The Evolution of Phishing – And the Cost of Phishing
Evolution is a wonderful thing. However we need to realize that it doesn’t recognize good and bad. Cybercrime has been evolving very well over the past decade and unfortunately online scams and fraud have thrived. The one thing that seems to have emerged is that Phishing as an attack vector is very dependable. Any crime based on social engineering has a high success rate and Phishing is perfect from a criminals point of view as it manages to socially engineer the victim without needing any face to face interaction. The only way to really prepare people for this is through training.
Don’t fall into the trap of trying to solve a human problem with technology alone. You can throw money at that all day and it isn’t going to change.
We realized over the years that most people find the urge to click on links in their email irresistible so we’ve set out to try and change these habits.
In our Phishing tests we have consistently found that 30% of people would click on a link in a Phishing email. If you compare that to the average newsletter campaign which would have a click through rate of 3% you can see that Phishing campaigns are 10 times more likely to get clicked on than a Newsletter.
How much risk are you at from Phishing campaigns and the fact that your staff will definitely click on them?
According to an RSA report Phishing losses were $5.9 billion in 2013. The U.S. suffered 60% of the global volume of attacks with the United Kingdom coming in second. Losses in the U.K. in 2013 amounted to $467 million from Phishing.
The two things that are being targeted are financial information and ransomware. The effects of ransomware are underestimated as it has been particularly devastating in the SME market where the effects are more weighted.
What you need to do.
It takes a human to identify that “something doesn’t seem quite right about this” to avoid an attack and report it. Of course employees can only do this if they have the right knowledge to spot an attack in progress and practice safe behaviors to avoid opening themselves or their employer to attacks.
Send a test Phish to your employees to establish the company susceptibility to Phishing. Remember, every link clicked is a potential ransomware download or a data breach. Once you’ve established the risk you can take your information to management and propose an ongoing Phishing Awareness Training program.