Phishing Facts
Attempts to trick a user into sharing personal or sensitive information
What is Phishing?
When an attacker targets specific individuals within the organization using real names, job functions, or work telephone numbers to make the recipient think the email is from someone legitimate inside the organization
What is Spear Phishing?
A phishing technique used by attackers named similarly to a popular MTV show
What is Catfish?
This bank in Belgium lost €70 million (approximately $75.8 million) in a CEO fraud attack that was reportedly discovered during an internal audit
What is Crelan Bank?
Percentage of users unable to recognize a sophisticated phishing email (37%, 57%, or 97%)
What is 97%?
An attack that uses a fake WiFi hotspot, that actually lures victims to a phishing site when they connect to it. Once victims land on the site, they are prompted to enter personal data, such as login credentials, which then goes straight to the hacker.
What is Evil Twin Phishing?
Upwork team that handles phishing emails and deploys security enhancing technologies organization-wide
What is Upwork's Information Security Team?
In 2015, this leading electronic funds transfer provider, found itself in the crosshairs of a business e-mail compromise scam targeting its finance department via emails impersonating employees and sending fraudulent payment requests. This cost them nearly $31 million.
What is Xoom Corporation?
Percentage of data breaches in 2020 involving phishing attacks (11%, 22%, or 71.7%)
What is 22%?
When an attacker calls a phone number and creates a heightened sense of urgency that makes the victim take actions against their best interests
What is Vishing?
An effective way to combat spear-phishing, whereby, if an attacker has your credentials they would still need the information sent to you via a second method to access the targeted account
What is two-factor authentication/multi-factor authentication?
In 2021 attackers sent phishing emails to employees of this southern pipeline/oil company asking them to download a “ransomware update” that was actually malware
What is Colonial Pipeline/ Colonial Pipeline ransomware attack?
Most impersonated brand used in phishing attacks throughout Q4 of 2020 (Google, LinkedIn, or Microsoft)
What is Microsoft?
Malicious actors searching for websites a company's employees visit often, then infecting the IP address with malicious code or downloads
What is Watering hole phishing?
An act by an attacker to use many stolen credentials to try to gain access to users services
What is credential stuffing?
In 2015, this U.S. computer networking company, was unaware that it had been scammed for $46.7 million through CEO fraud emails and was notified of the activity by the FBI
What is Ubiquiti Networks?
The top three types of data that are compromised in a phishing attack (geolocation data, online account credentials data, personal data, medical data, social media profile data)
What is 1) Online account credentials data, 2) Personal data and, 3) Medical data?
This is similar to both vishing and smishing, an attacker uses notifications or direct messaging features in a social media application to entice victims into taking action
What is Angler Phishing?
The federal agency created in 2018 to lead efforts to enhance the security, resiliency, and reliability of America's cybersecurity and communications infrastructure.
What is the Cybersecurity and Infrastructure Security Agency (CISA)?
The two famous technology companies scammed out of more than $100 million between 2013 - 2015 through an elaborate invoice scam
What is Facebook and Google?