,

Email phishing is still very effective – and it’s only getting stronger

Phishing is still by far the most popular attack vector out there. Not only that, but its popularity among the cybercriminal community is growing by the day.

This is according to “Phishing threats report”, a new paper just published by Cloudflare. After analyzing more than 279 million detected email threats, 250 million malicious messages, and more than a billion of brand impersonations, Cloudflare found that phishing is the initial attack vector for nine in ten cyberattacks.

As a result, businesses lose more than $50 billion every year.

Two key objectives

When it comes to phishing, cybercriminals are focused on two objectives: to achieve authenticity, and to get victims to click. The goal to achieve authenticity was underscored by the uptick in identity deception threats, which saw an increase from 10.3% to 14.2% year-on-year. That equals 39.6 million total detections.

Furthermore, Cloudflare’s researchers witnessed attackers impersonating over 1,000 different organizations, in more than a billion brand spoofing attempts. Most of the time (63.3%), the attackers tried to ape the same brands. The researchers identified the top 30 most popular brands, which included big names like Microsoft, Google, and Salesforce (all highly trusted organizations). 

Finally, almost all (89%) unwanted messages squeezed through SPF, DKIM, or DMARC authentication checks. “Attackers’ efforts to achieve legitimacy in the eyes of their victims have proven successful, as we have seen email authentication failing to stop threats,” the researchers concluded.

When it comes to the second goal, Cloudflare says users are more susceptible to the click “as an authentic form of communications.” Apparently, hackers know it’s easier for victims to click a link, rather than download a file. Hence, malicious links were the number one threat category, taking up more than a third (35.6%) of all detected threats. 

In almost all phishing attacks, the email will have a sense of urgency to it, forcing victims to react before taking the time to think their actions through. Given that most firms will not require urgent action in the majority of cases, a company asking for something to be done immediately can be considered a red flag.

Cybersecurity is an ongoing process, and staying informed about the latest threats and solutions is essential to keep your business safe in the digital age. Protect your assets, safeguard your customers, and maintain your reputation by talking to our cybersecurity experts today.

If you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment

Published with consideration from TechRadar SOURCE

/by
You might also like
Ransomware: Don’t Become a Small Business Cybercrime Victim
Practical tips to secure your email account
Fortifying your business with two-factor authentication and two-step verification
How to spot ‘spear phishing’, an insidious cybercrime trend
Emerging trends in data breaches and how to address them
Information Technology ServicesAn I.T. Manager’s New Year’s Resolution
What is proactive cybersecurity, and how do you implement it?
Beware of Phishing Attacks