Wombat surveyed its database of IT security professionals and found that 85% of organizations were victims of phishing scams in 2015, a 13% increase over 2014. And 60% of respondents reported that the number of phishing attacks is up overall.
"The threat of phishing attacks is real. News headlines and numerous studies have proven that phishing attacks are on the rise, and our survey of security professionals showed the same," the report reads. "Not only are more organizations reporting being the victim of phishing attacks, but the number they are experiencing has gone up. Attackers are becoming more sophisticated and varied in their approach, using multiple threat vectors."
The most effective phishing scams
In addition to the survey results provided in Wombat's new "State of the Phish™" report, the company also analyzed the results of millions of simulated phishing attacks sent through its platform to customers between October 1, 2014, through September 30, 2015. The simulated phishing attacks are one of the tools the company uses to help train businesses on how to steer clear of phishing scams. The analysis shed light on the most effective types of phishing scams.
Wombat found that phishing emails disguised as legitimate work emails are some of the most effective when it comes to hooking victims. In one example, a simulated phishing email disguised as an “Urgent Email Password Change” request had a 28% click rate.
"Users were most likely to click on attachments and messages they expected to see in their work inboxes, like an HR document or a shipping confirmation," Wombat writes. "They were more cautious with messages we consider to be 'consumer oriented,' such as gift card offers and social networking notifications."
"Remember, phishing attacks are often preceded by social engineering phone calls, or impostors gaining access to information or areas they should not," the report reads. "You should teach your end users to not only watch out for phishing emails, but other [social engineering] threat vectors as well."