Social engineering assaults are among the most common and deadly kinds of cybercrime that businesses worldwide are now experiencing – but don’t just believe us.
We’ve compiled the most current phishing statistics from all over the world to demonstrate the scope and gravity of this menace. These numbers are based on third-party surveys and studies, and we will update them as new research becomes available to keep you up to date.
The Rate Of Phishing Attacks
As per Proofpoint data, 75 percent of firms worldwide suffered a phishing attempt in 2020, with 74 percent of assaults targeting US enterprises being successful. Despite the fact that 95 percent of businesses claim to provide phishing awareness training to their staff, phishing stays the most probable threat type to trigger a security breach. In fact, phishing is involved in 22% of security breaches, as per Verizon’s 2020 DBIR.
Further data done by the FBI’s Internet Crime Complaint Center (IC3), which acquired a record amount of reports from American people in 2020, backs up this statistic. According to the IC3 study, phishing, which includes vishing, SMiShing, and pharming, was the most frequent threat in the United States in 2020, with 241,342 victims. Following that were non-delivery/non-payment (108,869 victims), extortion (76,741 victims), private data breach (45,330 victims), and impersonation (43,330 victims).
The overall volume of business email compromise (BEC) attacks reported in the previous year increased by 15% between Q2 and Q3, and we’re increasingly witnessing malicious data breaches triggered by compromised accounts rather than virus installation. As per IBM, roughly one in every five organizations that had a malicious data breach in 2020 was compromised as a result of stolen or lost passwords. Furthermore, statistics from Google Safe Browsing reveals that now there are roughly 75 times as many phishing sites on the web as there are malware sites.
Methods of Phishing Delivery
According to recent data, 96 percent of social engineering assaults are transmitted by email, whereas only 3 percent are provided via a website, and the remaining 1% are delivered via cellphone or SMS conversations and malicious documents, respectively.
Per an APWG research, the most common kind of phishing is directed at webmail and Software-as-a-Service (SaaS) customers; these types of attacks account for 34.7 percent of all phishing efforts. The same survey revealed that the frequency of BEC assaults transmitted via free webmail providers increased from 61 percent to a startling 72 percent, with Gmail accounting for more than 50 percent of these attacks.
How People Are Baited
As per the findings of Terranova Security’s 2020 Gone Phishing Tournament, over 20% of all personnel are likely to open phishing email links, and 67.5 percent of them go on such a phishing website. That means 13.4 percent of workers are likely to enter their credentials on a phishing webpage. But what is it that is causing so many visitors to click on fraudulent links?
As per KnowBe4 data, the following were the most popular subject lines for phishing emails in the fourth quarter of 2020:
- Changes to your medical advantages
- Twitter: Security alert: odd or fresh Twitter login
- Amazon: Take Action | Your Amazon Prime membership has been canceled.
- Zoom: Error with the Meeting Schedule
- Google Pay is a payment service provided by Google. Payment has been made.
- Request for Stimulus Termination Approved
- Microsoft 365 (Microsoft Office 365): Needed action: change the address associated with your Xbox Game Pass for Console subscription
- RingCentral is on its way!
- Workday: Reminder: A critical security upgrade is required.
We can plainly tell from these topic lines that criminal operators have been profiting on three aspects:
- The pandemic’s anxiety by focusing on consumers’ health worries.
- The reality is that most businesses all over the world had to swiftly transition to a remote style of working, implementing our new, unknown cloud technology throughout their workforces.
- Because many businesses were adopting nationwide lockdowns, individuals were increasingly resorting to digital entertainment as well as virtual communication platforms to remain in touch with coworkers and dear ones.
In terms of staying in contact, the same study found that LinkedIn phishing messages account for 47 percent of all media platform phishing efforts, making fake LinkedIn messages perhaps the most prevalent social media phishing issue. These emails frequently contain password reset notifications or “information” about prospective new connection chances which may entice individuals who lost their employment as a result of the epidemic.
Internal Threats
We frequently picture the evil actor to be a hooded person hidden in darkness, maybe donning a Guy Fawkes mask for additional suspicion. But, this is not always the case.
As per the BDO study, about 50% of the frauds recorded by respondents were perpetrated by third parties, but a worrying 34 percent of business owners stated that fraudulent actions “involved collusion” amongst their workers and criminal operators. Even more alarming, 21% claimed that their own workers were responsible for the scam.
Attachments
According to a current Threat Report from ESET, the most prevalent forms of malicious files attached to phishing scam emails in the third quarter of 2020 were as follows:
- Windows executables (74%).
- Script files (11%).
- Office documents (5%).
- Compressed archives (4%).
- PDF documents (2%).
- Java files (2%).
- Batch files (2%).
- Shortcuts (2%).
- Android executables (>1%).
Impersonating Brands
As per Check Point, Microsoft is by far the most impersonated company in the world when it comes to brand phishing attempts, with 43, which is the majority. With the surge in companies relying on Microsoft’s range of cloud apps since the outbreak began, it’s clear to see why hackers are capitalizing on their brand. Microsoft is trailed by DHL (18%), Amazon (5%), and LinkedIn (6%).
According to new INKY research, Microsoft is the most impersonated company, contributing to almost 70% of brand impersonation phishing attempts in 2020, trailed by Zoom, Chase Bank, Amazon, and RingCentral.
