Phishing Research Reveals Concerning Statistics
Frightening Phishing Frequency Findings
A recent study by Tessian showcased some scary numbers about the frequency of phishing.
Only 9% of organizations report never having been attacked by phishing. 10% say they have had to deal with anywhere from 1 to 10 attacks in one year. 37% have suffered up to 50 phishing attacks, 28% 50 to 100 attacks, and 12% more than 100 in a twelve-month period.
The best subject lines for business email compromise were found to be:
- Fw: Urgent Invoice
- Important: Please read
- Payment is Urgent Do Not Ignore!
- Re: Finance Request for CEO of …
- Attention: Credentials needed for login to secure mainframe.
Other studies have extended the list of email subject lines to watch for as potential alerts for phishing. These include: Annual Inventory, Changes to your health benefits, security alert: new or unusual Twitter login, Your Amazon Prime Membership has been declined, Zoom: Scheduled Meeting Error, Google Pay: Payment sent, and Stimulus Cancellation Request Approved.
Those falling victim to phishing suffered a variety of woes. 60% lost data, 52% had credentials or accounts compromised, 47% had to deal with a ransomware outbreak, 29% were infected with other forms of malware, and 18% incurred financial losses. According to the report, the average cost per compromised record was $150 with $3.92 million being the average cost of a data breach.
A common ploy in phishing is to pretend to be from a well-known or respected company. Hackers make their email addresses appear to be from major vendors. Logos are liberally applied to make the scam look realistic. The most commonly impersonated brands are Microsoft, DHL, LinkedIn, Amazon, Rakuten, Ikea, Google, PayPal, and Chase.
It is no wonder the FBI regards phishing at the most common type of cybercrime. Phishing incidents doubled in 2020 with almost a quarter of a million reported. The agency received 11 times more complaints about phishing in 2020 compared to 2016.
Phishing Delivery Strategies
The delivery mechanisms for malware via phishing are also well known. Malicious URLs in emails are one ploy. But the most successful approaches make use of infected PDFs and Microsoft Office files. Other attachments that achieve some success are script files, compressed archives, Java files, and batch files.
But the tactics employed in phishing are many, varied, and ever changing. Although the minds that device phishing emails may be warped and represent the dregs of humanity, nevertheless they can be clever. The constant evolution of phishing tactics demonstrates this. But regardless of the approach, the goals are simple:
- Personal data
- Medical data
They want such information so they can gain money or access to higher value targets.
Beyond monetary losses, impacted businesses suffer due to lost hours of productivity, time spent in remediation and incident response, damaged repute, and loss of intellectual property.
How Syxsense Can Help
No one wants to experience any of these consequences. That is why it is so important to scan constantly for vulnerabilities and keep patches up to date.
Syxsense is the only product that combines automated patching, vulnerability scanning, and IT management. Manage and secure your IT environment with ease and get started for free.
Start Your Free Trial of Syxsense
Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.