Find out more about how IT Governancecan help identify risks in your existingsystems and processes, or how toproactively detect and prevent internaland external threats by clicking here orcalling +44 (0) 845 070 1750.
Email-spoofingfraud
specificallytargeting acompany.
Spear phishing
2. Monthly Threat Report, Symantec Security Response (May 2017)
4. 2016 Q3 Malware Review, PhishMe (November 2016)
References
3. The State of the Phish 2017, Wombat Security Technologies (January 2017)
What is phishing?
How to defend your organisation fromphishing attacks
Phishing emails appear to come from someone youtrust, such as an online provider, bank, credit cardcompany or popular website. These emails typicallytry to trick you into giving away sensitiveinformation, such as your username, password orcredit card details.
They may also try to install malware onto yourcomputer by getting you to click on a malicious linkor open an infected attachment.
Spear-phishingattack targetingC-level execs orspoofing their
email addressesto reach lower-
level staff.
Whaling
Fraudulentphone callsurging the
recipient toreveal sensitive
information.
Vishing
Text messagesurging the
recipent to clicka link that
downloadsmalware ontotheir device.
Smishing
76%
The current state of phishing
76% of infosecprofessionals
reported that theirorganisation had been
the victim of aphishing attack in
2016
44%
44% of infosecprofessionals
reported that theirorganisation had been
the victim of vishingand smishing
4%
4% of infosecprofessionals
reported that theirorganisation had beenthe victim of phishing
through USB sticks
J J A S O N D J 2017 F M A M1,000
2,000
3,000
4,000
5,000
6,000
7,000
8,000
9,000
10,000
1 in
per
em
ails
rece
ived
In May 2017, every 1 in2,998 emails was a
phishing email.
Phishing by industry sectorPhishing affects almost every industry. However, theservice industry is the worst affected, with 1 phishingemail for every 1,903 emails received in May 2017.
The cost of phishingIn 2015, the Ponemon Instituteconcluded that lost employeeproductivity is the largest costassociated with phishing (roughly $1.8M for a 10,000-person company).
Phishing and ransomwarework together
The number of phishing emailscontaining a form of ransomware grewto 97.25% during Q3 2016, up from92% in Q1 2016.
The impact of phishing on organisations
Industry suseptibility to phishing attacks
From:
Subject:
Apple <[email protected]>
Your Aplle ID was used to sign into iCloud on aniPhone 6S
Form.zip
Dear customer,Your Apple ID was used to sign in to iCloud on an iPhone 6.Time: April 16, 2016Operating system: iOS:6.0.1If you recently signed in to this devise, you can disregard this email.If you have not recently signed in to an iPhone with your Apple ID and believesomeone may have accessed your account, to confirm your details andchange your password please click here <http://www.apple-crompany.com>
Apple Support
My Apple ID | Support | Privacy PolicyCopyright 2016 iTunes S.a.r.l, 31-33 rue Zithe, L-2763 Luxembourg. All rights reserved.
1. Emails sent from public emailaddresses
2. Spelling and grammar mistakes
3. Unsolicited attachments
4. Non-personalised greetings
6. Links to unrecognised sites orURLs that misspell a familiardomain
5. Threats or enticements thatcreate a sense of urgency
7. Contact details that do notmatch registered details
7.2
6
5.9
5.1
4.9
4.6
4.6
4.4
4.1
4.1
4.1
3.5
3.4
Average Click Rate Per Industry, 2016
Construction
Mining
Wholesale trade
Accommodation &food services
Finance & insurance
Manufacturing
Transportation &storage
Real estate & leasing
Arts andentertainment
Retail
Information services
Utilities
Healthcare
3 4 5 6 7 8
Percentage
How to spot a phishing attack
The majority of industries are not significantly different with regard tothe percentage of users that click on phishing links or attachments.
Examples of breaches
FACC Operations GMBH’s financial accounting department was
targeted by a whaling attack — approx. €50 million was transferred
to a fraudulent account.
Snapchat’s payroll department wastargeted by a whaling email scam
— payroll information about some current and former employees was
disclosed.
An employee from SeagateTechnology’s data storage facility was targeted by a
whaling attack — up to 10,000 W-2tax documents of current and past
employees were revealed.
The combination of IT Governance’s Simulated Phishing Attack andStaff Awareness Course will help you reduce your phishing exposure bytesting and assessing your staff’s vulnerability to phishing attacks.
A Simulated Phishing Attackwill establish whether youremployees are vulnerable tophishing emails, enabling youto take remedial action toimprove your cyber securityposture.
Simulated PhishingAttack
This e-learning course willhelp your staff understandhow phishing attacks work,the tactics that cybercriminals employ to lureinattentive users, and how tospot and avoid a phishingcampaign.
Phishing StaffAwareness Course
Buy online Buy online
Minimise the risk ofphishing attacks byassessing andeducating end users.
5. The Human Factor Report, Proofpoint (June 2017)
7. "CEO Sacked After $56 Million Whaling Attack", Infosecurity Magazine (May 2016)
6. The Cost of Phishing & Value of Employee Training, Ponemon Institute (August 2015)
9. Cyberheist Dumps Seagate Technology, Snapchat Deep In Phishing Hole, www.investors.com
8. "An apology to our employees", Snap Inc. (February 2016)
CEO Sacked After $56 MillionWhaling Attack
Cyberheist Dumps SeagateTechnology
An Apology to Our Employees
According to data from IBM X-Forcedata, 70% of credentials are stolen inthe first hour of a phishing attack. Fourhours into that phishing site beingonline, that number rises to 80%.
1. "Hey Phishing, You Old Foe — Catch This Cognitive Drift?", IBM Security Intelligence (March 2017)
1
2
3
4
2
5
6
7
9
8
7.2
6
5.9
5.1
4.9
4.6
4.6
4.4
Click rate for large campaigns (more than 20,000 messages)
Dropbox AccountPhishing
Adobe AccountPhishing
Google DrivePhishing
Microsoft OWAPhishing
FinancialInstitution Phishing
Generic EmailCredentialHarvesting
Apple AccountPhishing
Paypal Phishing
4.0 4.5 5.0 5.5 6.0 6.5 7.0 7.5
Percentage
Top lures and their click rates 5
