How many employees must fall for a phish to compromise your organization

Phishing scams are one of the most common methods of attack you’re likely to come across. They are a hugely profitable attack method for cybercriminals, as thousands fall victim to them every year. Fortunately, due to their commonplace nature, phishing scams are avoidable if you know how to correctly identify and prevent them.

Here are 10 simple tips for identifying and preventing phishing scams.

1. Know what a phishing scam looks like

New phishing attack methods are being developed all the time, but they share commonalities that can be identified if you know what to look for. There are many sites online that will keep you informed of the latest phishing attacks and their key identifiers. The earlier you find out about the latest attack methods and share them with your users through regular security awareness training, the more likely you are to avoid a potential attack.

It’s generally not advisable to click on a link in an email or instant message, even if you know the sender. The bare minimum you should be doing is hovering over the link to see if the destination is the correct one. Some phishing attacks are fairly sophisticated, and the destination URL can look like a carbon copy of the genuine site, set up to record keystrokes or steal login/credit card information. If it’s possible for you to go straight to the site through your search engine, rather than click on the link, then you should do so.

3. Get free anti-phishing add-ons

Most browsers nowadays will enable you to download add-ons that spot the signs of a malicious website or alert you about known phishing sites. They are usually completely free so there’s no reason not to have this installed on every device in your organization.

4. Don’t give your information to an unsecured site

If the URL of the website doesn’t start with “https”, or you cannot see a closed padlock icon next to the URL, do not enter any sensitive information or download files from that site. Sites without security certificates may not be intended for phishing scams, but it’s better to be safe than sorry.

5. Rotate passwords regularly

If you’ve got online accounts, you should get into the habit of regularly rotating your passwords so that you prevent an attacker from gaining unlimited access. Your accounts may have been compromised without you knowing, so adding that extra layer of protection through password rotation can prevent ongoing attacks and lock out potential attackers.

6. Don’t ignore those updates

Receiving numerous update messages can be frustrating, and it can be tempting to put them off or ignore them altogether. Don’t do this. Security patches and updates are released for a reason, most commonly to keep up to date with modern cyber-attack methods by patching holes in security. If you don’t update your browser, you could be at risk of phishing attacks through known vulnerabilities that could have been easily avoided.

7. Install firewalls

Firewalls are an effective way to prevent external attacks, acting as a shield between your computer and an attacker. Both desktop firewalls and network firewalls, when used together, can bolster your security and reduce the chances of a hacker infiltrating your environment.

8. Don’t be tempted by those pop-ups

Pop-ups aren’t just irritating; they are often linked to malware as part of attempted phishing attacks. Most browsers now allow you to download and install free ad-blocker software that will automatically block most of the malicious pop-ups. If one does manage to evade the ad-blocker though, don’t be tempted to click! Occasionally pop-ups will try and deceive you with where the “Close” button is, so always try and look for an “x” in one of the corners.

9. Don’t give out important information unless you must

As a general rule of thumb, unless you 100% trust the site you are on, you should not willingly give out your card information. Make sure, if you have to provide your information, that you verify the website is genuine, that the company is real and that the site itself is secure.

10. Have a Data Security Platform to spot signs of an attack

If you are unfortunate enough to be the victim of a successful phishing attack, then it’s important you are able to detect and react in a timely manner. Having a data security platform in place helps take some of the pressure off the IT/Security team by automatically alerting on anomalous user behavior and unwanted changes to files. If an attacker has access to your sensitive information, data security platforms can help to identify the affected account so that you can take action to prevent further damage.

The Lepide Data Security Platform gives you the visibility you need to determine when your own users become security threats. If a user clicks on a phishing link, and their account starts exhibiting unusual behavior, Lepide can detect and respond in real-time with automated threat response templates.

If you would like to see how Lepide Data Security Platform can help you identify and prevent data breaches from phishing attacks, schedule a demo with one of our engineers today.

We help enterprises to determine where their areas of weakness are and to help them reduce data breaches risks with our FREE Data Risk Assessment service.

Phishing has become one of the most pernicious dangers in cybersecurity today. Even though awareness of the problem has been rising based on data from numerous sources including the Verizon Data Breach Report, there is a risk that people are getting jaded with the daily news bombarding them about the latest phishing attacks. In this blog, we’ve tried to pull together a number of key phishing attack statistics in an easily digestible and shareable format, that helps crystalize the size and scope of the phishing problem.

Top 10 Phishing Attack Statistics

83% of organizations said they experienced phishing attacks last year.

