Cyber Risk Management Solutions

Here are the latest phishing statistics from 2019. As we learned in the recent Capital One data breach, many cybersecurity attacks begin from within. 

phishing statistics

Hackers are getting smarter, cyberattacks are getting more and more prevalent in 2019.

Why? Because cybercrime is big business. In 2018 alone, cybercriminals received $1.5 Trillion in revenue. 

According to a new study, 70% of American workers don’t grasp web security and privacy. The majority – 70% – of US employees fail when it comes to security and privacy best practices. Employees represent the biggest threat to their company or organization’s cybersecurity, this is just further proof. The email phishing statistics below are proof of this fact.

While this is alarming, it’s important to understand that organizations are not spending enough on the technology or services to prevent cybersecurity issues from happening. While budgets are rising slowly, employees still need to be aware that they are the biggest threat to their organization.

What is Phishing? 

Phishing is a type of fraud act that typically comes through in an unsolicited email where the hacker receives information such as  your personal and sensitive details including username, password, bank details, card information and many more by the use of electronic communication.

Phishing emails typically contain a link that will lead to a download which contains malware. 

How does it work?

Once your email has been targeted, this may mean that passwords or other personal information have been discovered through the dark web or information listed online.

Hackers will recreate emails that you have potentially received from companies you are associated with. For example, your bank, shopping sites, insurance, job-related information, job search sites, etc.

These phishing emails have started looking so similar to emails from the actual company, many have been deceived. If you’ve received one and then replied on those mails, your personal details may have been compromised.

The basic working of phishing emails is that they will tell you to do one of two different things, in which they will ask your personal details such as username, password, sensitive information and many more. For which if you replied, then you just shared your details to a hacker, who can take advantage of your personal information in any way.

2019 Email Phishing Statistics

  • At 1 in 230 emails, Mining topped the list of industries receiving a malicious email in June. Wholesale Trade came in second place with 1 in 404 emails being malicious.
  • Finance, Insurance, & Real Estate topped the list when it came to industries receiving a phishing email, with 1 in 5,711 emails, down from 1 in 17,195 emails the previous month.
  • The Finance, Insurance, & Real Estate sector also saw the highest spam rate in June at 58.2 percent.
  • The phishing rate increased in June to 1 in 8,516 emails, up from 1 in 15,098 the previous month. (Source)
  • 1.16 billion email addresses and passwords exposed The number of “unique combinations of email addresses and passwords” that was discovered in 2019 in a massive breach called “Collection 1.” This load of information was discovered by an IT security researcher and is thought to be the largest breach in history to date, according to an article by Fortune.
  • Email responsible for spreading 92% of all malware CSO Online estimates that email is the primary method of malware delivery
  • U.S. target of 86% phishing attacks Phish Labs reports that 86% of phishing attacks targeted U.S. victims.
  • According to Proofpoint, the OneDrive phishing campaign is part of a growing trend of credential compromise attacks. 
  • Phishing that targeted Software-as-a-Service (SaaS) and webmail services became the biggest category of phishing. At 36 percent of all phishing attacks, it eclipsed phishing against the payment services category for the first time.
  • The total number of phishing sites detected by APWG in the first quarter of 2019 was up notably over the third and fourth quarters of 2018.
  • The number of phishing attacks hosted on Web sites that have HTTPS and SSL certificates reached a new high.
  • In Brazil, mobile phishing rose, and phishers also attacked SaaS providers. Cybercriminals also deployed malware that targeted multiple banks at a time.
  • Among the most targeted malware and credential phishing attacks, nearly 30 percent targeted generic email aliases. These email addresses are shared typically within an organization.
  • Among organizations targeted by email spoofing, more than 40% were the intended recipients of 50 or more fraudulent emails. That’s 4x the year-ago percentage.
  • 13 percent of email addresses identified as the most highly targeted recipients during the quarter ranked as such in the last report, reflecting attackers’ shifting focus. (Source)

Phishing Techniques

There are a different type of Phishing techniques, let us have a look at what they are-

1. Spear Phishing – In this technique, the hackers don’t send emails to unknowns for who they don’t have any info, but they do proper researches while sending fraud mails to them. It is an adequately targeted mail sharing technique.

2. Spam –  Under this technique, the same type of email is sent to millions of people out there, from which those who reply, their details get used by those fraud people for wrong purposes.

3. Web delivery– In this case, the deliveries are done with the help of a website or a web browser; under this technique, the hacker is in between the real site and phishing system.

4. Fraud Links- Under this technique, a fake link is sent to you with the help of a mail or direct message. If you clicked on this link, then you are confirming to share your personal details to the hacker directly.

5. Trojan– This is a type of malware with the help of which hackers gets direct access to your data easily if your device is affected by this malware.

How to Avoid Being One of These Phishing Statistics

There are some ways with the help of which you can stay away from such fraud attempts of a phishing email. 

  • New scams are being built daily, so if you update yourself daily about the latest and upcoming scams, then this would help you in getting rid of such fraud attempts.
  • If you feel that the link is not safe or before clicking any link think twice.
  • Don’t click the link in the email. If you are unsure, simply enter in the URL and go straight to the website from your browser.
  • Always have a look at your online accounts to find out that there isn’t any wrong or fraud attempts being done on them.
  • Keep your browsers and applications up to date. Many security patches are being installed, on the newer updates of web browsers, so check update regularly.
  • Two-Factor authentication is an excellent method to stay away from such fraud attempts. As in two-factor authentication, you will be authenticated, with the help of two different means.

How To Tell if it is a Phishing Email

Here are some tips: 

  • Too good to be true? It probably is. Check with your security department. 
  • Beware seasonal emails – taxes, holiday offers
  • Is the email address correct? Many spoofed sites have just a letter or two switched up. 
  • Why do they need your personal information? Most organization do not request personal information via email. 
  • Hover technique. Don’t click! Simply hover over the URL to see where it is sending you. Report to security if the url seems off to you. 
  • If you are unable to know that the mail you received is a fake or real one, then you should directly contact the place from where the mail you received. 

Cybriant Recommendations 

There are too many examples of organizations being taken down by cybercriminals because of an insider threat – either malicious or not. We work with organizations to avoid being phishing statistics. It is up to the organization, no matter the size, to protect their data. 

Start with a Security Assessment to determine whether your security strategy has a solid foundation.  You’ll receive a gap analysis that will give you the top recommendations on what to identify the minimum necessary adjustments your company must make in order to comply with any regulations. A risk assessment will also suggest changes that will also encourage a more secure environment.

Managed SIEM with 24/7 Security Monitoring – this managed service will address and resolve your  most complex cyber risk events.  Your organization may already have SIEM technology that aggregates data from all of your security controls into a single correlation engine,  but it may also create huge amounts of alerts including false positives.  Our security experts can tune your SIEM and provide insightful analysis for real-time threat detection and incident response.

Managed Endpoint Detection and Response PLUS remediation – this manged service uses artificial intelligence to stop advanced threats and malware at the most vulnerable point – the endpoint.

Vulnerability and Patch Management – continuous scans, detailed tracking, and responsive patching is a managed service that will allow you to mitigate the risk of cyber attacks. 

Make it easy with PREtect – We simplify the cybersecurity process by providing a solid foundation with our PREtect service. 

 

Simplify Cybersecurity with PREtect

pretect