Report: Phishing Attacks on the Rise

Phishing attacks are up 13 percent and spear phishing attacks are up 22 percent from 2014, according to new research from Wombat Security Technologies. The "State of the Phish" report, based on data from millions of simulated phishing attacks as well as several hundred survey responses from security professionals, found that "phishing attacks continue to grow in volume and complexity, supported by more aggressive social engineering practices that make phishing more difficult to prevent."

Survey respondents reported that they have experienced malware infections (42 percent), compromised accounts (22 percent) and loss of data (4 percent) due to successful phishing attacks. The resulting loss of employee productivity and uncontained credential compromise can cost an average size organization $3.77 million per year, according to Wombat.

The Wombat research found that "the most popular phishing attack templates with the highest click rates included items employees expected to see in their work e-mail, such as an HR document or a shipping confirmation." While users were more cautious when receiving "consumer" e-mails such as gift card notifications or social network notifications, an "urgent e-mail password change request" had a 28 percent average click rate.

Other findings from the report include:

  • E-mails personalized with a first name (spear phishing) had click rates 19 percent higher than those with no personalization;
  • Click rates vary per industry, with telecommunications and professional services clicking phishing e-mails more than other industries;
  • Organizations use a variety of security technologies, including e-mail spam filters (99 percent), outbound proxy protection (56 percent), advanced malware analysis (50 percent) and URL wrapping (24 percent);
  • The plugins most likely to be out of date and susceptible to an attack are Adobe (61 percent), Adobe Flash (46 percent), Microsoft Silverlight (27 percent) and Java (25 percent); and
  • The most suspicious attachments include pdf (29 percent), doc (22 percent), html (13 percent) and xls (12 percent).

"Phishing continues to be a highly effective attack vector that is increasingly responsible for a significant percentage of data breaches in the market today," said Trevor Hawthorn, CTO of Wombat, in a press release. "In spite of continued investments in a number of popular security technologies, phishing messages continue to reach end users and can result in serious damages to a company's critical data and reputation."

The full report is available free from the Wombat site (registration required).

About the Author

Rhea Kelly is editor in chief for Campus Technology, THE Journal, and Spaces4Learning. She can be reached at [email protected].

Featured

  • abstract illustration of a glowing AI-themed bar graph on a dark digital background with circuit patterns

    Stanford 2025 AI Index Reveals Surge in Adoption, Investment, and Global Impact as Trust and Regulation Lag Behind

    Stanford University's Institute for Human-Centered Artificial Intelligence (HAI) has released its AI Index Report 2025, measuring AI's diverse impacts over the past year.

  • modern college building with circuit and brain motifs

    Anthropic Launches Claude for Education

    Anthropic has announced a version of its Claude AI assistant tailored for higher education institutions. Claude for Education "gives academic institutions secure, reliable AI access for their entire community," the company said, to enable colleges and universities to develop and implement AI-enabled approaches across teaching, learning, and administration.

  • lightbulb

    Call for Speakers Now Open for Tech Tactics in Education: Overcoming Roadblocks to Innovation

    The annual virtual conference from the producers of Campus Technology and THE Journal will return on September 25, 2025, with a focus on emerging trends in cybersecurity, data privacy, AI implementation, IT leadership, building resilience, and more.

  • From Fire TV to Signage Stick: University of Utah's Digital Signage Evolution

    Jake Sorensen, who oversees sponsorship and advertising and Student Media in Auxiliary Business Development at the University of Utah, has navigated the digital signage landscape for nearly 15 years. He was managing hundreds of devices on campus that were incompatible with digital signage requirements and needed a solution that was reliable and lowered labor costs. The Amazon Signage Stick, specifically engineered for digital signage applications, gave him the stability and design functionality the University of Utah needed, along with the assurance of long-term support.