Whether they’re deliberately breaking policy or inadvertently opening up vulnerabilities, users are a target. Social engineering remains one of the most powerful tools in the cybercriminal arsenal. And attackers are finding increasingly innovative ways to exploit and manipulate users.
Year after year, phishing tops the lists of the most common attack types. The 2019 edition of Verizon’s annual Data Breach Investigations Report (DBIR) found that 32% of confirmed data breaches involved phishing.
Phishing has been around since the mid-90’s. While some of these infected emails are now automatically blocked by mail systems like Google Gmail and Microsoft Office 365, many still get through. And as email providers and the vendors of tools that block phishing evolve, hackers are continually innovating, developing new techniques to evade detection and lure hapless users into divulging valuable information. As a result, the incidence of phishing attacks remains high.
Attacks are becoming more sophisticated and targeted. And as defenses improve, attackers are increasingly turning to mobile.
When you look at your emails on a mobile device, you’re at a disadvantage. It’s not as easy to spot the signs of something nefarious. You can’t always see the padlock symbol or lack of it, or hover over a link to see the underlying URL. This can make users more prone to phishing attacks.
In fact, even among companies with defenses in place—including mobile device management (MDM) and almost certainly at least one form of email filtering—many of their users still received and clicked on phishing links.
And of the users who fell for a phishing attack, most were repeat victims. More than half (53%) of users that clicked on a phishing link clicked on more than one. But according to Lookout’s research, enterprise users did better than consumers—the averages being 3.3 and 9.3 times, respectively.5