Spear Phishing Growth Adds Danger to an Already Treacherous Phishing Landscape

Phishing is today’s top cybersecurity menace, and it’s only becoming a bigger threat in the post-pandemic landscape. Especially since remote workers are more likely to fall for phishing scams. Recently, specialized phishing attacks like spear phishing and whaling are having a particularly big impact as a perfect storm of chaotic world conditions and uncertainty cause phishing to make a huge splash in cybersecurity in 2020.

These 10 phishing facts illustrate how important it is to take steps now to mitigate today’s tidal wave of phishing attacks:

  • More than 80% of all cyberattacks are phishing attacks
  • Phishing attacks have increased over 600% since the start of the COVID-19 pandemic
  • Almost 65% of organizations have experienced a phishing attack in the last year
  • A new phishing attack is attempted is made every 39 seconds
  • An estimated 90% of cyberattacks that result in data breach begin with a phishing email
  • 94% of phishing emails use malicious file attachments as the payload or infection source
  • Google estimates it blocks 18 million COVID-19 scam emails a day from its 1.5 billion users
  • COVID-19 has become the biggest phishing topic in history
  • 75% of phishing targets are found through web searches or common email address formats
  • 65% of cybercriminals use phishing as their primary form of attack

And as though general phishing isn’t enough of a cybersecurity problem, spear phishing is especially insidious. Using information about the victim gathered from the Dark Web and other sources, smart cybercriminals craft phishing emails that appear to be legitimate and closely related to the victim’s business or personal interests, to trick the recipient into interacting with them and giving the bad actor a way into the victim’s systems and data – and they’re highly effective.

It’s not just the rank and file who have to worry about watching out for phishing attacks. Whaling attacks are designed to catch even bigger prey – executives, administrators, and other privileged users with access to the most sensitive data. These big fish are often less likely to suspect that they’re being targeted by phishing, and not as trained to look out for threats, with disastrous results.

Phishing Training for Everyone is Mission Critical

Every cybersecurity strategy includes phishing training but doesn’t necessarily make it a priority – and that’s a mistake. Frequent and updated phishing training shouldn’t just be a priority for some of your users – it needs to be a top priority for everyone who accesses your network, from the interns to the CISO.  Especially with strong spear phishing growth expected to continue in today’s drastically increased threat environment, the strongest defense any company can build against phishing is a well-trained staff and top of the line monitoring system like Dark Web ID.

Monitor the Dark Web for the Right Information to Reduce Threats

Dark Web monitoring gives companies a general picture of their threats and helps guard against dangers like malicious insiders and password compromise.  But the right Dark Web monitoring can not only guard against general threats, it also looks out for specific information that may make your executive team more likely targets for whaling attacks.

Dark Web ID is the solution you need. Not only is the human and machine intelligence used by Dark Web ID to detect threats at work looking for general threats 24/7/365, Dark Web ID will also be on the lookout for specific email credentials to hit the Dark Web to warn you when a highly privileged user is in danger of compromise.  By adding Dark Web ID to your security stack, you’re putting important building blocks in place to create a strong digital risk protection platform. We know that every company has different needs, and we’re ready to help you build your perfect cybersecurity defense. Contact us today to get started!

Article used with permission from ID Agent