Phishing is a social engineering attack that relies on manipulation, deception, and human error to steal vital information and/or to gain unauthorized access to a computer system. In a phishing scam, cybercriminals impersonate trustworthy institutions and send an email asking for personal information, or they instruct recipients to click on a link which would download and install malware onto their device.
Phishing remains a serious threat to businesses of all sizes and across all industries. That’s why before we step into 2024, you and your staff should know the following statistics so that all of you realize how crucial it is to protect yourselves and your company from malicious phishing attacks.
Phishing: The most common form of cybercrime
According to studies, an estimated 3.4 billion phishing emails per day, or 1.235 trillion emails per year, are sent by cybercriminals worldwide.
Why is phishing the crime of choice?
- Phishing is relatively easy to pull off. Criminals don’t need sophisticated technology or technical expertise to execute this scam. And a criminal can send a phishing email to millions of people all at once, and they only need a small percentage of responses to be successful.
- Phishing is quite effective. Even security experts well versed on phishing scams can fall for them. Human vulnerability can easily be exploited by criminals.
These reasons underscore the importance of training your staff on how to protect themselves from cyberattacks exploiting human factors. And because technology is constantly evolving, make sure to always update their training and conduct it regularly.
The number one phishing target: Financial institutions
Not surprisingly, financial institutions such as banks, payment systems, online stores, and eCommerce are the most popular targets of phishing scams. That’s because these institutions process sensitive data such as financial information and customer data. Also, they have a large customer base, providing more targets for criminals.
If your company is in the finance sector, regardless of the size of your business, be extra wary — you can be the next target of a phishing attack.
Attacks to small businesses are increasing
There’s been a sharp increase in attacks targeting small businesses in recent years. Accenture’s study on cybercrime revealed that nearly 43% of cyberattacks targeted small businesses. Security experts observed that, on average, a small business with a staff of fewer than 100 will more likely experience phishing via malicious email compared to a mid-sized or a large company. Why? Smaller businesses are more likely to have limited resources for cybersecurity, if any, making them more vulnerable to attacks.
Most imitated brands for phishing
Earlier, we mentioned that phishers use the name of trusted institutions in order to fool potential victims into providing sensitive data or clicking on a malicious link. For years now, Check Point Research has been reporting on brands that have been imitated the most by cybercriminals. In Q4 of 2021, it was global logistics company DHL that was copied the most. In Q4 of 2022, Yahoo took over the top spot. And for Q3 of 2023, Walmart was the most imitated brand by hackers. Other notable global brands that criminals impersonate are Microsoft, Google, and LinkedIn.
So the next time you get an unexpected email from these brands, don’t just click on any link on impulse. Check the email first for anything suspicious. It may be a phishing email.
Millennials and Gen Z are most likely to be victims
According to the National Cybersecurity Alliance’s Annual Cybersecurity Attitudes and Behaviors Report 2022, the age groups most likely to fall victim to cybercrime are millennials (those born between 1981 and 1996) and Gen Z (born from 1997 onward).
There are several reasons why they tend to be more vulnerable to phishing attacks:
- Millennials and Gen Z heavily use digital technologies such as email and social media, which are popular avenues for phishing attempts.
- They may not be as well informed about phishing attacks and the tricks used by cybercriminals.
- They may also be more inclined to click on links in emails and text messages, even when those links raise suspicion.
While they may be innately savvy with social media and technology, they can be quite vulnerable to sophisticated scammers that exploit human behaviors to gain unwanted access to IT systems and accounts.
Phishing and other cybercrimes continue to be major concerns for all business owners. But cybersecurity is not just your IT department’s responsibility; it is every employee’s. Make sure they are trained by our IT security experts at Online Computers. Get in touch with us today.