How to Get People to Care About Phishing

April 2, 2024 • April Miller


Phishing attacks are increasingly part of news articles and headlines. However, as they become more widespread, some people are starting to tune out, making them overlook the seriousness of this cybersecurity issue. How can you make phishing trends more applicable to people, whether at home or work, and get them to care about phishing?

Remind People of the Internet’s Impact

Most people use the internet without thinking about it. It can help them do things such as: 

  • Check the weather forecast
  • Get the best route to a new destination
  • Communicate with colleagues and loved ones
  • Address health care needs
  • Apply for jobs
  • Learn new things
  • Stay entertained and relax
  • Work from home

Many news articles mention how employees of affected hospitals or government agencies had to use pens and paper for recordkeeping when internet-based systems became inaccessible due to phishing attacks.

Reminding people of how often they use the internet for everyday tasks can help them realize how severe the situation could become if they suddenly couldn’t go online. Talk to them about how phishing could prevent them from doing the activities they now take for granted. That approach can help them humanize the circumstances and feel less disconnected from the phishing attacks they read about in the news or elsewhere. 

Talk About How Phishing Could Ruin a Vacation

Many people anticipate their vacations for weeks or months. Some save up for most of the year to have enough money for relatively short breaks. Vacation lovers frequently hunt for good deals that could help them spend less on flights, stay in nicer hotels at better rates or get unexpected perks. Unfortunately, some phishing scammers capitalize on that strategy by creating fake websites for nonexistent booking agencies and vacation properties. 

People often enter their details on those websites, believing they’re legitimate. However, the sites may disappear before someone’s vacation ever happens. Then, that money’s gone, and people have nowhere to stay only days before they are supposed to travel. 

Another aspect comes into play when you consider what else people could lose due to a travel-related phishing scam. For example, if someone tries to pay for a hotel room at a fake website, they could enter their credit card details, giving a scammer the information needed to use them fraudulently elsewhere. Trying to travel without access to a bank account or credit card is difficult or impossible.

Plus, if the affected person doesn’t catch the scam early, they could log into their online banking portal and suddenly find thousands of dollars gone. Then, addressing the problem with the bank might become more complicated, such as if the phishing victim must prove they didn’t make the unusual purchases. 

There are enough travel-specific stresses to deal with — ranging from jet lag to language barriers — without additional phishing-related problems. When people see phishing attacks in the news, they don’t often connect those to their upcoming, long-awaited vacations. However, scammers change their tactics to have the most impactful results. That may mean trying to trick people before their travels. 

Reassure People They Can Avoid Falling For a Phishing Attack

It’s so easy to come across stories of phishing attacks that some people may begin believing there’s no way to avoid eventually getting caught up in these attacks. If individuals in your life have that attitude, help them realize it’s easier than they think to stop phishing attacks. 

A good starting point is for people to learn the telltale signs of phishing. Many phishing attempts request personal or sensitive information and demand it immediately. There’s often an accompanying story or reason, such as that people must provide the details to prevent some unwanted consequences. 

Keeping a computer’s operating system and software up to date is also a good idea, as is using anti-virus software. Then, if a cybercriminal’s phishing scam involves trying to get into a victim’s computer or network, the perpetrators won’t have such easy access. 

Another easy but effective preventive measure is to not engage directly with any suspicious emails. Scammers often impersonate well-known companies such as Amazon, UPS and Microsoft. However, rather than believing what an email says and responding to any requests inside it, people should consider directly contacting the businesses that supposedly sent the messages. Then, representatives can confirm or deny the legitimacy of the content.

The main thing for people to remember is that falling for a phishing attack is not a given scenario. They can do relatively simple things — such as not immediately responding to strange emails — to protect themselves.

Explain the Link Between Phishing and Work Stress

Most people can relate to feeling stressed at work. In the best cases, that only happens occasionally. But for many other employees, that experience is a daily occurrence. 

A 2022 study found a connection between phishing and people being under pressure at work. Some respondents even said phishing attacks resulted in them losing their jobs. More specifically, 26% said they’d believed a phishing email received at work within the last year. Then, more than two-fifths of those polled said distraction or fatigue caused them to fall for the phishing attacks. 

However, 52% of respondents said they believed the phishing emails were real because they appeared to come from senior company executives. That takeaway suggests phishing attempts are getting more sophisticated and targeted. 

Consider how people won’t have as much time to look for phishing signs in emails if they’re rushed and under pressure while at work. Additionally, if individuals have high respect for their company’s executives, they’re much less likely to question any requests that seem to come from them.  

However, the survey showed 1 in 4 employees lost their jobs over the past year after making mistakes that harmed their companies’ security. That finding reinforces how decision-makers should plan for training and other preventives that reduce the chances of people in their organization falling for the latest phishing attack. 

Everyone Must Collectively Fight Against Phishing

Even though people may feel phishing warnings don’t apply to them, these examples show how this cyberattack can be more relevant than they realize. However, the good news is that everyone can — and should — become more aware of phishing attempts, ultimately making them less likely to cause the desired effects for hackers. 

This collective action won’t eliminate successful phishing attacks, but it should gradually reduce them. Even so, cybercriminals frequently try new methods, making it important for people to stay updated on the latest phishing tactics.