9 out of 10 UK workers still clicking on suspicious email links

As much as 90 per cent of British workers can't resist clicking on links in emails, regardless of whether the link is genuine or not, according to research by cyber security firm Sourcefire.

According to the survey released today, nine out of ten UK workers have clicked on a link embedded in an email, and two-thirds (66 per cent) owned up to very rarely checking whether the link is genuine before clicking it.

Following email links can make individuals and especially businesses extremely vulnerable to so-called social engineering attacks.

The study quizzed 1,106 UK workers, and identified three main types of behaviour exhibited when people are confronted by an email-embedded link.

  • Compulsive Clickers: the most likely to click on an unverified web link, admitting that they always or often click.
  • Cautious Clickers: People who only occasionally click on a web link sent to them and when they do, they check to see if the link is genuine.
  • Never Clicks: People in the Never Clicks category say they would never click on a web link received via an email.

Compulsive clickers were the most widespread, with 46 per cent of workers questioned, with cautious clickers following close behind, with 44 per cent.

Worryingly, 5 per cent of the sample stated that they never check to see if a link is genuine and 10 per cent have no idea how to check.

"It's frightening to see how easily users can be duped into clicking what looks like an innocent web link," said Dominic Storey, technical director for Europe, the Middle East and Africa at Sourcefire, adding that clicking such a link "can actually give a hacker full control over the user's computer in a matter of minutes without the victim knowing a thing about it."

The reports are particularly worrying in the midst of a nationwide scare surrounding the ransomware CryptoLocker, which the UK National Crime Agency (NCA) warned could hit as many as 10 million UK Internet users in the next week alone.

Adrian Culley of security firm Damballa told us on Monday that during phishing attacks, hackers send emails containing links that are "meant to look tempting, and meant to look like the real thing."

"If you're not careful," Adrian told us, "by the time you notice the hook, it'll be too late."

Image: Flickr ((davide))