Report: Phishing Attacks on the Rise

Phishing attacks are up 13 percent and spear phishing attacks are up 22 percent from 2014, according to new research from Wombat Security Technologies. The "State of the Phish" report, based on data from millions of simulated phishing attacks as well as several hundred survey responses from security professionals, found that "phishing attacks continue to grow in volume and complexity, supported by more aggressive social engineering practices that make phishing more difficult to prevent."

Survey respondents reported that they have experienced malware infections (42 percent), compromised accounts (22 percent) and loss of data (4 percent) due to successful phishing attacks. The resulting loss of employee productivity and uncontained credential compromise can cost an average size organization $3.77 million per year, according to Wombat.

The Wombat research found that "the most popular phishing attack templates with the highest click rates included items employees expected to see in their work e-mail, such as an HR document or a shipping confirmation." While users were more cautious when receiving "consumer" e-mails such as gift card notifications or social network notifications, an "urgent e-mail password change request" had a 28 percent average click rate.

Other findings from the report include:

  • E-mails personalized with a first name (spear phishing) had click rates 19 percent higher than those with no personalization;
  • Click rates vary per industry, with telecommunications and professional services clicking phishing e-mails more than other industries;
  • Organizations use a variety of security technologies, including e-mail spam filters (99 percent), outbound proxy protection (56 percent), advanced malware analysis (50 percent) and URL wrapping (24 percent);
  • The plugins most likely to be out of date and susceptible to an attack are Adobe (61 percent), Adobe Flash (46 percent), Microsoft Silverlight (27 percent) and Java (25 percent); and
  • The most suspicious attachments include pdf (29 percent), doc (22 percent), html (13 percent) and xls (12 percent).

"Phishing continues to be a highly effective attack vector that is increasingly responsible for a significant percentage of data breaches in the market today," said Trevor Hawthorn, CTO of Wombat, in a press release. "In spite of continued investments in a number of popular security technologies, phishing messages continue to reach end users and can result in serious damages to a company's critical data and reputation."

The full report is available free from the Wombat site (registration required).

About the Author

Rhea Kelly is editor in chief for Campus Technology, THE Journal, and Spaces4Learning. She can be reached at [email protected].

Featured

  • illustration of a futuristic building labeled "AI & Innovation," featuring circuit board patterns and an AI brain motif, surrounded by geometric trees and a simplified sky

    Cal Poly Pomona Launches AI and Innovation Center

    In an effort to advance AI innovation, foster community engagement, and prepare students for careers in STEM fields and business, California State Polytechnic University, Pomona has teamed up with AI, cloud, and advisory services provider Avanade to launch a new Avanade AI & Innovation Center.

  •  black graduation cap with a glowing blue AI brain circuit symbol on top

    Report: AI Is a Must for Modern Learners

    A new report from VitalSource identifies a growing demand among learners for AI tools, declaring that "AI isn't just a nice-to-have; it's a must."

  • glowing shield hovers above a digital cloud platform with abstract data streams and cloud icons in the background

    Google to Acquire Cloud Security Firm Wiz

    Google has announced it will acquire cloud security startup Wiz. If completed, the acquisition — an all-cash deal valued at $32 billion — would mark the largest in Google's history.

  • digital dashboard featuring a shield icon, graphs, a world map, and network nodes

    IBM Introduces Agentic AI Governance and Security Platform

    IBM has launched a new software stack for enterprise IT teams tasked with managing the complex governance and security challenges posed by autonomous AI systems.