Even worse? These phishing statistics are up from 76% in 2017, and experts predict another six billion attacks to occur throughout 2022. The impact of these phishing attacks will be realized by the compromised accounts, malware infections, and loss of data left in their wake.

For more, read 6 Anti-Phishing Resources to Help You Stay “In the Know”.

Phishing was the third most common type of scam reported to the FBI regardless of company size, industry, or location.

This shouldn’t come as a surprise. Phishing facts show that compared to other means of cyberattack, they are relatively easy; phishers don’t need to try to infiltrate a system or find infrastructure vulnerabilities. Instead, they simply target an organization’s weakest link—its employees. All they need to do is dupe just one person—sometimes out of hundreds or even thousands of employees—into opening an email or clicking a link or attachment.

For more, read 3 Reasons You Need to Invest in Anti-Phishing Services.

97% of people cannot identify a phishing scam.

We like to think a robust training program is enough to help employees spot a scam, but phishing attack statistics prove that humans are fallible. While no one is likely to fall for the “Nigerian Prince” scams of yesterday, phishers have become more sophisticated in their techniques so that even the savviest of internet users can become victims.

For more, read Why You Need More Than Just a Human Firewall.

An analysis of more than 55 million emails reveals that one in every 99 emails is a phishing attack.

Even scarier, studies show that 25% of these emails sneak into Office 365, one of the most widely used office suite packages in the world, with over 60 million commercial users. And, the more users a platform has, the higher the chance of phishing attack success.

For more, read Is Office 365 Secure From Email Phishing Attacks?

Approximately 15 billion spam emails are sent daily; 45% of all email is spam (and some researchers believe that number to be closer to 75%.

You may think, “What’s the harm in spam, besides temporary annoyance?” Well, the massive amount of non-malicious junk email has spam filters working overtime, which makes it easier for malicious phishing attacks to slip through.

For more, read Spam Filters Aren’t Enough to Keep Out Phishing Scams.

30% of phishing messages are opened.

Making matters worse, this phishing attack statistic is up from 23% in previous years. What does this mean? While phishing awareness among the public may be growing, phishers are getting more sophisticated in their efforts to trick them, even moving outside email phishing and using communication channels such as Slack to catch people off-guard.

For more, read Slack: Phishing Attacks Go Beyond Just Emails.

More than 71% of targeted attacks involve the use of spear phishing.

Whereas normal phishing attacks aim to hook anyone willing to bite, spear phishing targets a particular individual or organization. This is accomplished through personalized emails, often impersonating someone the recipient knows and using information specific to the target to lead them to believe that the request for sensitive data or wire transfers is legitimate.

For more, read 5 Types of Phishing You Should Know About & How to Stay Protected.

Employees may know not to open attachments or click links, but some behavior is hard-wired, such as obeying the orders of a superior. Knowing this, hackers use social engineering—for example, posing as a member of the executive team—when requesting information or funds. Not wanting to upset the boss, many employees oblige, resulting in a breach.

For more, read Enforcing Good Phishing Protection Habits NOT Training

66% of malware is installed via malicious email attachments.

We tend to think malware strikes when a hacker finds a vulnerability in our infrastructure, but the truth is, the majority of malware enters the system through phishing attacks. This can even include ransomware, which costs businesses more than $8 billion in 2018 alone.

For more, read Global Ransomware Damage Costs.

In 2018 there were 366 healthcare data breaches.

While that phishing attack statistic may not sound too high, we’re talking about the exposure of over 13 million records! Phishers often target the healthcare industry because companies in this industry have large amounts of valuable data, a highly connected infrastructure, and there’s little to no IT investment or training (generally less than 3% of their profits).

For more, read Healthcare Phishing Scams: How to Keep Patient Information Secure.

Protecting Yourself from Phishing Attacks

The internet has made our lives easier, but it’s also made it easier for us to be scammed as these phishing attack statistics demonstrate. To protect yourself and your organization, consider phishing prevention software. Clearedin, a leading phishing prevention solution, assesses your emails to determine whether they are a phishing attack. The ClearedIn platform takes it a step further and analyzes your company’s communications over multiple email platforms as well as communications channels such as Slack, using artificial intelligence to develop a model of your organization’s communications network.

When threats are detected, they are flagged and disarmed immediately. Users are notified why the messages are labeled as potential phishing attacks in order to make informed decisions about whether to unlock them.

To learn more about how you can protect your business from becoming part of the latest phishing attack statistics, contact our team of experts today.