Contact us: +45 32 67 26 26
English
Back to blog
3 min read

Data From +500.000 Phishing Simulations

Anders Bryde Thornild
By: Anders Bryde Thornild Phishing Training | 13 November

Phishing Tricks

Which signs and methods fool people the most?

We use different "signs" in our phishing mails. One example could be Time Sensitivity - this is where there's a sense of urgency to click the link that pushes the user to click. We have 8 signs in total. Here's how they perform.

Time-sensitivity
Rewards
Curiosity
Context
Fear
Media
Trust/Authority
Do the right thing

Toggle to compare click vs. submit rates.

Best Time

People are most likely to click in lunch time

It turns out that the time of the day people are most likely to click and submit is doing lunch hour. Honestly, we don't know why. Maybe people are in a rush to get some food.

Lunch hour
19.2%
Click rate (12:00–13:00)
Lunch hour
11.6%
Submit rate (12:00–13:00)
CyberPilot | Click & Submit Rates by Weekday

By weekday

How do click & submit rates vary by weekday?

Alright, lunch is dangerous. But what about the weekdays? Is one day risiker than others?

Click rate Data submit rate

Early week is riskiest: Monday and Tuesday lead on clicks; Friday is slightly lower on clicks but relatively higher on submits.

Attack Type

Spear phishing vs automatic phishing

Here's how many people click and submit emails depending on what type of phishing email we send. Spear phishing is targeted. Auto phishing is a more generic phishing mail.

Click rate
Spear phishing
Auto phishing
Submit rate
Spear phishing
Auto phishing

Employee Actions

What happens when a phishing email land in the inbox?

4 things can happen when you recieve phishing email. You can ignore it, you can report it, click it or even submit data. We can't track people who ignore it, but here's how people interact. Of course, we want reports to go up, which it does if you train.

Reported
5%
Reported the phishing emails
Clicked
9%
Average click rate from all phishing mails
Submitted
4%
Submitted data (tried to login on the landingpage after they clicked)

BY CAMPAIGN NUMBER

How do click & submit rates change over repeated simulations?

The most important thing about phishing training is that people become better at spotting phishing emails. So do they? Our data suggest so. Of course it's a simplification as difficulty in each simulation varies, but the trend is the same across all our customers. Phishing training works:

Campaign performance

Showing click rate per campaign.

As employees see more campaigns, both click and submit rates trend down.

Phishing Training CTA

How would your company perform in a phishing test?

You’ve seen the numbers. Now you can try it yourself and see how your employees react to realistic phishing attempts.

  • Safe, realistic phishing simulations
  • Insight into clicks and submitted data
  • Clear report you can act on immediately
Book a demo and try it for free

No commitment. We’ll help you set up a test that fits your company.

Back to blog
Recent articles
Cyber Security, Phishing Training Big Data Study: What the data from +200.000 phishing emails learns us

We've sent more than 200.000 phishing emails. Here's what we've learned from them and what you can do to avoid becoming a victim of them.

Anders Bryde Thornild 6 min read - By Anders Bryde Thornild
Cyber Security How to handle and spot phishing mails with Microsoft Defender

We've sent more than 200.000 phishing emails. Here's what we've learned from them and what you can do to avoid becoming a victim of them.

Anders Bryde Thornild 5 min read - By Anders Bryde Thornild
Cyber Security, Phishing Training, Best Practice Use Microsoft Defender to strengthen your email security

Microsoft Defender is filled with features that can help your email security. We give you an overview of the best ones right here.

Anders Bryde Thornild 5 min read - By Anders Bryde Thornild