The modern age has brought about many new threats to safety and privacy. In the cybersecurity industry, phishing attacks have taken a leading role in disruptive and destructive cyber hazards. A phishing attack is any cyber-attack in which a hacker attempts to deceive the victim through the use of fraudulent emails or correspondence.
The fake message looks authentic and contains links or attachments with malware inside. The message instructs the victim to click on the links or download the attachments. The malware then infiltrates the computer system and gains access to private information, data, and anything of value.
While phishing attacks can be prevented to a limit, it’s important to stay updated on the recent statistics and forms of phishing attacks taking place to avoid falling victim to them.
Latest Phishing Statistics
Here is a roundup list of some of the most recent phishing statistics:
- 55% of phishing websites use targeted brand names to capture sensitive information with ease. (F5 Labs Phishing and Fraud Report of 2020)
- During the third quarter of 2022, 23% of phishing attacks worldwide were directed toward financial institutions. (Statista)
- Web-based software services and webmail accounted for 17% of phishing attacks. (Statista)
- 41% of cyber-attacks used phishing and more than half of those phishing attacks used spear-phishing attachments. (IBM)
- A 2023 survey showed that 53% of respondents believed that hackers would use ChatGPT to craft believable and legitimate-sounding phishing e-mails. 49% thought that the AI tool would help less experienced hackers improve their technical knowledge and develop their skills for spreading misinformation. (Statista)
- Phishing and impersonation of a public institution was the most common social engineering method used by cybercriminals in Poland in 2023. (Statista)
- The global cybersecurity market size is forecast to grow to US$ 266.2 billion by 2027. (Statista)
- Today, potentially AI-enabled phishing and network intrusion are some of the most common cyber-attacks experienced by organizations - causing serious damage including information or revenue loss. (Statista)
- By 2025, forecasts suggest that there will be more than 75 billion Internet of Things (IoT) connected devices in use which could become vulnerable to possible security breaches in the form of hacking, phishing, and more. (Statista)
- Phishing e-mails remain one of the primary attack vectors for cybercriminals. On average, 15% of businesses worldwide have become victims of more than 50 bulk phishing attacks. More than half of the companies said these phishing attacks resulted in consumer or client data breaches. (Statista)
- Highly impersonated brands for phishing scams include Amazon and Google at 13%, Facebook and WhatsApp at 9%, and Netflix and Apple at 2%. (CISOMag)
Biggest Phishing Breaches In 2022
Phishing attacks are becoming more innovative and spreading faster than ever before. Last year saw record-breaking numbers. The APWG logged more than 4.7 million phishing attacks in 2022. Since the beginning of 2019, the number of phishing attacks has grown by more than 150% per year. Some of the biggest phishing attacks in 2022 include:
Twilio - August 2022
The communications company said in a press release that it became “aware of unauthorized access to information related to a limited number of Twilio customer accounts through a sophisticated social engineering attack designed to steal employee credentials.”
A text message phishing attack baited and redirected employees toward a fake website that resembled Twilio’s real authentication site. The site then asked for the employee credentials which gave the hackers the information to gain insider access to internal company resources and customer data.
Sourced from Twilio
The fake URLs contained "Twilio," "Okta," and "SSO" keywords.
The access compromised 93 Authy accounts and potentially exposed 1,900 accounts on the encrypted communication app Signal.
Acorn Financial Services - August 2022
A cyber-attack on the financial services provider – Acorn - led to sensitive data being compromised. Initially, the phishing attack targeted an employee – stealing their email credentials. After gaining access, the hackers stole customer names, addresses, dates of birth, driver’s license numbers, financial account numbers, social security numbers, and other client account-related information.
Allegheny Health Network - July 2022
The Allegheny Health Network revealed that it was the victim of a cyber-attack that saw the exposure of almost 8,000 patients. A phishing email was sent to a worker at the facility to gain their employee credentials which were then used to access the sensitive information.
The information compromised in the breach included patient names, dates of birth, dates of service, medical records, ID numbers, mailing addresses, phone numbers, and email addresses. The healthcare providers said that no evidence was found that any of the information had been used fraudulently.
Mailchimp - March 2022
The credentials of employees were used to access the accounts of 319 MailChimp customers. A mailing list of 102 accounts was also stolen. The hackers then used the accounts to launch phishing attacks. Application programming interface keys may have also been compromised in the cyber-attack - which could be used to launch additional email-based phishing campaigns in an automated fashion.
