One in 10 Reported Emails Verified as Malicious

Written by

New findings from Cofense have revealed that one in ten reported emails in 2018 were malicious, with more than 50% of those linked to fraudulent attempts to gather login and system information from users – known as credential phishing.

As detailed in its report The State of Phishing Defense 2018: Susceptibility, Resiliency, and Response to Phishing Attacks the firm analyzed more than 135 million phishing simulations, 800,000 reported emails and nearly 50,000 real phishing campaigns targeting organizations in 23 industries ranging from healthcare, financial services to manufacturing.

Key findings discovered that 21% of reported crimeware emails contained malicious attachments whilst the term ‘invoice’ was one of the most-used phishing subjects, appearing in six of the 10 most effective phishing campaigns this year.

However, on a more positive note, Cofense claimed the overall phishing resiliency of users had improved in the last few years with reporting rates up 14% from three years ago. Interestingly, organizations in the utilities and energy industries were noted as building the most resiliency to phishing over time, but Cofense warned that overall industries involved with critical infrastructure still have work to do.

“We founded Cofense on the principal that the human element, the users who are targeted, are a critical factor in defending against phishing threats,” said Aaron Higbee, co-founder and CTO of Cofense.

“We see phishing emails bypass technology controls every day and more and more end-users recognizing and reporting these threats that slipped past million-pound defenses. The results of our research detailed in the ‘State of Phishing Defense’ shows that resiliency is building across key industries thanks to those same people that were once deemed as the weakest-links in an organization. These trends are powerful and reinforce that humans are a key element to a successful security program.” 

What’s hot on Infosecurity Magazine?