Would you fall prey to a second phishing attempt?

If you were a victim of a phishing attack once, you’re very likely to fall prey to a similar attack again, a new report shows.

Phishing defence firm PhishMe has released the 2015 Enterprise Phishing Susceptibility report, showing how susceptible enterprise employees are to falling victim to phishing attacks.

Turns out – they’re pretty susceptible.

According to the report, 87 per cent of employees who opened a phishing simulation email did so on the day it was sent – which means organisations have little time to catch a targeted attack aimed at multiple employees. Moreover, 67 per cent are repeat offenders, likely to respond to another attempt.

Business communication themed emails were most effective at phishing; those with the subject lines “File From Scanner” (36 per cent) and “Unauthorised Activity/Access” (34 per cent) had the highest penetration rates.

The data from the report was gathered from 8 million phishing simulation emails sent to 3.5 million enterprise employees. However, the report also adds that with proper training, employees can become effective company defenders.

The most salient of the findings were related to understanding which type of attacks had the highest penetration rates, including:

“Analytics resulting from the report reveal three very pertinent conclusions — that enterprises remain vulnerable to phishing-driven compromises, they need to place more reliance on employees to help them defend their organisations, and consistent training turns employees into informants that can spot attacks before they turn into catastrophes,” said Rohyt Belani, CEO and co-founder, PhishMe.

University of Cambridge and London School of Economics and Political Science contributed to the report with analysis of data samples collected from more than 400 PhishMe customers, having conduced over 4,000 training simulations, during a period of 13 months.