Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

12/13/2016
09:20 AM
Connect Directly
Twitter
RSS
E-Mail
100%
0%

91% Of Cyberattacks Start With A Phishing Email

Phishing remains the number one attack vector, according to a new study that analyzes why users fall for these lures.

The majority of cyberattacks begin with a user clicking on a phishing email. Ever wondor why users continue to fall for phishing emails?

According to a new report from PhishMe that found that 91% of cyberattacks start with a phish, the top reasons people are duped by phishing emails are curiosity (13.7%), fear (13.4%), and urgency (13.2%), followed by reward/recognition, social, entertainment, and opportunity.

"Fear and urgency are a normal part of every day work for many users," says Aaron Higbee, co-founder and CTO of PhishMe. "Most employees are conscientious about losing their jobs due to poor performance and are often driven by deadlines, which leads them to be more susceptible to phishing."

Higbee says PhishMe based the study on more than 40 million simulation emails by about 1,000 of its customers around the world. The study took place over an 18-month span from January 2015 through July 2016.

Among the study’s top findings:

  • Susceptibility to phishing email drops almost 20% after a company runs just one failed simulation. So people do learn.
  • Reporting rates significantly outweigh susceptibility rates when simple reporting is deployed to more than 80% of a company’s population, even in the first year.
  • Active reporting of phishing email threats can reduce the standard time for detection of a breach to 1.2 hours on average – a significant improvement over the current industry average of 146 days. This was an important aspect of this report, notes Higbee, who says the study also includes results from more than 300,000 users in organizations that actively use the PhishMe Reporter tool for more than one year.
  • The study also found that users respond to Locky ransomware's phishing lures (21.5%) more than any other malware variant. The others that followed Locky included order confirmation (17%), job application received (15.5%), and blank email (11.9%).

Higbee adds that Locky's phishing campaign has been effective for the following reasons: It is presented in a business context; it’s personalized to the recipient; there are no noticeable errors in grammar or spelling; and finally, it mimics many organizations’ existing invoice processes.

When PhishMe analyzed the Locky data in vertical industries it found that the response rates in the insurance industry were more than one in three (34.7%), while other high response rates occurred in the retail industry at 31.7%; energy, 27.8%; and healthcare at 24.9%.

"We don’t really know why insurance was the leading vertical," Higbee says. "It could be that there’s not enough training or insurance workers tend to interact with many external people so the chance for them to receive a phishing email increases."

Here’s a look at the average response rate by industry when PhishMe analyzed the "file from scanner" benchmark simulation:

 

Transportation      49%

Healthcare             31%

Insurance               30%

Pharma/Biotech     30%

Energy                    24%

Retail                       16%

Consulting               14%

Utilities                    14%

Technology              10%

Non-Profits                 5%

 

Related Content: 

Steve Zurier has more than 30 years of journalism and publishing experience and has covered networking, security, and IT as a writer and editor since 1992. Steve is based in Columbia, Md. View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
ludovic_rembert
100%
0%
ludovic_rembert,
User Rank: Apprentice
4/21/2019 | 9:18:23 AM
Lack of secure email is the problem
The study is alarming... and when you consider that many folks around the world still aren't fully "plugged in" to email (yet), the rate of phisphing will only increase. A similar study from the FTC found that phisphing increased by 2,370% between 2015 and 2016. At that rate, it's easy to throw our collective hands up and think, why bother pursuing this? The truth is, that all of us writing this and reading this article most likely have at least a rudimentary grasp on spotting scams and email best practices. Unfortunately, it's usually the poor and downtrodden who tend to fall victim to phisphing scams, "hoping" for some better way out of a bad situation. The issue is that hundreds of millions of users forego secure/encrypted email platforms, such as Tutanota or any of these others. Instead, they gravitate towards a few ESPs like Outlook/Live (which was recently breached), Gmail (which has privacy concerns), and Yahoo!/Hotmail (do people still use these?). 
Ritu_G
100%
0%
Ritu_G,
User Rank: Moderator
8/19/2018 | 10:53:16 PM
Re: Great!
This is the exact reason why internet users need to be on their guards at all times. Do not be so naïve and believe everything they see or read on the internet. Prevention is always better than cure and once you have gotten hit, most often than not, there is no turning back. Whatever you read on the internet that is too good to be true, it usually is. Hence, do not fall for anything that may look a little less convincing.
goldhand
50%
50%
goldhand,
User Rank: Apprentice
2/19/2018 | 6:12:16 AM
Great!
I really like the dear information you offer in your articles. I'm able to bookmark your site and show the kids check out up here generally. Im fairly positive theyre likely to be informed a great deal of new stuff here than anyone.

slope
davburnett
0%
100%
davburnett,
User Rank: Apprentice
9/25/2017 | 6:08:27 AM
Re: Hmm Phishy
What's most concerning is the number of CISO's and IT people in a position of responsibility that believe training/human awareness is the answer to protecting against phishing attacks.
Row3n
50%
50%
Row3n,
User Rank: Strategist
12/14/2016 | 10:16:38 PM
Re: Hmm Phishy
You would think that by now that people would have the sense to see these "congratulations you've won a million dollars" emails and know better! I mean, of course hackers are getting more and more sophisticated, but a great number of these crazy spam emails are obvious as heck that that's precisely what they are!
hxrrison
100%
0%
hxrrison,
User Rank: Apprentice
12/13/2016 | 11:24:31 AM
Hmm Phishy
Phishing threat is reduced when phishing drills are run. Funny that a company that does that exact thing would come up with that solution.
Attackers Leave Stolen Credentials Searchable on Google
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2021
How to Better Secure Your Microsoft 365 Environment
Kelly Sheridan, Staff Editor, Dark Reading,  1/25/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: We need more votes, check the obituaries.
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-4889
PUBLISHED: 2021-01-26
IBM Spectrum Scale 5.0.0 through 5.0.5.4 and 5.1.0 could allow a local user to poison log files which could impact support and development efforts. IBM X-Force ID: 190971.
CVE-2020-4949
PUBLISHED: 2021-01-26
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 192025.
CVE-2021-21275
PUBLISHED: 2021-01-25
The MediaWiki "Report" extension has a Cross-Site Request Forgery (CSRF) vulnerability. Before fixed version, there was no protection against CSRF checks on Special:Report, so requests to report a revision could be forged. The problem has been fixed in commit f828dc6 by making use of Medi...
CVE-2021-21272
PUBLISHED: 2021-01-25
ORAS is open source software which enables a way to push OCI Artifacts to OCI Conformant registries. ORAS is both a CLI for initial testing and a Go Module. In ORAS from version 0.4.0 and before version 0.9.0, there is a "zip-slip" vulnerability. The directory support feature allows the ...
CVE-2021-23901
PUBLISHED: 2021-01-25
An XML external entity (XXE) injection vulnerability was discovered in the Nutch DmozParser and is known to affect Nutch versions < 1.18. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application's processing of XML ...