Phishing: History, Statistics, and Prevention
Guess how many emails are sent worldwide every day. Try 333 billion. Imagine, only a few decades ago, the ways in which a message was sent would take days, weeks, or months. Now, we can do it in a second. While convenient, the technological privilege of being able to send digital messages instantaneously comes with risk.
What is phishing?
From the operation of your personal cyber information to the due diligence of protecting your company’s cyber data, maintaining a solid cyber security posture is crucial. A plethora of cyber threats is present each and every time you exchange data online. Malware, ransomware, password theft, and trojan horse viruses are just to name a few. Phishing is one of the top cyber threats companies face.
Phishing is the practice of illegal trickery by cybercriminals to steal data by way of email, phone, or text messages. By posing as a legitimate organization or reputable person, cybercriminals attempt to acquire sensitive data through fraudulent solicitation.
While the overall goal to take data is the same, not all phishing attempts look the same or come from the same source.
Example types of phishing techniques:
- Spear phishing: a targeted attack on specific individuals instead of a vast group
- Voice phishing (vishing): a phone call made by a cybercriminal disguised as a support agent or representative with the goal of stealing sensitive information such as login credentials
- Whaling: an attempt by cyber actors to attack a “big fish” like a CEO
- Business email compromise (BEC): an attempt to trick those in a company with purchasing power into transferring funds to fraudulent accounts or revealing personal information
A top indicator of a phishing attempt to look out for is when the sender of a message creates a sense of urgency in a request to input information. This is often a cyber attack attempt.
Where did phishing come from?
Phishing originated in the mid-1990s when AOL was a leading internet service provider. At the time, they had over a million customers subscribed to their service. Their massive popularity grabbed the attention of early cybercriminals. Those trading pirated and illegal software used AOL for their communication. They used AOL messenger and email to impersonate AOL employees and tricked users into sharing private information.
What is phishing’s impact?
The Anti-Phishing Working Group (APWG) recorded 1,025,968 phishing attacks in Q1 of 2022. This is the first time phishing attacks surpassed one million within the first quarter.
In the U.S., 79% of the analyzed companies were found to be highly susceptible to phishing attempts, according to Black Kite’s research, “The Cost of a Data Breach Report: A New Perspective.” Similar research by IBM reports the average cost of a phishing attack is $4.65 million. That’s a hefty price tag for one employee’s mistake clicking on a fraudulent email.
Cybercriminals know the more access to confidential data, the higher the reward. Industries that are most at risk for a phishing attack include healthcare, education, government, financial services, and retail/e-commerce.
How to avoid phishing attacks
The Federal Trade Commission outlines four steps to avoid phishing:
- Protect your computer with security software.
- Protect your mobile phone by setting software to update automatically.
- Protect your accounts by using multi-factor authorization (MFA).
- Protect your data by backing it up.
But most of all – be aware. One of the strongest fights against phishing is awareness of what is being sent your way. Does the email seem “off?” Are you getting a text from your CEO in the middle of the day about a conference that doesn’t exist? Are you being asked to buy something that doesn’t feel quite right?
Encourage your company to enact phishing training or have your security team send spoof emails to try and encourage vigilance. You never know when you might get caught off guard!
Curious for more fundamentals and blogs from Black Kite? Head over to our blogs page to check out the latest article from our Cyber Evangelist: Jeffrey Wheatman.Black Kite Blog