Security News > 2022 > March > Consistency in password resets helps block credential theft
According to Expert Insights' recent study, "Almost 20% of all employees are likely to click on phishing email links and, of those, a staggering 67.5% go on to enter their credentials on a phishing website."
Since organizations cannot depend on mail filtering to block all attempted phishing attacks, organizations must place a heavy emphasis on end user education.
An administrator may be able to tell if a user who opened a simulated phishing message clicked on a link within the message, and if they took the extra step of entering their password when prompted.
Because credential harvesting phishing attacks so often come disguised as password reset messages, it is important to handle password resets in a way that makes it obvious to users that email messages are not part of the password reset process.
That's why it's so important to educate your users on how to identify a phishing message, and potentially assess a user's ability to identify such messages through subsequent simulated phishing campaigns.
It's arguably more important to standardize the password reset process in a way that will help users to immediately recognize password reset messages as phony, and thus prevent them from clicking on such messages.