A report from Wombat Security has revealed the biggest Phishing scams of 2017.

Have you fallen for any of these phishing scams?

Three-quarters of Information Security professionals who responded to the survey said their companies had been subjected to phishing attacks, but people were less likely to click on malicious links in emails thanks to a better understanding of the risks involved.

What are the most common Phishing emails?

Most phishing messages fall into one of four categories:

Consumer: These are the types of phishing messages aimed at the average person gets. E.g., false notifications from social networks, emails purporting to be from Paypal or banks and so on.

Corporate: These look like official communications: false invoices, email quarantine messages and the like.

Commercial: These are non-specific business-related emails such as shipment notifications, or requests for wire transfers.

Cloud: These emails contain links claiming to be from Dropbox or similar cloud sites, tricking users into downloading malicious files.

Almost half of all phishing attacks fall into the consumer or corporate category.

How successful are Phishing attacks?

The click rates on the most successful phishing emails will alarm business owners and IT security professionals. Wombat sent false messages to users to test whether they would click on a well-crafted email phishing attempt.

They found, that although on average, users will click one in 10 phishing emails – but in some categories, the likelihood of a user clicking on a malicious link is:

  • 86% of users will click on “online shopping security update” messages
  • 86% of users click on corporate “voicemail from unknown” scam messages
  • 89% will click on a “corporate email improvement” message

This is not the worst: if a phishing email gets through your spam filters, then an email entitled “Database password reset alert” and “building evacuation plans” will be clicked on almost every time! Of course, in a simulated attack, many of the tell-tale signs of a phishing email were removed, such as poor English and obviously faked “from” addresses, but as phishers become more sophisticated it is more and more likely that they will improve their game as they work out what emails users will open and click on.

How to avoid phishing

  • Set an information security policy – and stick to it
  • Educate your people about the risks of phishing
  • Do not allow work accounts to be used for personal purposes, such as shopping or banking
  • Hire a Hull IT Support company to secure your networks

Digitalquill – Experts in IT Security

For Hull IT security advice for small businesses, call Digitalquill on 01482 424402.