Phishing Emails on the Rise as Spear Phishing Continues to Return Bigger Payouts

Library_SpearPhishingNew data from Microsoft Security Insights sheds some needed light on exactly what the bad guys are doing and how they’re shifting tactics. Sometimes it feels like the bad guys are attacking from all sides, often making it difficult to determine which direction to point your defense efforts. According to the latest data from Microsoft, you may want to keep an eye on spear phishing.

Microsoft’s Security Insights provides insight into what attack trends are being seen. According to the latest data, the percentage of all emails that are phishing emails rose a whopping 74% in 2019 over 2018. But, what kinds of attacks are in use with these malicious emails? Microsoft’s data shows that Cryptomining is all but dead, use of malware is down 34% year-over-year, and ransomware detections are down as well.

So, what exactly is the plan here?

According to Mimecast’s latest Email Security Risk Assessment report, Business Email Compromise (BEC) saw a 269% increase! BEC leverages spear phishing to target the specific individuals within an organization that can be of “help” to ensure an attack is successful.

By looking at the Microsoft and Mimecast data, it becomes clear that while malware and ransomware are not going anywhere, the current trend – at least for the moment – seems to point towards lots of BEC scams and spear phishing as the attack vector. With the average BEC take at over $270,000, this attack is gaining ground.

Traditional detection-based defenses can only do so much, as BEC often uses social engineering over malicious attachments or links to do the dirty work. Your best defense is to empower your users with Security Awareness Training so they will be mindful that they need to be vigilant against BEC, lowering the risk of successful attack.

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe To Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews