Phishing attacks have increased 13 percent and spear phishing attacks are up 22 percent from 2014, according to new research from Wombat Security Technologies. The "State of the Phish" report, based on data from millions of simulated phishing attacks as well as several hundred survey responses from security professionals, found that "phishing attacks continue to grow in volume and complexity, supported by more aggressive social engineering practices that make phishing more difficult to prevent."
Survey respondents reported that they have experienced malware infections (42 percent), compromised accounts (22 percent) and loss of data (4 percent) due to successful phishing attacks. The resulting loss of employee productivity and uncontained credential compromise can cost an average size organization $3.77 million per year, according to Wombat.
The Wombat research found that "the most popular phishing attack templates with the highest click rates included items employees expected to see in their work e-mail, such as an HR document or a shipping confirmation." While users were more cautious when receiving "consumer" e-mails such as gift card notifications or social network notifications, an "urgent e-mail password change request" had a 28 percent average click rate.
Other findings from the report include:
"Phishing continues to be a highly effective attack vector that is increasingly responsible for a significant percentage of data breaches in the market today," said Trevor Hawthorn, CTO of Wombat, in a press release. "In spite of continued investments in a number of popular security technologies, phishing messages continue to reach end users and can result in serious damages to a company's critical data and reputation."
The full report can be downloaded free from the Wombat site (registration required).