Report: Phishing Attacks on the Upswing

Phishing attacks have increased 13 percent and spear phishing attacks are up 22 percent from 2014, according to new research from Wombat Security Technologies. The "State of the Phish" report, based on data from millions of simulated phishing attacks as well as several hundred survey responses from security professionals, found that "phishing attacks continue to grow in volume and complexity, supported by more aggressive social engineering practices that make phishing more difficult to prevent."

Survey respondents reported that they have experienced malware infections (42 percent), compromised accounts (22 percent) and loss of data (4 percent) due to successful phishing attacks. The resulting loss of employee productivity and uncontained credential compromise can cost an average size organization $3.77 million per year, according to Wombat.

The Wombat research found that "the most popular phishing attack templates with the highest click rates included items employees expected to see in their work e-mail, such as an HR document or a shipping confirmation." While users were more cautious when receiving "consumer" e-mails such as gift card notifications or social network notifications, an "urgent e-mail password change request" had a 28 percent average click rate.

Other findings from the report include:

  • E-mails personalized with a first name (spear phishing) had click rates 19 percent higher than those with no personalization;
  • Click rates vary per industry, with telecommunications and professional services clicking phishing e-mails more than other industries;
  • Organizations use a variety of security technologies, including e-mail spam filters (99 percent), outbound proxy protection (56 percent), advanced malware analysis (50 percent) and URL wrapping (24 percent);
  • The plugins most likely to be out of date and susceptible to an attack are Adobe (61 percent), Adobe Flash (46 percent), Microsoft Silverlight (27 percent) and Java (25 percent); and
  • The most suspicious attachments include pdf (29 percent), doc (22 percent), html (13 percent) and xls (12 percent).

"Phishing continues to be a highly effective attack vector that is increasingly responsible for a significant percentage of data breaches in the market today," said Trevor Hawthorn, CTO of Wombat, in a press release. "In spite of continued investments in a number of popular security technologies, phishing messages continue to reach end users and can result in serious damages to a company's critical data and reputation."

The full report can be downloaded free from the Wombat site (registration required).

About the Author

Rhea Kelly is editor in chief for Campus Technology, THE Journal, and Spaces4Learning. She can be reached at [email protected].

Featured

  • Stylized illustration showing cybersecurity elements like shields, padlocks, and secure cloud icons on a neutral, minimalist digital background

    Microsoft Announces Host of Security Advancements

    Microsoft has announced major cybersecurity advancements across its product portfolio and practices. The work is part of its Secure Future Initiative (SFI), a multiyear cybersecurity transformation the company calls the largest engineering project in company history.

  • reDesign Future9 report

    ReDesign Updates 9 Essential Competencies for K-12 Students

    ReDesign, a provider of support and resources for competency-based education, has updated its Future9 Competency Framework to reflect the essential skills K-12 students need today to thrive in their education and workforce journeys.

  • augmented reality goggles on a desk in a dark, shut-down production lab with neon accents and scattered tools

    Microsoft Transitioning Away from HoloLens Mixed Reality Hardware

    Microsoft has confirmed that hardware development for its HoloLens mixed reality headset has officially come to an end.

  • horizontal stack of U.S. dollar bills breaking in half

    ED Abruptly Cancels ESSER Funding Extensions

    The Department of Education has moved to close the door on COVID relief funding for schools, declaring that "extending deadlines for COVID-related grants, which are in fact taxpayer funds, years after the COVID pandemic ended is not consistent with the Department’s priorities and thus not a worthwhile exercise of its discretion."