The Awareways approach goes far beyond click behavior. Our expertise is in behavioral change, so that moment where you decide to click or not to click is just where our jobs begin. We have our own phishing simulation software that trains employees continuously and proactively.

Avoid metal fatigue (“another phishing email, can’t IT stop that…?”) and inquire about our capabilities. We provide everything from a one-off phishing action with impact to leads to continuous training courses in which we adjust the campaign based on the results and provide concrete tools.

Those who receive a phishing email are more likely to click on a dangerous link if authority is one of the variables on which the email is designed. This is what our research shows, which has produced an insightful whitepaper titled ‘Effect on click behavior’.

We are happy to share our results with you.

Autonomously start your training today by reading our 5 practical tips. Prefer to work with experts? Get in touch!

Fortunately, a lot of spam is automatically intercepted to prevent you from being inundated with false emails on a daily basis. It’s not easy to stop phishing altogether, but you can certainly take a few steps to protect yourself.

Start by properly setting up your spam folder so that the lion’s share of phishing emails don’t even reach your inbox. And a good virus scanner is also a must. But above all, make sure you don’t just leave your email address everywhere. The more often you enter your details on random websites, the greater the chance that they will come fishing in your inbox. So create a free account, for example in Gmail, especially for all those websites where you don’t want to leave your ‘normal’ email address.

A bank, insurance company or subscription service will never ask for your social security number or your PIN, bank account or credit card number via e-mail (or by phone). They will also never send you through a hyperlink to a website where you are asked for security codes, certainly not through an SMS or social media.

Therefore, never share these details if you are asked for them in an e-mail. When in doubt, always contact the party concerned before responding to anything substantive, as chances are the message did not come from them.

Phishing is hardly limited to email traffic, so always be on the looking during your various other online habits as well. Malicious URLs and links that want to fool you can be found just as easily on websites (“You are our 1,000,000th visitor, click & win!”) and are also increasingly being distributed via social media.

Fraudsters are usually even more effective on Facebook and certainly via SMS/WhatsApp, because internet users are more likely to follow a link there than in a dubious email from an unknown sender. Especially when that message seems to come from someone they know. So don’t just click on any links elsewhere on the Internet!

You know the drill: it all seems right, yet something feels slighly off. The message is not quite relevant, the person or agency in question would never formulate it in such a way, the tone is not right – et cetera. If an email doesn’t feel quite right, then something is probably off. In short: if you have doubts, they are often justified.

Check for so-called ‘red flags’ that help you to recognize a phishing e-mail: a strange e-mail address of the sender, an overly excited (positive) message, a form of pressure or threat, many language errors or strange translations, a strange URL under a link or a different, impersonal salutation. Uncertain? Just go directly (not via email) to the sender’s website to find out the truth. And remember: too good to be true is often too good to be true!

Of course it can happen that you click on a link or open an attachment. In general, we observe that employees are more susceptible to phishing around lunch time and are also less aware of the risks at the end of the working day. Always make sure you report it immediately to the helpdesk or to the appropriate colleague in the IT department.

The quicker you act, the greater the chance that the damage from ransomware or other dangerous exploits can be limited. And be sure to do this even if you haven’t clicked as well, as it provides a valuable warning for colleagues.