Though you may be familiar with how to detect phishing emails, there are some phishing emails that are more simple to determine than others. It’s probably that you won’t respond to an email that says ‘You’ve Won a Free iPad,’ but there are plenty of other illicit emails that are more clever. After assessing phishing statistics, we saw just how successful fraudulent emails might be.
In 2019, a cybercriminal successfully organized a spear phishing campaign that swindled workers from Google and Facebook into paying millions of dollars in fraudulent invoices. You can stay safe by keeping up with the latest phishing trends and security software options. Here’s our list of the newest phishing stats of this year.
Victims of Phishing
A whopping 67.5% of participants in Terranova Security’s 2020 Gone Phishing Tournament clicked on phishing email links and entered their credentials, which amounted to almost 20% of all employees. Why are so many people clicking on malicious links? That’s a legitimate question. It’s possible that 13.4% of employees submitted their passwords to a phishing website.
Brands Most Targeted by Phishing Attacks
According to CheckPoint research, Microsoft is the most frequently spoofed brand worldwide in brand scam attempts, with 43 percent. Since the pandemic started, attackers have exploited their name because of their reliance on Microsoft’s cloud applications. Microsoft is followed by DHL, LinkedIn, and Amazon, which are impersonated by 18%, 6%, and 5% of attackers, respectively. Brand impersonation phishing emails accounted for almost 70% of impersonation attempts in 2020. Zoom, Amazon, Chase Bank, and RingCentral are the most faked brands, according to the same report. Brand impersonation incidents are primarily linked to tech firms (71.8%), followed by telecoms, retail, finance, and logistics.
Data Breach Costs
In spite of the fact that data breaches are getting more expensive, IBM says that a data breach costs an average of 4.24 million dollars. In the past year, IBM’s estimate has increased, indicating that data breaches are becoming more costly. Detecting and escalating a breach (29% of the cost) and lost business costs (38%) account for the majority of the expense. When it comes to security architecture, organizations with greater security processes are more likely to have a larger expense as a result of a data breach, whereas those with fewer security processes have lower expenses. Because data breach costs are significantly lower for companies with formal security architectures, a data breach can do irreparable harm to an organization without it.
Outside Phishing Attacks
In our imaginations, the malicious character is often depicted as a person in a hoodie and a Guy Fawkes or V for Vendetta mask, lurking in the shadows. This character is rarely like that, according to BDO accountancy firm research. Fifty percent of the respondents said that frauds were committed by outsiders, while an alarming 34% said that employees and bad actors had “colluded” in fraudulent activities. More shocking still, 21% said that their own employees committed the fraud.
Phishing and Social Engineering Data
According to the survey, one-third of IT pros have observed social engineering being delivered via a variety of communication channels, rather than emails, in the last twelve months. According to APWG, webmail and Software-as-a-Service (SaaS) users are the primary targets for phishing attacks; these forms of attack account for 34.7% of phishing attempts. That same study found that over half of the phishing attacks sent through free email providers used Gmail as their delivery method, up 61% to 72%, and that the majority of these attacks were delivered via Gmail.
Common Phishing Attachment Types
According to a Threat Report from ESET, the most frequently spotted malicious files attached to phishing emails during Q3 of 2020 were:
- Windows executables (74%)
- Script files (11%)
- Office documents (5%)
- Compressed archives (4%)
- PDF documents (2%)
- Java files (2%)
- Batch files (2%)
- Shortcuts (2%)
- Android executables (>1%)
In a recent IRONSCALES research, a surprising 81% of organizations worldwide have reported an increase in email phishing attacks since March 2019. Despite the significant danger phishing poses to businesses, many organizations only provide phishing awareness training to their employees once a year. As a result of this lack of awareness, phishing is the type of threat most likely to cause a data breach. In fact, according to the Verizon DBIR 2021, phishing and human involvement account for 25% of all data breaches. Phishing, vishing, SMiShing, and pharming are the most widespread dangers in the United States. IC3 recorded 241,342 victims in the U.S. in 2020, making it the most frequent phishing threat.