- Darktrace survey shows US workers are overconfident in detecting phishing
- 80% feel confident, but only 32% passed the actual test
- AI makes phishing harder to detect; experts say conventional training lacks personalization and measurable impact
Many American workers think they’re pretty good at identifying phishing emails in their inbox, but the reality is different, according to a new study.
Darktrace recently surveyed 1,000 U.S. office workers and approximately 430 IT and security decision makers about security awareness training and preparation for modern phishing attacks, revealing that four in five (80%) were confident in their ability to spot a phishing email in their daily work.
However, after using realistic messages in a real test, only a third (32%) were able to actually spot the attack.
Article continues below
Safety awareness training is lacking for workers
Phishing has evolved considerably in recent years. Before the emergence of AI, one could spot a phishing email simply by rereading it, because the attackers are rarely native English speakers and the messages were accompanied by spelling and grammar errors, as well as awkward language construction.
These days, with AI doing most of the writing, correctly identifying a phishing email is more difficult, but not impossible.
Checking the sender’s domain, analyzing links before clicking, and looking for telltale signs like a sense of urgency or threats remains a solid technique.
Researchers said last year that more than a third (38%) used “new social engineering techniques, likely enabled by AI” in their attacks, suggesting the landscape is changing rapidly.
The report also states that security professionals are “not really convinced” that conventional security awareness training is keeping pace with modern phishing. The majority (62%) agree that it is effective in preparing employees to identify phishing attempts, but only 11% “strongly agree” and only 2% say they see “no limits to conventional training.”
The biggest limitations are lack of personalization (31%), focus on failure (27%), and being too difficult to meaningfully measure beyond completion or click-through rates (23%).
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
