Lian Bunny | January 17, 2018

Study: Number of phishing attacks sees little change from year ago

As seen in the Pittsburgh Business Times...

Phishing attacks remained steady or higher in 2017 compared to 2016, according to Wombat Security Technologies' fourth annual State of the Phish Report, released Wednesday.

Seventy-six percent of information security professionals said they experienced phishing attacks — defined as email communication from a cybercriminal that's attempting to extract information from the recipient that they otherwise might not want to share — in 2017, which is steady with the 2016 results.

Pittsburgh-based Wombat, which offers security awareness training software, conducts the survey to share overall information about security, awareness and training, said Amy Baker, vice president of marketing.

The information came from three main sources: an analysis of tens of millions of Wombat customers’ phishing attacks, insight from third-party surveys from more than 3,000 computer users and information from more than 10,000 information security professionals from quarterly surveys of Wombat’s database. The report was broken down into four sections and can be seen on Wombat’s website.

The average click rates on phishing emails decreased in the four areas included in the report: consumer, corporate, commercial and cloud. However, the frequency of consumer and corporate phishing emails soared over the other two categories.

“The consumer, I think this comes down to how much people are blending their personal email into their work accounts,” Baker said. “The U.S. tends to blend personal and work email a lot. … That lends itself to getting surprised.”

The study also found that telecommunications, retail, consumer goods, government and hospitality were the industries with the highest average click rates.

 Baker said telecommunications may seem surprising, but has been consistent year after year.

“I thought it was interesting because telecommunications professionals are certainly tech proficient enough,” she said. “It could be that a more technical audience may be too confident in their abilities to spot a phishing attack.”

Read the full article on Pittsburgh Business Times.