Phishing fears cause workers to reject genuine business communications

Phishing fears cause workers to reject genuine business communications

Centers for Disease Control and Prevention (CDC) activated its Emergency Operations Center to assist public health partners in responding to COVID-19. Notifications about the pandemic are one example of messaging that some recipients fear to be phishing scams. (CDC)

COVID-19 contact tracers are reportedly having difficulties alerting individuals who have been exposed to the coronavirus, because some of the people they are calling refuse to answer out of concern they are being scammed. 


This public health risk exemplifies a hidden cost of the fight against phishing and vishing scams: lost time and business inefficiencies caused by paranoid employees who filter out legitimate communications.


“People aren’t opening everything… They are rationally resisting approaches that they can’t figure out how to trust,” said Peter Cassidy, co-founder and secretary general of the Anti-Phishing Working Group (APWG). “It’s making life hard for the bad guys. But it’s making things impossible for [efforts] like public health initiatives” or certain corporate communications.


So how do public and private sector organizations ensure people strike the right balance? There are at least a few steps that callers, email senders and the message recipients themselves can take to reduce the odds that an important communication is missed due to phishing fears.


Too much of a good thing?


Employees are trying to avoid suspicious emails and phone calls, and rightly so, as they can result in malware infections and business email compromise attacks. But hyper-vigilance also has its drawbacks. And it’s not just people refusing to respond to calls or emails.


“The other side of it is internal security teams… are getting flooded with all these emails, because people think they’re malicious and they’re send ..