1 in 10 Reported Emails Verified as Malicious


The latest findings from Cofense have revealed that 1 in 10 reported emails in 2018 was malicious. More than 50 per cent of those connected to fraudulent attempts to collect login and system information. This is often referred to as credential phishing.

The Report

The report, The State of Phishing Defense 2018: Susceptibility, Resiliency, and Response to Phishing Attacks, includes detailed information and statistics. The firm analysed over 135 million phishing simulations and 800 thousand reported emails. They also analysed nearly 50 thousand real phishing campaigns. These campaigns targeted organisations in 23 industries. These ranged from healthcare, financial services, manufacturing and more.

Key findings show that 21 per cent of reported crimeware emails contained malicious attachments. The term “invoice” was one of the more commonly used phishing subjects. The term appears in 6 of the 10 most effective phishing campaigns this year.

The Resilience Against Phishing

On a more positive note, Cofence claimed the overall phishing resilience of users has improved in the last few years. Reporting rate is up by 14 per cent compared to 3 years ago. What’s interesting is that organisations in the utilities and energy industries were noted as building the most resiliency to phishing over time. However, Cofense made a clear warning that overall industries involved with critical infrastructure still have a long way to go.

“We founded Cofense on the principle that the human element, the users who are targeted, are a critical factor in defending against phishing threats,” said Aaron Higbee, co-founder and CTO of Cofense.

“We see phishing emails bypass technology controls every day and more and more end-users recognizing and reporting these threats that slipped past million-pound defences. The results of our research detailed in the ‘State of Phishing Defense’ shows that resiliency is building across key industries thanks to those same people that were once deemed as the weakest links in an organization. These trends are powerful and reinforce that humans are a key element to a successful security program.”

Join us for IDM Europe 2019

Identity and Access Management is the bedrock on which digital transformation and business potential are built. Join us in March to discuss how organisations that want to be at the forefront of creating innovative services with global reach need secure and accessible IAM systems that act as catalysts for change and facilitators of business growth.