What is phishing?
Phishing is the most common form of cybercrime. Phishing attacks are usually emails, where the cyber-criminal poses as an organisation or charity to elicit a second action, such as clicking on malicious email attachments or following a link to a spoof website.
Phishing attacks are often the entry point for cyber criminals to launch more serious security breaches. As such, it is crucial that individuals and employees learn to spot a phishing email to avoid potential security incidents.
Is phishing the most common cyber-attack?
Yes, phishing is the most common form of cyber-crime. An estimated 3.4 billion phishing emails are sent every day.
What is spear phishing?
Spear phishing emails are a targeted form of phishing. Cyber criminals already have some information about the target, such as their name, place of employment or job title. This allows the criminal to create more authentic-sounding messages to trick the target.
What type of phishing attack targets specific users?
‘Spear phishing’ is a type of phishing attack that targets specific users.
What type of phishing attack targets groups?
Most types of phishing will target groups of people, using email addresses or telephone numbers taken from breached databases.
What are the types of phishing attacks?
Email phishing: The most common type of phishing attack. Cyber criminals impersonate companies or charities in an email, directing potential victims to click a link and enter personal information or pay for something. Any data entered can be seen by the cyber criminals, including passwords.
Spear phishing: A targeted form of email phishing, where personal information is used to craft more genuine-sounding messages.
Whaling: A form of spear phishing, whaling is where cyber criminals target senior executives and high-ranking managers. These messages convey a sense of urgency, usually to transfer funds quickly.
Smishing: Cyber criminals send text messages posing as a company or charity. These messages work much the same way as email phishing.
Vishing: Cyber criminals call their targets and attempt to get them to give information, such as account credentials or credit card details, over the phone.
Angler phishing: Cyber criminals use social media to get information, to get targets to visit a fake website or download malware.
How many phishing emails are sent daily?
3.4 billion.
While it would be impossible to get a definitive answer, it’s estimated that 3.4 billion phishing emails are sent globally every day.
How common are phishing attacks?
Over half of the victims of cyber-crime globally were victims of phishing scams in 2021.
Phishing is the most common form of cyber-crime. More than half of those affected by cyber-crime fall victim to phishing. For businesses, this number is even higher; 83% of UK businesses that suffered a cyber-attack in 2022 said they were the victim of phishing.
What is the difference between phishing and blagging?
Blagging: Blagging messages are targeted attacks where the hacker makes up a story to try and get money or information out of the target. For instance, the target may receive an email from a ‘friend’, who needs money.
Phishing: Phishing messages are more general, usually sent in the form of malicious emails to addresses gained from a breached database. The hacker will pose as a business or charity, but the end result is the same as blagging; the hacker attempts to get the target to send money or enter information on phishing sites.
Why is phishing still successful?
In general, cyber-attacks are becoming more dangerous as criminals develop more sophisticated methods of breaching defences. This is why phishing is still successful and dangerous.
New types of phishing attacks can be rented to criminals on a subscription basis, such as ‘EvilProxy’. EvilProxy can bypass multi-factor authentication, heightening the risk of data breaches even with robust security systems in place.
Phishing emails have caused what percentage of data breaches?
79%.
79% of UK businesses that suffered a cyber-attack in 2023 identified phishing as the cause.
How many businesses are targeted by spear-phishing attacks each day?
It’s impossible to estimate the number of businesses targeted by spear-phishing attacks each day.
However, phishing is the most common form of cyber-crime (79% of UK businesses that suffered an attack in 2023 reported the cause as phishing) and 3.4 billion phishing emails are sent daily – it’s likely many businesses that suffer attempted spear-phishing attacks.
In addition, 65% of known hacking groups in 2019 were using spear phishing campaigns, with 96% using targeted attacks for intelligence-gathering purposes.
Phishing attacks are part of what percentage of cyber-attacks?
79% of cyber-attacks against UK businesses were identified as phishing.
What percentage of cyber security incidents start with an employee getting phished?
91% of cyber attacks begin with a phishing email to a victim.
Sources
Google, Surfshark, UK government, ISTR, Cofense, Mimecast, LinkedIn, Bulletproof, Check Point, IBM, Kaspersky, AtlasVPN, NCSC, IT Governance, Reuters, Wired, Office for National Statistics, IC3, Statista, Canadian Anti-Fraud Centre, Statistics Canada, Valimail, Verizon, F5 Labs, Law Society, Tessian, Webroot, Deloitte
Source: AAG Business IT Support
