Updated on 02 January 2024
The unfortunate truth is that humans are the weakest link in any cyber security strategy. As such Phishing, through methods such as Brandjacking, Identity Impersonation, Social Engineering and more, reigns supreme as the primary form of cyber crime.
Shockingly, an estimated 3.4 billion spam emails flood mailboxes around the world daily. Despite Google's relentless efforts blocking around 100 million phishing emails daily, over 48% of the emails circulating the internet in 2022 were spam and Millennials & Gen-Z, though digital natives, emerge as some of the groups most susceptible to phishing traps.
In 2022 a staggering 83% of UK businesses that felt the sting of a cyber attack where phishing was identified as the entry point culprit. Alarmingly, the average cost for an organisation to recover from a data breach surpasses £3.4 million.
Phishing is a method of attack used by cyber criminals, in which they send malicious messages to unsuspecting targets. Their intent? Luring victims to download malware or visit fake websites designed to capture sensitive data such as user account credentials or financial data.
Despite advancements in technology, phishing remains the dominant cyber threat to businesses who are not adequately protected. Astonishingly, 83% of UK businesses that faced a cyber attack in 2022 have stated that the entry point of the attack was a phishing email.
The global statistics are equally alarming: in 2021, 323,972 internet users were lured in by phishing attacks. Attacks such as these have resulted in a staggering loss totalling (in 2021) $44.2 million, a number which only increases with every year.
One such phishing method, identity ‘jacking or identity impersonation, has seen a significant increase in recent years as attackers use stolen email account credentials to target other people or businesses. Often attackers will sit inside a users email account for days, weeks or even months to monitor communications, learn the users language style and target other business. This method has become even more prevalent and convincing as attacker adopt the use of Generative AI & Large Language Models to be able to produce convincing fake and targeted emails.
Now, more than ever, businesses must prioritise cyber security, especially sectors like financial services, law firms, logistics industries, real estate agencies, schools, medial centres and more. A 2019 study spotlighted spear phishing as the top choice for cyber criminals, with approximately 65% of groups opting for this method. A whopping 96% of these attacks were executed with intelligence gathering in mind.
The statistics from 2022 further illuminate the threat. The most common URL domain found in phishing emails was '.com', making up 54%. Top domain names that were mimicked include Adobe, Amazon, Google, Apple, LinkedIn and more. However, attackers have also begun to use newer domain extensions such as .mov & .zip due to their similarities to common file types. Google made these Top Level Domains (TLD’s) available in 2023.
In recent years, cyber criminals have capitalised on the trust and ubiquity of established brands like Amazon, Apple, Google and LinkedIn to devise sophisticated phishing attacks. By masquerading as brands such as Amazon, attackers send counterfeit emails to unsuspecting users, often alerting them about fake order issues, account problems, or enticing promotions. These deceptive emails typically contain malicious links or attachments, leading users to counterfeit sites that mirror Amazon's official platform, aiming to harvest sensitive data such as login credentials and credit card information. Given Amazon's vast customer base, even a small success rate for these attackers can result in a significant number of compromised accounts, making it imperative for users to exercise caution and verify any unsolicited communications purportedly from the e-commerce giant. This has become such a problem for amazon that they have begin to regularly communicate with customers some of the signs to watch out for in these types of emails.
Cyber criminals, never resting on their laurels, are ramping up their efforts. A 2022 report revealed an 80% likelihood of organisations facing email-based cyber attacks. A whopping 96% experienced at least one phishing attack in the past year, with 52% of these attacks evolving in complexity. The sheer volume of phishing emails heightens the risk of successful breaches, with 92% of businesses admitting to having at least one business email compromised. It is important that businesses understand the need for advanced email security solutions in order to protect their business from these types of attack.
Global Phishing Statistics
Google works tirelessly, blocking approximately 100 million phishing emails every single day. Yet, the threat persists. The top five brands impersonated for phishing attempts in Q2 2023 included Microsoft (29%), Google (19.5%), Apple (5.2%), Wells Fargo [US] (4.2%), and Amazon (4%).
In the second quarter of 2023, a phishing scheme aimed at Microsoft account holders sent deceptive messages about unusual sign-in behaviour. This scheme circulated misleading emails, seemingly originating from within the company, with sender names like "Microsoft on”. The subject of these dodgy emails read "RE: Microsoft account unusual sign-in activity", suggesting they'd noticed irregular sign-in actions on the recipient's Microsoft account. These emails listed specifics of the “supposed” sign-in, including the country/region, IP address, date, platform, and browser in an attempt to bait users into clicking on links.
Phishing and the world of cyber crime are ever evolving, including using new tools such as Generative AI & Large Language Models to improve their attacks. Whether it's a business or an individual, everyone remains a potential target.
As we move forward, awareness, education, and proactive measures are crucial in our battle against these invisible threats. As such it is important to have a strong email security solution in place, our Advanced Email Security solution uses AI and Machine Learning tools to be able to spot these common types of phishing attacks and much more.
Advanced Email Security can monitor for suspicious language, requests, if the display name does not match the email or previous communications, it can identify vulnerable people within your business, monitor hyperlinks to ensure they are not designed to capture your data, check attachments for malware and much more besides. Our Advanced Email Security can also help train you users to spot phishing attacks through phishing simulations and training tools.
If you would like to find out more about our Advanced Email Security Solution visit our Email Security Service page or Contact Us to arrange a Demo.
In the fight against cyber crime, knowledge is power. Stay Safe, Stay Vigilant, Stay Cyber Secure.
    Help Desk