A study on phishing trends in 2018 found that 84 percent of all phishing attacks were carried out against US-based businesses. Additionally, the report claims that the focus of phishing targets shifted from the individual to the enterprise level. The data was compiled by threat intelligence firm, PhishLabs, who analyzed more than 1 million confirmed phishing sites and 12,000 attacks per month.
Phishing Volume VS Activity
What is interesting to note is that the percentage the US makes up for those being phished has actually been decreasing (from 85 percent last year. However, this can be a misleading statistic – the sheer volume of phishing attacks against US-based organizations has risen exponentially. The rate of phishing activity rose 40 percent in 2018, and given the trends found among the top 30 most attacked countries, it is likely to increase again this year.
Top Channels for Phishing
The report found that the top five most phished industries accounted for over 80 percent of phishing volume. The financial sector came in at the first spot, with email and online services following close behind. Cloud storage and payment services along with SaaS providers each experienced 12.6, 11.1 and 7.2 percent, respectively. Every one of these besides payment services saw an increase in phishing volume over last year.
2018 followed previous years according to the report, with attacks rising and continuing from the first few months into Q4 where they began to drop, with spikes at different points in the summer. Past research by PhishLabs indicates that phishing campaigns adhere to seasonal trends more or less, culminating in surges and then drop-offs at certain times throughout the year.
Most Effective Phishing Email Subjects
The study also included data from simulated phishing tests and the email subject lines that users were most susceptible to. Messages including Human Resource, payroll, and transactional information were found to be the most effective at tricking users into opening the contents, with seasonal emails (e-cards, holiday closures, etc.) not far behind. Corporate communications were overall the easiest way to get individuals to lower their guard.
Train Your Employees to Spot All Phishing Attacks
If this research communicates anything, it is that phishing is only going to keep building up and evolving over the next few years. It is a relatively easy way for hackers to get what they want, and as more and more organizations rely on networked resources, they will only gain more opportunities to exploit unsuspecting users.
Sign up for Phishing Defender provided by SWK to engage your employees in security awareness training that will prepare them for inevitable phishing.