Phishing services are surprisingly cheap

There’s so much these days that can be done with technology that it can make your head spin. At the push of a button, you can stream the latest blockbuster movie thanks to Netflix. You can easily have dinner delivered via Grubhub or Wolt, or order a comfortable taxi thanks to Uber. Or, for the more nefarious amongst us, you can quickly commit cyber-espionage and bring down entire companies, steal someone’s identity, and potentially get a ton of easy money in the process with the proliferation of phishing services.

Phishing services are gaining in popularity thanks to the ubiquity of the SaaS (Software-as-a-Service) style pricing model; they’ve even co-opted the naming and you can easily Google or Tor PhaaS (Phishing-as-a-service).  For around $40 USD, you can download a quick and easy phishing kit and become a l33t h@¢k0r within minutes while the more enterprising attackers might opt for a more expensive software package that ultimately will net them more money, sensitive information, or whatever they’re after. A recent article in the UK's Financial Times reported that for under $100, anyone can subscribe to a lifetime supply of cyberattacks on a target of their choice. This means that the sudden mass availability of phishing services truly means that just about anyone with bad intent can have a shot at compromising either your identity or your company’s security. Or both.

Scary stuff, eh? It gets scarier. 

• 1 in every 138 emails is a phishing attempt. (Avanan) 
• In Q1 2022 alone, the volume of Ransomware, which is almost always initiated by a phishing attack, swelled to more than 80% of the total volume recorded in all of 2021 (Internet Security Report, WatchGuard Threat Lab).
• For enterprise-sized companies, 23% of their security operation’s time is spent only managing email threats (Aqaio)
• Data breaches cost $4.24 million per incident, on average. (IBM)
• The average cost of phishing to organizations has more than tripled since 2015, ballooning to $14.8 million in 2021 (Ponemon Institute’s “Cost of Phishing Study”).
• About 25% of phishing attacks were marked safe and therefore bypassed Microsoft’s Office 365 Exchange Online Protection (EOP). (DarkReading)
  

It used to be, not even that long ago, that attackers needed at least an intermediate understanding of programming and social engineering. Today, pretty much anyone with $40-$1000 can get in. All it takes is one wrong click. 

Does that bother you? It should. Since human beings are the most vulnerable link in any cybersecurity defence system, the best thing a CISO or CTO can do is teach their workforce how to spot phishing from afar. And hey, wouldn’t you know it, that’s what we do. 

Hoxhunt is the best way to educate your workforce on how to spot phishing attempts that break through. When companies use Hoxhunt, their phishing simulation fail rates, which are one sign of risk, typically fall from 16-30% down to 2-4%; and more importantly, their engagement and phishing reporting rates soar from under 20% to 60-90%.  Check out some more of the data in an eBook here, and an informative case study here. 

Get in touch with us today and let’s hoxecute the phishermen. 

‍