Phishing attacks consisting of harmful URLs are four times more likely to bypass safe and secure e-mail gateways than those with email attachments, Cofense
research study finds. by D. Howard Kass – Mar 30, 2022
Secure e-mail entrance (SEG) vendors frequently place their options as blocking 99 percent of malware to apprehend phishing e-mails however in many cases it’s a marketing claim, stated Cofense, an email security specialist, in its freshly launched 2022 Yearly State of Phishing Report.
The problem is that malware makes up less than three percent of phishing emails reported by workers, the business stated. The 99 percent figure offers SEG designers an “insurance plan” when phishing emails make it past their layered defense. “If you understand about the 1% that side-steps your filtering wouldn’t you block it to begin with?” Cofense stated.
With that backdrop, Cofense said its research study revealed that phishing attacks consisting of harmful URLs were 4 times most likely to bypass protected e-mail entrances than those with accessories. Accordingly, the company warned organizations not to rely too heavily on technology and not to underestimate human reporting to determine and fight phishing explorations and attacks. Undoubtedly, users well trained to help root out phishing is an essential element of a strong defense.
Here are some extra findings from the research study:
- Credential phishing continues to be the top risk facing companies, increasing 10 percentage points because 2020.
- 67% of all phishing emails observed are credential phishing.
- 52% of all credential phish were branded as Microsoft.
- Cofense observed almost 100 unique malware households, representing the complicated landscape of distinct hazards companies need to enjoy.
- The healthcare market continues to be the top target of service email compromise (BEC) attacks.
- 16% of harmful emails discovered in health care environments were BEC attacks.
- Of the Indicators of Compromise evaluated by Cofense’s Phishing Defense Center, 80% contained harmful URLs discovered in the body of the email, while 20% made use of dubious accessories.
- Organizations are significantly aligning their staff member simulation training with real dangers understood to be targeting their organization.
- Cofense saw a 7-point increase in simulations based on credential phishing in 2021.
“If there is anything I hope the industry takes away from Cofense’s 2022 Annual State of Phishing Report, it is that hazard actors are innovating but protected email entrances are not, and well-conditioned users report genuine phish,” stated Aaron Higbee, Cofense co-founder and primary technology officer. “I think the variety of real phish, reported by real users, discovered in all major SEG environments promotes itself,” he said.
