The anti-phishing solution supplier
In addition to describing the most effective phishing electronic mails, Cofense also offers anti-phishing guidelines and proposes best practices that must be adopted to make phishing simulation exercises and safety awareness training more effective.
To compile the report, Cofense examined the responses to 135 million phishing electronic mail replications from campaigns carried out by its clients. The company used a sample of 1,400 customers for its examination. Those companies were spread across 23 industries from more than 50 nations.
Cofense also examined more than 800,000 doubtful electronic mails that were reported by workers through Cofense Reporter and roughly 48,000 real-world phishing campaigns, with data on the latter gathered via the Cofense Intelligence service. The study used phishing data gathered between July 2017 and June 2018.
2018 Phishing Data
- Phishing is the number one cyber-attack path
- 91% of all data breaches begin with a phishing electronic mail
- 92% of all malware is delivered through electronic mail
- On average, each electronic mail user gets 16 malevolent electronic mails in their inbox every month
- 1 in 10 reported electronic mails are malevolent
- 21% of malevolent electronic mails contain attachments (malware or links concealed in attachments)
- Business electronic mail compromise electronic mails are seldom noticed and reported
- More than 50% of reported electronic mails are related to credential theft
- The most usual credential phishing electronic mails try to get Office 365 logins
What are the Most Effective Phishing Electronic mails
The top three reported phishing electronic mail subjects differed by industry sector, although “invoice” electronic mails were the most usually reported in all industries in addition to healthcare, where “payment notification” was most usual. Electronic mails claiming there is a new message in a mailbox or a new fax message were also common, as were payment notices. These common phishing topics are what companies must focus on when training workers together with training on other active dangers.
While it is shared for anti-phishing and safety awareness training to be provided yearly this is no longer sufficient.
What is clear from Cofense research is that training and phishing replications are effective at decreasing vulnerability to phishing attacks. The more training that is provided, and the more practice workers have at identifying phishing electronic mails (via imitations), the more resilient companies will be to phishing attacks.
You can download the Cofense 2018 State of Phishing Defense Report here.