A report released by Cofense (formerly known as PhishMe) has revealed that in 2018, one in ten emails reported were found to be malicious in nature. With that, over 50% of those were credential phishing e-mails, an attack where malicious actors attempt to con users into providing their login information.
Further findings divulged that approximately 21% of malicious attachments used the term ‘invoice’ and were in six of ten most effective phishing campaigns so far this year.
If a malicious email lands in the user’s inbox, they are the final line of defense for a network. User awareness training and a level of suspicion can make a big difference in having a successful security program at an organization.
Users should always apply a level of caution to any email that asks for personal information such as log-in info, Social Security numbers, answers to security questions, and financial information.
Users should also hover over URL links to ensure that what is embedded in the email matches the URL presented. Often, phishing emails use this tactic to redirect users to another website.
Emails with a high level of urgency or threats of punishment should also be treated with caution as these are often used to elicit panic and have users act without thinking clearly.
Overall, if an email seems suspicious or malicious, it probably is. Users should confirm the validity of the email with their organizations over a known good method of contact. Using any contact info from the suspected phishing email could lead users to communicating with the attacker.
Cofense also stated that overall, phishing resiliency of users has improved, but there is still a lot of work to do. Reporting rates have increased about 14% from three years ago.