According to a new report from security awareness specialist Wombat Security phishing attacks are on the rise and are supported by increasingly aggressive social engineering practices that make them more difficult to prevent.
Organizations surveyed indicated they have suffered malware infections (42 percent), compromised accounts (22 percent), and loss of data (4 percent) as a direct result of successful phishing attacks.
"Phishing continues to be a highly effective attack vector that is increasingly responsible for a significant percentage of data breaches in the market today," says Trevor Hawthorn, CTO of Wombat. "In spite of continued investments in a number of popular security technologies, phishing messages continue to reach end users and can result in serious damages to a company’s critical data and reputation. Our methods have shown that a Continuous Training Methodology which educates end users on cybersecurity threats changes employee behavior and reduces risk within an organization".
The survey reveals that the most popular phishing attack templates with the highest click rates include items employees expected to see in their work email such as an HR document, or a shipping confirmation. For example, the survey found that employees were more cautious when receiving 'consumer' emails on topics like gift card notifications, or social networking accounts. However, an 'urgent email password change request' had a 28 percent average click rate.
Other findings show that spear phishers often go to great lengths to gather information on key people within an organization. Emails personalized with a first name had click rates 19 percent higher than those with no personalization. Click rates also vary between industries. Telecommunications and professional services workers click phishing emails more than those in other industries.
To find out more you can download the full 2016 State of the Phish report from the Wombat Security site.