Phishing trends 2019Published on 31 May 2019
Phishing is here to stay (sadly) and will remain a threat to both organizations and individuals who interact in a cyber world. Reports show that phishing is a growing social engineering threat that is severely impacting various industries and brands, including tech companies and cloud providers. But new technologies, such as AI and ML could play a valuable role in the detection and prevention of future attacks.
This week, our article selection provides some good insight into phishing – the trends, techniques and prevention. And read what our digital security expert, Linda Misauer, has to say about this ongoing cyber threat.
A very comprehensive report, recently released by Phishlabs that delves into the formidable world of phishing. The report is based on information collected from “millions of social engineering attacks spanning email, web, social media, SMS, and mobile channels.” It’s worth noting the recent trends and techniques used by cyber attackers, uncovered in this report. Link to the report included (registration required), as well as links to a webinar and previous report.
Some key findings:
- Phishing attack volume grew 40.9% in 2018
- 83.9% of attacks targeted credentials for financial, email, cloud, payment, and SaaS services
- 98% of attacks that made it past enterprise email security controls and into user inboxes contained no malware
- Publisher: Phishlabs
- Access: Report – registration required
- Download: Phishing Trends & Intelligence Report: The Growing Social Engineering Threat
“No matter how much cybersecurity improves over the years, there will always be a highly vulnerable element: Humans” – a thought provoking statement to kick-start this article on phishing trends. Some interesting stats cited here from Kaspersky Lab’s, Spam and Phishing report, 2018 – “18% of attacks targeting banking customers and 10% targeting payment systems.” Interesting to note however that global internet portals, accounted for 32.3% percent of attacks. Read which countries experienced the highest phishing attacks in Q2 of 2018 and what potential attack vectors to watch out for, other than email.
Infected websites remain a popular source of phishing attacks and event specific campaigns are also targets – even GDPR has opened the doors to phishers! And finally, some advice on how to avoid these malicious attacks.
- Publisher: Technative
- Access: Public
- Download: None
“1 in every 100 emails received by an enterprise is a phishing attack” – this article stresses that phishing is still the most dangerous security threat, especially the more targeted approaches, namely spear phishing and whaling. As a result, organizations have begun focusing on security awareness that includes employee education. But humans make mistakes and this is inevitable, so cybersecurity experts are now looking into machine learning to help tighten up security.
“It was found that the United States ranked number 1 for both hosted phishing sites at 65% of the total, as well as country of origin (36%)” Read which industries and brands were identified as being phishing targets, other delivery methods and what to look out for – some great examples of previous phishing attacks. Also learn about how Artificial Intelligence and ML models are set to revolutionize phishing detection.
- Publisher: Zvelo
- Access: Public
- Download: None
Input from our security expert
“Phishing remains so prevalent due to its continuing evolution. Cyber criminals are constantly improving their methods, making it difficult for ordinary people to keep up.
The cyber criminals behind these attacks move increasingly quickly too. If a bank changes its logo and branding, you can guarantee that within days, there will be spoof emails with the updated branding in people’s inboxes. A phishing attempt will look and feel like any other email from that bank. If anyone fell victim to it, you wouldn’t blame them
And that’s part of the reason why phishing remains such a threat. As much work as cyber security companies, email service providers, and corporate security teams put into combating cyber attacks, people remain the weak point.”