Gone Phishing

Morgan O'Rourke


March 1, 2018

According to Wombat Security’s annual State of the Phish report, 76% of organizations experienced a phishing attack in 2017.

Almost half (48%) of the information security professionals surveyed also said that the rate of phishing attacks is increasing, as are new attack variations such as vishing (voice phishing) and smishing (SMS/text message phishing).

Phishing most often led to malware infection, compromised accounts and loss of data.

The phishing templates that prompted the most user interaction were notifications about corporate email improvements, online shopping security updates and corporate voicemails from unknown callers, all of which were successful more than 85% of the time. Two simulated attacks—a fake database password reset alert and a message that claimed to include an updated building evacuation plan—had a near-100% click rate.

To combat the problem, 95% of organizations train end-users on how to identify and avoid phishing attacks. More than half (54%) said they were able to quantify a reduction in phishing susceptibility in 2017 as a result of this training.

Morgan O’Rourke is editor in chief of Risk Management and director of publications for the Risk & Insurance Management Society, Inc. (RIMS)