Phishing, a method of a cyber-attack in which hackers try to acquire sensitive data via a malicious email attachment, is growing in size and complexity, and the advanced spear phishing techniques are becoming even more difficult to spot.
Those are the results of a new report, State of the Phish, by security firm Wombat Security Technologies.
The security firm surveyed 'several hundreds' of IT professionals, and says that 42 per cent have suffered malware infections, 22 per cent compromised accounts and 4 per cent loss of data.
All of these were the result of a successful phishing attack.
Employees will usually open an email attachment they were already expecting, such as an HR document or a shipping confirmation, the security firm says, adding employees were more cautious when receiving a 'consumer' email.
However, 28 per cent of employees clicked a ‘urgent email change request’ email.
Spear phishing attacks, the spear phishing’s more elaborate big brother, are becoming harder to spot, and its click-through rate sits at 19 per cent. Employees working in the telecommunications industry or professional services seem to be more vulnerable, the report suggests, saying they click more phishing emails than any other industry.
Of course, pdfs are the most suspicious types of attachment (29 per cent), followed by doc (22 per cent), html (13 per cent) and xls (12 per cent).
“Phishing continues to be a highly effective attack vector that is increasingly responsible for a significant percentage of data breaches in the market today,” said Trevor Hawthorn, CTO of Wombat. “In spite of continued investments in a number of popular security technologies, phishing messages continue to reach end users and can result in serious damages to a company’s critical data and reputation. Our methods have shown that a Continuous Training Methodology which educates end users on cybersecurity threats changes employee behaviour and reduces risk within an organization.”