Wombat Security Technologies recently released their 2016 State of Phishing report, which details all the current phishing schemes out there. The research found out that while the phishing attacks are growing, they are also becoming more complex.
To many enterprise professionals, especially those who happen to work in IT, phishing is still going to be a common threat. Although 85% of those who were surveyed stated that they had been a victim of a phishing attack in 2015, which is 13% more than last year, 60% believed that the phishing attack rate had increased.
It was because of these attacks that 42% of those people who were surveyed stated that they had suffered malware infections, while 22% had compromised accounts, and 4% lost important data.
The most popular phishing campaigns were the ones that many employees had found in their work inbox. In fact, most of them were urgent password change requests which had a click rate of 28%. Although, employees showed a lot more caution with social network notifications and consumer emails for gift cards.
Who suffered the most from phishing?
Wombat stated that the targeted attacks also known as spear phishing grew last year as well. 67% reported being a victim of spear phishing in 2015, which is 22% more than 2014. When compared to emails with no personalization, emails with employees’ first names had a 19% click rate, and those who had the last name had a 17% click rate.
So, which industries were the ones that suffered the most? Believe it or not, telecommunications was the number one with a 24% click rate, and professional services such as consulting, law, as well as accounting, came in second with 23% click rate. Government was in the third place with a 17% click rate.
Plugins used by employees also were the cause for the increased attacks as many of them are outdated. According to the Wombat report, the most outdated plugins were Adobe PDF, Adobe Flash, Microsoft Silverlight, and Java.
How to protect yourself from phishing
In order to protect against attacks, most of the respondents stated that they used email spam filters, while 56% had outbound proxy protection, 50% were using advanced malware analysis, and 24% utilized URL wrapping.
Those that are familiar with the report will notice that it was originally put together by ThreatSim, who Wombat acquired last year. This year’s report was made by both companies, who looked at millions of phishing attacks that were sent to them during the year.
There was also an additional report that was published by Wombat in 2015 that put the total cost of phishing at roughly $3.8 million for a company of 10,000 people.