The digital security consultancy, Cofense, has recently published a report about the state of phishing attacks throughout this year. The report, State of Phishing Defense 2018, has gathered data from more than 135 million simulated phishing emails that were sent to a sample of 1,400 companies all over the world. Subsequently, this data was correlated with information about real attacks, gathered by Cofense’s Phishing Defense Center (PDC). After analyzing all this information, the findings uncovered are extremely revealing.

Attachments are one of the most frequent types of phishing.

The first fact highlighted by the report is that, on average, one in every ten emails are reported as being malicious, though this varies from month to month: January is the month with the lowest incidence, with 7%, while July has the highest incidence, at 13%. As we will see when we discuss another of the conclusions of the report, this seasonal fluctuation is no coincidence.

By sectors, utilities, and law firms and legal consultancies are the most affected, with 20% and 19% of emails reported as malicious respectively, while in technology and financial services, the ratio was just 7%. Despite all of this, and as the report highlights, a lower number of attacks does not imply a lower risk: a single isolated case can cause million dollar losses for companies.

Another notable conclusion stems from an analysis of the types of phishing: emails containing malicious files continue to be one of the favorite phishing categories. This way, cyberattackers seek to evade the URL scanner that many cybersecurity solutions use as a defensive barrier to detect phishing. However, the most surprising data in the study comes from an analysis of the subject of phishing emails.

The danger of “invoices”

Sorting emails according to the subject gives us a staggering ranking: 6 of the 10 most effective phishing campaigns in 2018 contained the word ‘invoice’ in the subject. What’s more, the remaining words are also related to financial activities in companies: ‘remittance’ or ‘payment’. For this reason, June and July, which are the end of the financial year for many companies with an international presence, mean an upturn in the amount of attacks compared to other months. For the same reason, employees in the financial department of organizations are the group most vulnerable to this kind of attack.

Top ten phishing campaigns subject
Source: Cofense, State of Phishing Defense 2018.

Prevention and awareness

As we explained in a previous article, phishing continues to be common because deceiving people using so called social engineering is a much easier task for cyberattackers than trying to circumvent firewalls and cybersecurity solutions that protect inboxes. In this sense, it is fundamental to work on preventing employees from falling prey to these tricks, especially employees that belong to the company’s financial services.  This is why we have several recommendations for measures that must be implemented.

A first logical step is for employees to learn how to identify suspicious phishing emails that contain attachments. Many of these emails contain names and images taken from real companies that may be providers to the organization. However, they usually contain a few suspicious elements too:

  • A domain name used by the sender that doesn’t entirely coincide with the domain of the company that is sending the invoice.
  • A different language from that usually used by the organization to communicate with the providers.
  • Serious spelling or grammar mistakes, product of the use of machine translation programs when writing the email.

In this context, employees should carry out phishing simulations so that, with practice, they learn how to identify these emails quickly based on these patterns.

Secondly, prudence is key. As such, it is vital that employees bear in mind that they must not open any attachment until they are absolutely sure that this email is from a real sender, and that it is safe. If it doesn’t show any of the signs of phishing listed above, but doubts still linger, it is better to check the company’s billing system or to ask the rest of the team: are there pending invoices or payments? What is the status of the relationship with this possible provider? And, when in doubt about a possible risk, it is always best to alert the company’s security team.

Finally, it is a very good idea for the company to have an advanced cybersecurity solution that provides 360º monitoring.  In this sense, Panda Adaptive Defense is able to detect all possible threats beforehand, and perform a complete scan of all emails and attachments in real time as soon as they reach the company’s inbox. This real time visibility allows any possible phishing attempt to be stopped dead, keeping the company completely safe.