Trezor, the cryptocurrency wallet company, also reported that the stolen data from the Mailchimp breach was used to launch a phishing campaign against its customers. The phishing emails sent to Trezor’s customers contained malware that asked for sensitive account information. The access was then used to transfer money into the hacker’s wallets.
Charleston Area Medical Center - January 2022
The Charleston Area Medical Center suffered a phishing attack that affected 54,000 people. The company revealed in a statement that an unauthorized actor gained access to some CAMC employee email accounts.
The notice goes on to say that the hacker seemed to be interested in collecting login information for CAMC employee accounts rather than accessing individuals’ personal information. Regardless, the impacted accounts contained patient names, medical record numbers, test results, and other treatment information.
How To Prevent Phishing In 2023
While the dangers of phishing attacks may seem unavoidable to some extent, it’s important to practice cyber hygiene and be cautious to avoid becoming a victim. We’ve drawn up a list of ways you can prevent yourself from being caught up in a phishing scam in 2023:
Be Overly Suspicious
While we don’t recommend that you wear a tinfoil hat and never open your email again, there are ways to be cautious. A phishing scam tries its best to fool its victims by looking almost entirely legitimate - “almost” being the operative word.
Companies will not ask you for sensitive credentials in an email or text message. If you receive any communication asking for sensitive information – or any information – rather be safe and call the official company line and enquire about the authenticity before submitting any information.
Sourced from Federal Trade Commission
Think Before You Click
The FBI’s 2021 Internet Crime Report reported that 19,954 complaints were related to business email compromised issues - the losses of which amounted to US$ 2.4 billion. Hackers will count on your carelessness when opening email links and downloading files. Even if an email or attachment looks legit, it’s important to always be cautious. Ensure that any links received are not suspicious-looking and that every URL you click on looks sensible before clicking them - regardless of if they’ve come from trusted sources or not.
Update Your Software
While we all want to simply wave away the pesky update notifications, it’s important to always maintain the latest software updates on your PC and phone. Most updates include patches that fix vulnerabilities in the software. Hackers will use your delayed update to take advantage of those vulnerabilities and infiltrate your system.
Use Multi-Factor Authentication
Keep the Multi-factor authentication on across all your apps and accounts. This ensures that your accounts and device have multi-layered security. This will limit access and keep your information safe. Extra credentials are required which makes it more difficult for hackers to enter your account or compromise your data.
It’s important to stay aware of the phishing scams in your area. Keep an ear and eye out for any new scams going around and spread the word to keep others safe as well.
When you’re online, it’s easy to forget the smaller details – especially when shopping. Remember to ensure that the websites you access are SSL-certified and have a URL starting with “https” so you know that your data is encrypted. A secure website will also feature a lock icon near the URL address bar. Don’t enter any information into a website that does not seem secure.
Provide Cybersecurity Training
Most cyber-attacks on businesses start with an employee clicking on a dubious. To maintain the safety of your network, ensure that your employees receive adequate cybersecurity training and education. Implementing cyber hygiene practices in the workplace will help your employees recognize and avoid phishing scams faster and protect your organization.
Use Advanced Cybersecurity
In this modern world, everything is automated – and your cybersecurity solutions should be the same. Invest in advanced and high-quality cybersecurity measures to ensure that phishing scams and malware don’t stand a chance.
Sangfor’s Next Generation Firewall (NGFW) can be used in conjunction with Endpoint Security to identify malicious files at both the network level and endpoints. The advanced firewall is a security device designed to inspect network and application traffic for threats, secure the network environment from intrusion, and bring in security intelligence from outside the network. Anything that the on-premises features cannot analyze is automatically sent to the cloud-based Neural-X sandbox for isolation and critical inspection.
Additionally, Sangfor’s Cyber Command (NDR) Platform constantly monitors for malware, residual security events, and future potential compromises in your network. The solution is coupled with Threat Intelligence and an enhanced AI algorithm to keep you updated with any vulnerabilities in the system while ensuring your data is always kept strictly protected and consistently monitored for lingering threats
Ensure that phishing scams and other malware are a thing of the past by introducing these safety practices and solutions.