Phishing is a huge threat and growing more widespread every year.
Research in 2021 found that employees receive an average of
14 malicious emails per year.
96% of phishing attacks arrive by email.
Another 3% are carried out through malicious websites and just 1% via phone.
When it’s done over the telephone, we call it vishing and when it’s done
via text message, we call it smishing.
The increase in phishing attacks means email communications networks are now riddled with cybercrime. Research suggests that throughout 2020, 1 in every 4,200 emails was a phishing email.
According to Symantec’s 2019 Internet Security Threat Report
(ISTR), the top subject lines for business email compromise (BEC) attacks are:
IT: Annual Asset Inventory
Twitter: Security alert: new or unusual Twitter login
Amazon: Action Required | Your Amazon Prime Membership
has been declined
Zoom: Scheduled Meeting Error
Google Pay: Payment sent
Microsoft 365: Action needed: update the address for your
Xbox Game Pass for Console subscription
The top three “types” of data that are compromised
in a phishing attack are:
Credentials (passwords, usernames, pin numbers)
Personal data (name, address, email address)
Medical (treatment information, insurance claims)
When asked about the impact of successful phishing attacks,
security leaders around the world cited the following consequences:
60% of organizations lost data
52% of organizations had credentials or accounts compromised
47% of organizations were infected with ransomware
29% of organizations were infected with malware
18% of organizations experienced financial losses
CISCO’s 2021 data suggests that financial services firms are
the most likely to be targeted by phishing attacks, having been
targeted by 60% more phishing attacks than the next-highest sector
(which CISCO identifies as higher education).
Tessian’s 2021 research suggests workers in the following industries
received a particularly large quantity of malicious emails:
Retail (an average of 49 malicious emails per worker, per year)
Manufacturing (31)
Food and beverage (22)
Research and development (16)
Tech (14)
Not all countries and regions are impacted by phishing to the
same extent, or in the same way.
Here are some statistics from another source showing the percentage of companies that experienced a successful phishing attack in 2020, by country:
United States: 74%
United Kingdom: 66%
Australia: 60%
Japan: 56%
Spain: 51%
France: 48%
Germany: 47%
Article courtesy of Tessian.com