Why New Joiners Are a Prime Target for Phishing Attacks
Cybercriminals are increasingly targeting new employees, exploiting their enthusiasm and limited experience. We’ve observed this trend firsthand, with attempts aimed at some of our own new staff. These attacks often focus on junior roles, interns, or employees still familiarising themselves with workplace systems, making them prime targets.
New employees are naturally eager to please, keen to make a good impression, and often haven’t yet completed formal cyber awareness training. This combination, enthusiasm, inexperience, and limited exposure to internal security processes, makes them especially vulnerable to phishing attacks, since they may not yet know how to spot suspicious emails.
Interns, apprentices, and recent graduates are often the most exposed. They may not fully understand company protocols, be unfamiliar with the chain of command, or feel hesitant to question messages from someone posing as a manager or IT team member. Attackers exploit this gap in experience and confidence, targeting human behaviour rather than technical vulnerabilities.
The Importance of Cyber Awareness from Day One
To reduce this risk, cyber awareness must be embedded into onboarding from day one. New staff should be trained on:
-
How to recognise phishing emails and suspicious communications
-
Verification procedures for unusual requests, including fund transfers or sensitive data access
-
The importance of asking questions and escalating doubts, without fear of appearing inexperienced
Providing security guidance at the very start of employment not only reduces the risk of compromise but also helps new joiners develop good habits from the outset, reinforcing a culture of vigilance across the organisation.
Proactive Steps Organisations Can Take
-
Include cyber awareness in onboarding: Make training mandatory before or immediately upon starting.
-
Regular refreshers: Continue to reinforce awareness as staff become more confident in their roles.
-
Simulated phishing exercises: Safe, controlled exercises help new staff recognise suspicious emails in real-life scenarios.
By recognising that new joiners are a prime target and building awareness into the first weeks of employment, organisations can turn potential vulnerabilities into opportunities to strengthen security culture. Early education, ongoing support, and clear verification protocols are key to keeping both staff and company assets safe.
