or an all-caps subject (43 percent) don’t go unnoticed. Odd email addresses, formatting or different languages are all spotted as suspicious by well over half of the respondents.
But curiosity is getting the better of too many recipients with crafty combinations of alluring subject lines plus the promise, in many cases, of something shared from a social network. As more people spend more minutes each day checking in with various social sites, email messages purporting to be delivering updates on social activity are too hard to resist. Female respondents were a little more likely to open these messages, at 8.2 percent, than men, at 5.6 percent. But men made up for that difference with a higher likelihood of being tempted by messages about money-making schemes or naked photos of celebrities, friends or themselves.
The fake social site messages have almost caught up with the fake financial institution messages, in this survey, with 15.2 percent and 15.9 percent reporting receiving these types, respectively. Expect that rate of social messages to rise quickly.
While email security solutions like Halon’s and others do their job on the tech side, the end-user education security layer will never be obsolete. Whether your IT department is observing the same trends that were found in this survey, or slightly different ones, chart that data, grab some of those examples, and make sure your training and educational materials are up-to-date with what folks are paying attention to and where they are falling for trickery. Rather than an endless fight (okay, until we let go of our death grip on email reliance, it is kind of endless), controlling message-delivered malware is an opportunity to put a stop to an identifiable threat. And save the users from themselves.
