With 98% of malicious emails that hit inboxes containing no malware, the evolution and future of the phish lies squarely in the hands of effective social engineering.
If you were a cybercriminal and were planning on using email as the medium by which to carry out your evil plans, you quickly realize you need to fool the recipient no matter what – whether the desired action is to open a malicious attachment, click a link, or respond, you much con them into doing so.
So, you quickly come to the conclusion that the success of your phishing attacks really comes down to just how good your social engineering skills are. And that’s the very focus of the 2019 Phishing Trends and Intelligence Report from PhishLabs. In the report, the combination of phishing and social engineering are clearly the two keys to success.
According to the report “email security technologies are good at detecting malware, but struggle to identify social engineering.” The goals of social engineering are nothing new:
- 65% focus on Credential Theft
- 33% are email scams
- 2% are used for malware delivery
With phishing increasing 41% over the previous year, even the report comes to the conclusion that “phishing still works.”
Because of the inability for security solutions to identify (let alone, stop) social engineering phishing attacks, organizations need to educate users on how to spot them and how to avoid becoming a victim. Security Awareness Training addresses the security gaps left by software solutions, educating the user to spot social engineering attacks, and empowering users to become a part of your organization’s defense.