The email arrives on a Tuesday morning.
It appears to be from the CEO.
The name looks right. The tone feels familiar. Even the signature matches what they would expect.
“Hey, can you help me with something quickly? I’m in back-to-back meetings.
Need you to handle a vendor payment. I’ll explain later.”
The new employee pauses.
They have only been with the company for four days.
They are still learning how things work, what is normal, and who typically handles requests like this.
They also do not want to be the person questioning leadership during their first week.
So, they help.
And in that moment, a phishing attempt may succeed.
Why the first week can be the highest-risk week
For many businesses, spring and summer bring a new wave of employees, including recent graduates, interns, and first-time hires.
For attackers, this onboarding period can present an opportunity.
According to Keepnet’s 2025 New Hires Phishing Susceptibility Report, CEO impersonation emails were 45% more likely to succeed with new hires than with experienced employees.
Attackers often target employees who are still learning internal processes because there is a natural period of uncertainty at the start of employment.
A new employee may not yet know:
- what a normal payment request looks like
- how leadership usually communicates
- which requests require verbal confirmation
- who to contact when something feels unusual
That uncertainty can make authority-based phishing emails more effective.
Importantly, this is not usually about carelessness.
Often, it is the employee who is trying to be helpful and responsive.
The real gap is often the system, not the person
Think back to a typical first day.
Sometimes the laptop is not fully configured.
Access may still be pending.
Email accounts are still being finalized.
Someone temporarily shares credentials.
A file gets saved locally because the shared drive is not ready.
A personal phone is used to look up a client contact because it is faster.
None of this usually feels risky in the moment.
It feels practical.
But these workarounds can create unnecessary exposure.
During the first week, small process gaps can quietly introduce risk:
- shared credentials reduce accountability
- files may sit outside managed backup systems
- personal devices may access company data
- reporting procedures may not yet be clear
Keepnet’s research found that new employees are 44% more susceptible to phishing than tenured staff during their first 90 days.
That increased risk often comes from onboarding gaps and process uncertainty rather than employee negligence.
What a prepared first day looks like
Improving this does not require an overwhelming security presentation on day one.
It starts with a few practical steps being in place before the employee arrives.
Access is configured in advance
The laptop is ready.
Credentials are created.
Permissions are clearly defined.
This helps avoid temporary workarounds such as borrowed logins or delayed access.
Expectations are clear
A short orientation conversation can make a meaningful difference.
For example:
- Does the CEO ever request payments by email?
- Who approves vendor payments?
- What should happen if something feels unusual?
Clear guidance early on helps reduce uncertainty.
There is a clear escalation path
New hires need to know exactly who they can ask without feeling uncomfortable.
Many first-week mistakes happen quietly because employees do not want to appear inexperienced.
A designated point of contact or simple verification process can significantly reduce risk.
A conversation worth having
Most security incidents do not happen because someone intentionally ignores policy.
They often happen because someone has not yet been shown the process.
If your onboarding process is already structured and secure, that is a strong foundation.
If new hires are still improvising during their first week, it may be worth reviewing the process before the next onboarding cycle.
A short conversation now can help reduce unnecessary risk later.
If you would like support reviewing your onboarding security process, Call us at 206.414.7441 or book a quick discovery call.