One out of every 99 emails is a phishing attack; in a 5 day work week, this amounts to 4.8 phishing emails per employee. Business could even be receiving phishing attacks everyday and not even know it. 30% of phishing emails can make it default security, and the phishing emails that make it through can be very costly. From 2013 to 2016, cyberattacks, including ransomware, business email compromises, and phishing leaks, cost businesses over $5 billion worldwide. And phishing attacks have been steadily increasing rising, as from 2016 to 2017 phishing attacks increased by 65%. In 2018, 83% of people received phishing attacks, 64% of infosec professionals were targeted by spear phishing. Today, a phishing attack on a midsize business costs an average of $1.6 million which is caused by decreased productivity, loss of proprietary data, and damage to reputation and 1 in 3 consumers will stop using a business after a security breach. But 35% of professionals don’t know what “phishing” means.
Phishing works when attackers send emails or other communications, manipulating the receiver into opening a malicious file or clicking a link. The result of most phishing attacks is malware is automatically downloaded to their computer of device, or, a spoofed website collects login credentials resulting in compromised information. Over half of all phishing attacks contain malware and more than 2 out of every 3 phishing attempts used a malicious link. The result is fake invoices were paid, and false transfers were made.
Phishing attacks come in many shapes and sizes. Credential harvesting is a type of phishing that emails impersonates trusted brands and often link to spoofed login pages. Extortion targets victims by asking for money in exchange for keeping secrets. Malware is hidden in an innocuous link that triggers a file to download automatically. Spear phishing targets high level employees, influencing them to complete a manual task. The cost of these phishing attacks can range from $400 per account, up to 5,000 per user, up to $2.4 million, and can even reach $7.2 million per user.
Hackers prey on trust to get into people’s systems. Phishing emails make poor imitations of trusted brands such as Microsoft, Amazon, FedEx, and UPS. Many legitimate emails may contain potential signs of phishing making detecting phishing emails even harder to separate from dangerous ones.
Find out how you can recognize and stop phishing attacks here.