For Cybercriminals, A Bad Day of Phishing is Still a Good Day

For Cybercriminals, A Bad Day of Phishing is Still a Good Day

fishing at the river

Phishing is still here, still bad, very lucrative for cybercriminals, and not going away anytime soon.

I first heard about phishing in 2004. I was astonished to learn the annual average of phishing emails reached  0.1 percent, or 1 in 943 emails, resulting in the infection of countless computers and devices. That’s a huge return for a relatively minimal investment of a cybercriminal’s time.

Now, well over a decade later, a large percentage of people still become victims of phishing attacks. The latest Annual Data Breach Report from Verizon reported that according to their research, users click on and open 30 percent of all phishing emails, and only 3 percent of targeted users report malicious emails to management. Additionally, the data showed that 12 percent of the time, users opened malicious attachments within those emails.

Delivery techniques

After all of these years, phishing remains one of the leading methods used by cybercriminals to attack and gain access to their victim’s networks. The malware has grown more sophisticated over the years, but the delivery techniques haven’t changed all that much.

“Apparently, the communication between the criminal and the victim is much more effective than the communication between employees and security staff.” –Verizon

User training

User training can significantly help reduce infections. But if history is our window to the future, the last decade or more of phishing lessons have taught us that a significant amount of scandalous emails and attachments will continue to bombard our users. A lot of it will find its way into our networks. Much of it will be advanced and evasive, the kind that conventional malware detection systems won’t be able to detect.

Our only recourse is to deploy a malware detection system that has been specifically designed to spot the latest and most evasive forms of malware. Anything less than that will not provide adequate protection against phishing attacks.

Find out more about how PhishMe Triage and Lastline Analyst work together to improve detection and response visibility to combat phishing attacks.