phishing attacks, often disguised as legitimate emails, lure unsuspecting victims into clicking malicious links or downloading harmful attachments.
PHISHING SCAMS — EMAILS that trick you into clicking a nefarious link, often by making it look like it’s a legitimate one — have become a major, and growing, problem for Canadian businesses over the last 20 years. In Canada alone, the average phishing scam in 2025 costs organizations $7.91 million per breach, up from a measly $6.38 million in 2024, according to IBM Canada, and a government report pegged phishing as “one of the most reported types of fraud in Canada,” and one that is only growing harder to combat in the age of AI.
Click here to view this article in the London Inc. Worklife newsletter
Many readers will be well aware of this, in part because of the high likelihood that their employer has conducted anti-phishing training, often by engaging in both instructional sessions and simulated phishing emails, designed to see if employees are vulnerable to being tricked.
Story Continues Below
New research, however, suggests businesses are failing to actually make inroads against the problem. A research team from UC San Diego published a study that “suggest[s] that anti-phishing training programs, in their current and commonly deployed forms, are unlikely to offer significant practical value in reducing phishing risks.” In particular, the researchers found there was no correlation between formal training sessions and how likely an employee was to click a phishing link, and that simulated links aren’t doing much to teach people, either.
“Phishing simulations fail to deliver appreciable training for two reasons,” they wrote. “First, only a small fraction of users fail in any given simulation, and thus in any exercise the vast majority of users receive no training. Second, those users who receive training typically fail to engage with training materials.” When presented with embedded training materials (the pages that pop up when you click one of the simulated links), they found that half of employees close the page (likely annoyed or embarrassed) within 10 seconds.
Story Continues Below
Instead of these common methods, the researchers suggest a better alternative: hire better cybersecurity departments and implement two-factor authentication. But what they’re saying when you read between the lines is businesses need to be proactive in this and not assume that what they’re doing is working.
“The problem with cybersecurity is that most don’t feel the pain. They think it’s going to happen to others, but not to them,” said Ali Ghorbani, a cybersecurity professor at the University of New Brunswick. “I’m telling them — it will happen. It’s just a matter of time. It will happen to everyone who is not careful enough. This is not a joke.”
Firmly established in the London market, Medpoint Health Care Centre takes its unique brand of executive healthcare to the GTA
Who is using AI in Canada? Just about everybody. Who sees a return? Just about nobody
Price check: A sampling of high- and low-priced real estate listings around town this week
A summary of recent commercial real estate activity in London
100 The Promenade: $679,900 for a spacious new penthouse condo in the heart of Port Stanley’s new Kokomo Beach Club…