October 20, 2018
The anti-phishing solution supplier Cofense has issued its 2018 Status of Phishing Protection report. The report provides insights into the most usual phishing electronic mails being used by cybercriminals and the message topics that are most effective at deceiving workers into clicking and disclosing secret information. The report also breaks down phishing attacks by industry sector and demonstrates which industries are most vulnerable to phishing attacks.
In addition to describing the most effective phishing electronic mails, Cofense also offers anti-phishing guidelines and proposes best practices that must be adopted to make phishing simulation exercises and safety consciousness training more effective.
To put together the report, Cofense examined the reactions to 135 million phishing electronic mail replications from campaigns carried out by its clients. The company used a sample of 1,400 customers for its examination. Those companies were spread across 23 industries from more than 50 nations.
Cofense also examined more than 800,000 doubtful electronic mails that were reported by workers through Cofense Reporter and roughly 48,000 real-world phishing campaigns, with data on the latter gathered via the Cofense Intelligence service. The study used phishing data gathered between July 2017 and June 2018.
2018 Phishing Data
- Phishing is the number one cyber-attack path
- 91% of all data breaches begin with a phishing electronic mail
- 92% of all malware is delivered through electronic mail
- On average, each electronic mail user gets 16 malevolent electronic mails in their inbox every month
- 1 in 10 reported electronic mails are malevolent
- 21% of malevolent electronic mails contain attachments (malware or links concealed in attachments)
- Business electronic mail compromise electronic mails are seldom noticed and reported
- More than 50% of reported electronic mails are related to credential theft
- The most usual credential phishing electronic mails try to get Office 365 logins
What are the Most Effective Phishing Electronic mails
Cofense put together a top ten list of phishing electronic mails, which is based on the most successful phishing campaigns of 2018. Six of the top ten phishing campaigns utilized “invoice” as the subject line, with a further campaign using “customer invoice”. Invoice electronic mails accounted for five of the top six phishing campaigns of 2018. “Payment remittance” was utilized in the second most successful phishing campaign of 2018. “Statement” and “Payment” finished the top 10.
The top three reported phishing electronic mail subjects differed by industry sector, although “invoice” electronic mails were the most usually reported in all industries in addition to healthcare, where “payment notification” was most usual. Electronic mails claiming there is a new message in a mailbox or a new fax message were also common, as were payment notices. These common phishing topics are what companies must focus on when training workers together with training on other active dangers.
While it is shared for anti-phishing and safety consciousness training to be provided yearly this is no longer sufficient. Cofense proposes that training must be carried out far more regularly – at least every quarter. Although several companies punish workers for failing to identify malevolent electronic mails, it is far more effective to focus on providing additional training those workers and doing more to encourage workers to report possible electronic mail dangers.
What is clear from Cofense research is that training and phishing replications are effective at decreasing vulnerability to phishing attacks. The more training that is provided, and the more practice workers have at identifying phishing electronic mails (via imitations), the more resilient companies will be to phishing attacks.
You can download the Cofense 2018 State of Phishing Defense Report here.