A new report reveals that more than 90 percent of all phishing attacks documented in 2016 targeted just five industries.
Per PhishLabs’ 2017 Phishing Trends & Intelligence Report, organizations offering financial, cloud storage/file hosting, webmail, payment, and ecommerce services encountered 91 percent of all phishing attacks in 2016. Those industries each saw the total number of phishing campaigns targeting them increase by an average of one-third. The number of attacks for all industries also grew in 2016.
But there’s change afoot. Financial institutions used to account for a third of phishing attacks back in 2013. It’s now dropped to less than a quarter. Other institutions have picked up the slack, most notably cloud storage/file hosting at 22.6 percent in 2016.
PhishLabs says something big is causing phishers to migrate away from financial organizations to cloud-based services. As it explains in its report:
“The shift is driven by a major vulnerability in how many web services, including nearly all of the cloud storage services and SaaS companies that have seen a substantial increase in phishing attacks, allow their users to authenticate into their accounts. Instead of requiring users have a unique username and password, they allow users to log in using their email address in conjunction with a ‘unique’ password. The problem with this method is that many, perhaps a majority, of their users simply reuse their email password instead of creating a new one.”
Password reuse is an attacker’s best friend. If they obtain a user’s email address and password, attackers can try to authenticate themselves across multiple web services with the hope that the victim reused the same password for their accounts, including some that contain financial information. Attackers can break into these accounts to steal money from the victim. Alternatively, they can sell all those accounts on the dark web for between 50 USD and 1,000 USD.
Here are some other notable statistics from the PhishLab’s report:
- Britain saw a massive spike in phishing attacks leading up to the ‘Brexit’ referendum vote. Most of the scam campaigns targeted payment services and government agencies. Following the Brexit vote, the number of attacks targeting British users plummeted. This illustrates how phishers continue to capitalize on events in the news to prey upon unsuspecting users.
- Canada, Switzerland, and France all saw an increase in the number of phishing attacks targeting their citizens, whereas countries like China, Britain, and South Africa experienced fewer campaigns than in years past.
- PhishLabs collected 29,000 phish kits that lets attackers create a working phishing site.
- 10 countries hosted four out of every five phishing sites. In total, attackers spread their phishing campaigns across 432 different top-level domains (TLDs). Many new generic TLDs (gTLDs) saw phishing content including .TOP, .XYZ, and .ONLINE.
Given the growing number of phishing attacks and the ease with which bad actors can create phishing campaigns, it’s important that organizations make sure their employees know how to spot a phish. They should create a security awareness training program to address this need, specifically one that leverages third-party phishing simulation software.
Does this type of solution sound of interest to you?