The hazards presented by email are numerous.
The hazards presented by email are numerous. According to Verizon’s 2018 Data Breach Investigations Report, for which Cisco is a contributor, email is the number one vector for both malware distribution (92.4 percent) and phishing (96 percent). Act upon the wrong email and you could find yourself the victim of cryptomining, your credentials stolen, or, if you fall for the wrong socially engineered scam, out of large sums of money. Scale this to the enterprise level, and the wrong email can wreak havoc.
How regularly do users fall for email scams? Just ask the folks in Duo Security. The team created the free Duo Insight tool a few years ago, which allows users to craft their own fake phishing campaigns and test them out within their own organizations to see who falls for them and who doesn’t.
Unfortunately, many people do fall for the ruses. According to The 2018 Duo Trusted Access Report, 62 percent of the phishing simulation campaigns that ran captured at least one set of user credentials. Of all the recipients, almost a quarter of them clicked the phishing link in the email. And half of those entered credentials into the fake website.
With this level of success, it’s no wonder that email is such a popular choice for launching phishing campaigns. In fact, it seems that phishing activity could be ramping up, if the number of new phishing domains identified by Cisco Umbrella is any indication. We took a weekly average for the first quarter of 2019, and then compared each week against this average. The results in Figure 1 show that, while the year began slow, the number of new domains being produced accelerated, seeing a 64 percent increase from the first week of the quarter to the last.
