Alert: Phishing Attacks Set Records in Q1. How Strong Are Your Defenses?
On May 24, the Anti-Phishing Working Group (APWG) announced that the number of observed phishing attacks in Q1 2016 was higher than any total its seen since it began tracking and reporting these statistics in 2004.
In its newest Phishing Activity Trends Report, the APWG noted a 250% increase in phishing sites between October 2015 and March 2016 — and the 2016 uptick indicates an alarming trend. “We always see a surge in phishing during the holiday season, but the number of phishing sites kept going up from December into the spring of 2016,” said Greg Aaron, APWG Senior Research Fellow and Vice President of iThreat Cyber Group. “The sustained increase into 2016 shows phishers launching more sites, and is cause for concern.”
Here’s a snapshot of some of the key statistics from the report:
- A record-breaking 289,371 unique phishing websites were observed in Q1 2016.
- 123,555 of the unique sites — more than 40% of the total — were detected in March 2016.
- At 42.71% of attacks, the Retail/Service industry sector continued to be the most targeted. The Financial (18.67%) and Payment Service (14.74%) ranked second and third.
- More than 75% of the phishing websites observed were hosted in the U.S.
- 20 million new malware samples were captured during the quarter.
- China had the highest malware infection rate, with 57.24% of computers infected.
How Are You Responding to the Threat?
Spam filters, blacklists, firewalls, and other technical safeguards do not stop all phishing emails from getting to your end users. That can’t be disputed. To give yourself the best shot at reducing successful attacks from the wild and the malware and ransomware infections that come with them, you must educate your end users to recognize, avoid, and report phishing messages.
As we’ve noted recently, awareness and training are two different things. Simply making your users aware that phishing threats exist is not the same as arming them with the knowledge they need to defend against social engineering attacks. Our Anti-Phishing Training Suite — which pairs our ThreatSim® simulated phishing assessments, interactive training modules, PhishAlarm® one-click email reporting, and measurement and analysis tools — is an ideal foundation for your security awareness and training efforts.
What makes our approach a more effective anti-phishing education solution than others out there? Here are a few ways we stand apart:
- We pioneered the use of simulated phishing attacks, and our cofounders based the Wombat Continuous Training Methodology on research successfully completed at Carnegie Mellon University.
- Gartner named us a leading provider of computer-based security awareness training for two years in a row.
- Our education is available on demand, and our brief, interactive training modules utilize proven Learning Science Principles to effectively engage end users and help facilitate longer-term knowledge retention.
- Award-winning customer service is included with every license. We provide pre-launch and post-launch support for your cyber security training program, as well as guidance on goals and strategy.
- Multinational companies can deliver cybersecurity education in more than 25 languages. Our professional, high-quality translations ensure assessments and training are clear and consistent for all global employees.
Our Results Speak for Themselves
Our customer Case Studies and Result Snapshots (available in our Resource Center) show that our products and methodology cross all vertical markets and industries. Wombat customers have realized significant improvements using our security awareness and training solutions, including up to a 90% reduction in successful external phishing attacks and malware infections, fewer helpdesk calls, improved security behavior metrics, and more.
Subscribe to the Proofpoint Blog