Gretel Egan | May 25, 2016

Alert: Phishing Attacks Set Records in Q1. How Strong Are Your Defenses?

WombatCyberSecurityAlert_2016.jpgOn May 24, the Anti-Phishing Working Group (APWG) announced that the number of observed phishing attacks in Q1 2016 was higher than any total its seen since it began tracking and reporting these statistics in 2004.

In its newest Phishing Activity Trends Report, the APWG noted a 250% increase in phishing sites between October 2015 and March 2016 — and the 2016 uptick indicates an alarming trend. “We always see a surge in phishing during the holiday season, but the number of phishing sites kept going up from December into the spring of 2016,” said Greg Aaron, APWG Senior Research Fellow and Vice President of iThreat Cyber Group. “The sustained increase into 2016 shows phishers launching more sites, and is cause for concern.”

Here’s a snapshot of some of the key statistics from the report:

  • A record-breaking 289,371 unique phishing websites were observed in Q1 2016.
  • 123,555 of the unique sites — more than 40% of the total — were detected in March 2016.
  • At 42.71% of attacks, the Retail/Service industry sector continued to be the most targeted. The Financial (18.67%) and Payment Service (14.74%) ranked second and third.
  • More than 75% of the phishing websites observed were hosted in the U.S.
  • 20 million new malware samples were captured during the quarter.
  • China had the highest malware infection rate, with 57.24% of computers infected.

color_bar.png

Read Our Case Studiescolor_bar.png

How Are You Responding to the Threat?

Spam filters, blacklists, firewalls, and other technical safeguards do not stop all phishing emails from getting to your end users. That can’t be disputed. To give yourself the best shot at reducing successful attacks from the wild and the malware and ransomware infections that come with them, you must educate your end users to recognize, avoid, and report phishing messages.

As we’ve noted recently, awareness and training are two different things. Simply making your users aware that phishing threats exist is not the same as arming them with the knowledge they need to defend against social engineering attacks. Our Anti-Phishing Training Suite — which pairs our ThreatSim® simulated phishing assessments, interactive training modules, PhishAlarm® one-click email reporting, and measurement and analysis tools — is an ideal foundation for your security awareness and training efforts.

What makes our approach a more effective anti-phishing education solution than others out there? Here are a few ways we stand apart:

Our Results Speak for Themselves

Our customer Case Studies and Result Snapshots (available in our Resource Center) show that our products and methodology cross all vertical markets and industries. Wombat customers have realized significant improvements using our security awareness and training solutions, including up to a 90% reduction in successful external phishing attacks and malware infections, fewer helpdesk calls, improved security behavior metrics, and more.

Subscribe to Our Blog

2018 State of the Phish Report  Protect your organization from phishing attacks. Download Now
2018 Beyond the Phish Report  Protect your organization from threats including and beyond phishing. Download Now