As the end of 2018 approaches, phishing attacks are becoming increasingly sophisticated, BEC losses shoot through the roof, and safe-looking sites are anything but safe. We have gathered some interesting phishing statistics from the past year. Here's our post and infographic on five phishing trends you want to be aware of next year.
There goes that sense of security. The HTTPS abbreviation and the green padlock symbol in the address bar usually signify that the data exchanged between your browser and the site you’re visiting is encrypted. Over 80% of respondents in an APWG survey believed the symbol indicates that a site is legit and safe. Unfortunately, it is often neither one or the other, as scammers are now increasingly taking advantage of HTTPS. In late 2016, merely five percent of phishing sites implied legitimacy with HTTPS. By the end of 2017, however, the amount rose to 20% and kept on rising in the first quarter of 2018.
Whereas previously the primary targets of phishing attacks were consumers, during the last few years the focus has shifted to enterprises and their human employees. In 2017 alone, 76% of businesses were victims of phishing attacks. In that same year, Kaspersky Lab’s Anti-Phishing system was triggered 246,231,645 times. That’s more alarms than there are people in Russia. 2018 wasn’t excellent, either: headlines such as “Phishing Attacks up by 297 Percent in Q3 2018” took over search engine feeds.
In terms of cybersecurity, it’s been a rough year for companies that provide Software as a Service. They’ve been an increasingly popular phishing target since 2017 when the number of attacks tripled in comparison to 2016. Statistically speaking, there was a 237% increase in SaaS-targeted attacks. Although in 2018 the number of similar attacks was reasonably low (7% in April), the number rises each year mainly because phishing attacks, in general, are more and more tailored for enterprises instead of individuals.
A BEC attack is, for example, an email scheme that aims to steal useful information like tax data or just plain money. Often these schemes are sophisticated and tailored fake emails, such as impersonation messages. The amount of BECs has gone up drastically in recent years. During the first half of 2018, AppRiver identified more than a million BEC attack messages. This was a 55% increase from the 653.000 quarantined messages during the previous six-month period in 2017. With increasing attacks comes significant financial damage. According to FBI’s Internet Crime Complaint Center, Global BEC losses exceeded 12 billion US dollars in 2018. In 2017, these scams cost organizations almost 700 million dollars.
Over 90% of malware is delivered via email, and most commonly it is disguised in the form of invoices, legal enforcement, and email delivery failures. However, the evergreen email scam now has a powerful contender: voice phishing. These can be, for example, robocalls or fraudulent calls from people impersonating debt collectors. First Orion predicts that spam calls will take a leap from over 29% in 2018 up to 45% by early 2019 in the United States.Although nowadays people are somewhat savvier in terms of phishing attempts than before, the phishing statistics are still alarming. As we speak, cyberattacks are becoming more intricate and less easy to recognize as scams. Executives will thank themselves later if they empower their employees to become as apt as possible when it comes to cybersecurity.