Updated Phishing Statistics That Will Shock You
Quick Answer
Phishing attempts rose 400 percent from January to July 2019 according to a Webroot report, and the underlying tactics matured alongside volume. 29 percent of phishing sites used HTTPS, eroding the lock icon as a trust signal. 24 percent of malicious URLs were hosted on trusted domains (legitimate services abused for staging or redirect chains), bypassing reputation-based filters. Phishing emails became more personalized, drawing on data from large breaches to add context that defeats generic awareness training. The most-impersonated industries in the period were SaaS providers, financial services, payment processors, social media, and retail. The takeaway: HTTPS, familiar domains, and personalized content all increase click rates against trained users, so defense has shifted toward DMARC enforcement, link rewriting, and post-delivery detection rather than user vigilance alone.
Phishing attempts are up 400% from January to July 2019, according to a new Webroot report. That’s not a shocking statistic. Afterall, phishing is a very profitable business and profitable businesses tend to reinvest in their business. The more successful phishing becomes, the more phishing attacks you’d expect to see.
The shocking statistics highlight just how sophisticated phishing has become. For example, nearly one third (29%) of phishing sites use HTTPS. HTTPS on a website used to be a badge of security. You could blindly trust a website with HTTPS. Not anymore.
Hackers are also using trusted domains to trick victims. Almost one in four (24%) malicious URLs were found hosted on trusted domains. Hackers use trusted domains because, just like HTTPS, they raise less suspicion among users and are more difficult for security technology to detect.
Not only are phishing emails becoming more sophisticated, they’re also becoming more personalized. “We are beginning to see hackers create more personalized phishing emails using data gathered in recent massive breaches, as well as the use of HTTPS and trusted domains to seem more legitimate. These tactics take advantage of familiarity and context, and result in unwarranted trust,” Webroot Senior Threat Research Analyst Tyler Moffitt said.
The top industries impersonated by phishing include:
- 25% are SaaS/Webmail providers
- 19% are financial institutions
- 16% social media
- 14% retail
- 11% file hosting
- 8% payment services companies
The other statistics of note have to do with Windows 7, and operating system that’s coming to the end of its life. Case in point, “Windows 7 is becoming even riskier, with infections increasing by 71%.”
The numbers will only go up from there. Are you prepared? If not, you need true, real-time phishing protection from DuoCircle. It protects against ransomware, blocks malicious websites and comes with real-time link click protection. It sets up in 10 minutes, costs pennies per month per account and comes with 24/7 live technical support.
Don’t become a victim of shocking phishing statistics. Head on over to DuoCirlce.com.
General Manager
General Manager at DuoCircle. Product strategy and commercial lead across the email security portfolio.
Secure your email infrastructure
Protect, authenticate, and deliver. Contact our team to find the right solution.