Can You Spot a Phishing Scam?

According to an eye-opening report from Dojo, 85% of UK businesses experienced a phishing attack in the last year¹. Yet, despite the growing threat landscape, over a quarter (27%) of organisations still consider Cyber Security a low priority at the boardroom level¹.

This raises an important question: how well-equipped are your employees to recognise and respond to a phishing attempt?

Who’s Being Targeted by these Phishing Scams?

Scammers aren’t picky. From C-suite executives with access to critical financial and strategic data, to frontline employees processing card payments or handling sensitive admin tasks, everyone is fair game. And the tactics are getting smarter—especially with the use of AI.

To test scam awareness, we surveyed 1,800 employees below executive level and 200 C-suite executives. The results show a concerning gap in awareness—and vulnerability—across the board.

Phishing Awareness: What the Data Tells Us

• Over half (56%) of participants couldn’t tell the difference between real and fake emails.
• C-suite execs outperformed their teams on recognising messages from platforms like Slack and Dashlane (58% accuracy vs. 36% for non-executives).
• Graduates struggled the most, with 68% unable to identify scams accurately.
• AI scams in particular are flying under the radar:
  • 67% of respondents felt confident spotting them.
  • But 64% of employees and 66% of executives failed to detect AI-generated phishing emails in practice.
  • Nearly 90% of execs said they could spot AI scams—yet most were fooled.

credit: Dojo

AI-Driven Phishing Scams

To simulate real-world attacks, our survey used AI-generated scam emails crafted with tools like ChatGPT. The emails mimicked trusted platforms like Google and Dropbox, complete with:

• Urgent action prompts
• Fake download requests
• Spoofed email addresses (e.g., no-reply@google-alerts.com, no-reply@dropboxhelp.com)

Despite glaring red flags, two-thirds of participants fell for the scam. This highlights a critical gap in both awareness and practical training.

What Should Businesses Do?

Cybersecurity isn’t just IT’s job—it’s a whole-organisation issue. Here’s how to strengthen your defence:

✅ Invest in regular phishing simulation training for all staff, including senior leadership
✅ Use real-world examples and AI-generated scam scenarios to test awareness
✅ Encourage a cybersecurity-first culture where employees feel confident reporting suspicious activity
✅ Ensure leadership teams lead by example with proactive security practices

Need help educating your workforce or simulating phishing scenarios?
At Solutions 4 IT, we deliver tailored Cyber Security training that prepares your team for the threats of today and tomorrow.

We hope you’ve liked this blog and stick around to see our future releases. We cover everything from recent IT News to knowledge base articles. Stay safe!