“Phishing” lends itself to tongue-in-cheek humor and images, but it’s no laughing matter.
Cybercriminals continue to use phishing attacks to trick people into opening emails and/or clicking on links and files that allow malware (like ransomware) to breach your network security.
Phishing attacks continue because they work (for tips on how to avoid being hooked, read Some Day Your Nigerian Prince Will Come - 9 Simple Attempts to Dodge Phishing Emails).
In case you’re still one of those business leaders who think “not gonna happen to me,” here are some key stats from State of the Phish 2018, a research report from Wombat Security.
This survey of information security pros from around the world reveals that everyone needs to worry about phishing.
As for the overall rate of phishing attacks, an equal number -- 48% -- say that attacks are increasing or staying the same. A much small number paint a happier picture, 4% say rate of phishing attacks are decreasing.
In the actual good news category, click rates for phishing emails declined. That indicates a combination of software and user education is working. On the downside, cybercriminals are switching to more consumer-based email templates which fool users at a higher rate.
While that’s a good trend, there are three phishing templates that have an extraordinary high rate of success that you need to educate everyone in your office about:
Two other types of emails sent as simulated attacks to gauge user response gathered a near 100% click rate -- a database password reset alert and an email that claimed to have an updated building evacuation plan.
Sadly, phishing does work. There was a rise in the three major impacts of successful phishing attacks from 2016 to 2017:
The graphic below shows how companies measure the cost of phishing:
Phishing emails are increasing. Hopefully, next year’s research will reveal another dip in the overall success of these attacks. Do your part to prevent these attacks and protect your information, keep your network secure with updates and software patching and educate your users.