Phishing Statistics: 1 in 99 Emails Is A Phishing Attack
NEWS

Phishing Statistics: 1 in 99 Emails Is A Phishing Attack

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

New alarming statistics reveal that approximately 25 percent of phishing emails taken from a batch of 55 million analyzed emails were marked as clean by Office 365 Exchange Online Protection (EOP).




This means that these phishing emails got to recipients’ inboxes without any obstacle. A small of percentage (5.3 percent) were whitelisted due to admin configurations, when they had to be blocked.

Related:
Have you received a sextortion email or another alarming scam email? Here are four reasons for that sextortion email in your inbox.
4 Reasons Why You Receive Sextortion and Other Email Scams.

New Report Shows the Development of Phishing Campaigns

The discoveries belong to Avanan’s 2019 Global Phish Report, which also reveals that one of 99 emails is part of a phishing attempt which involves malicious attachments or links. Considering the increasing success and frequency of phishing campaigns that deliver malware, these statistics should come to no one’s surprise.

One in every 99 emails is a phishing attack, using malicious links and attachments as the main vector.Of the phishing attacks we analyzed, 25% bypassed Office 365 security, a number that is likely to increase as hackers design new obfuscation methods that take advantage of zero- day vulnerabilities on the platform“, the report says.

During the analysis of over the millions of

Remove Office365 Phishing Scam and protect yourself from such strains including related email messages and websites by reading our article
emails sent to Office 365, the researchers scanned every single email, which enables them to see not only the phishing attacks that were caught, but also those that were not detected.

The analysis also outlined the four most popular phishing attacks:

  • Spear phishing;
  • Extortion-based phishing;
  • Credential harvesting;
  • Malware phishing.

It is noteworthy that although spear phishing attacks are not as popular as the other ones, it is usually the type of attack with the most destructive impact. This impact stems from the fact that spear phishing emails are specifically designed to target high profile employees of large companies. These employees usually have access to highly sensitive data, hence their name, and open the door to cybercriminals to perform a range of malicious activities.

These phishing attacks can also be the most difficult to detect, given the lack of attachments or links that can be flagged by anti-phishing tools. They rely on social engineering, rather than technical bypass methods,to deceive targets into surrendering a wealth of information”, researchers explain.

Extortion-based phishing emails account for 8 percent of the analyzed attacks. Here’s an example of an extortion phishing email attack which we recently wrote about – “Central Intelligence Agency – Case #[random numbers]”.

The scam used the “Central Intelligence Agency – Case #[random numbers]” subject line, with the sender representing themselves as a “technical collection officer for Central Intelligence Agency”. The pretext of this scam was the distribution and storage of pornographic electronic materials involving underage children.The scammers claimed that they read the documentation and knew the recipient was a wealthy person who may be concerned about their reputation. A payment would allegedly persuade the “technical collection officer for Central Intelligence Agency” to remove any details about the related fake case.

Related:
A new scam that came to our attention uses the ?Central Intelligence Agency - Case #47928153? subject line, with the email allegedly sent by CIA officer.
Beware the “Central Intelligence Agency – Case #47928153″ Scam.

This is one of many similar phishing emails circling the web. But let’s see what else Avanan’s 2019 report has to say. The two most popular types of phishing attacks are related to credentials harvesting and malware infections.

In most cases, credential harvesting emails are masqueraded as emails sent out by trusted brands such as Google, Microsoft and Amazon, in an attempt to trick the recipient into entering their username and password in a spoofed login page. With these credentials,hackers take over the victim’s account or sell the information on the black market in bulk, the researchers note.

The purpose of a malware-carrying phishing email is clear – to infect the recipient with malicious software. More than 50 percent of the millions of analyzed phishing emails carried malware. These attacks often bypass traditional malware scans since the email itself is not malicious in the first place. However, the email typically contains a malicious link which triggers the download of malware, most likely a Trojan horse.

If you receive a bogus email that you believe is a phishing scam, you can send us a word using our website contact form, comment section or on our Facebook or Twitter page.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum for 4 years. Enjoys ‘Mr. Robot’ and fears ‘1984’. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles!

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...