Please fill in the form below to subscribe to our blog

This Dynamic Duo Dramatically Reduces Phishing Risk

July 21, 2022

Reducing Phishing Risk Doesn’t Have to Be Complicated or Expensive

What’s the common denominator between most of today’s nastiest cyberattacks like business email compromise, account takeover and ransomware? If you said phishing, you’re right. An unprecedented level of phishing has created a new level of security stress for organizations and IT professionals everywhere. While it pays to investigate new tools and techniques that will help reduce a company’s phishing risk, it also pays to remember that some traditional weapons never become obsolete, giving businesses a consistent security boost without a big upfront investment. Security awareness training and phishing simulations are exactly the dynamic duo that businesses need to reduce phishing risk fast. 

Excerpted in part from our cybercrime report The Global Year in Breach 2022. DOWNLOAD IT>> 

Finding the fix for your security & compliance training challenges is easy with our buyer’s guide! GET YOUR GUIDE>>

A New Phishing Surge Brings New Danger

Phishing has reached new heights, scoring an all-time high in Q1 2022 by surpassing one million recorded attacks. This is unwelcome news for IT professionals who have been contending with a non-stop tide of phishing-related threats that has only grown more dangerous since the start of the global pandemic. The Anti-Phishing Working Group (APWG) recently released a report noting that they recorded 1,025,968 total phishing attacks in Q1 2022, with the largest number noted in March. This is a substantial increase over the prior record of 888,585 attacks, observed in Q4 2021. Researchers also noted that the number of phishing attacks that they’ve recorded has more than tripled since early 2020 when they saw between 68,000 and 94,000 attacks per month.  

January February March 
Number of unique phishing Web sites (attacks) detected 331,698 309,979 384,291  
Unique phishing email subjects    15,275 14,176 24,187 
Number of brands targeted by phishing campaigns 608 621 673 

Source: APWG

See cybercrime trends & the results of thousands of phishing simulations in The Global Year in Breach 2022. DOWNLOAD IT>>

Phishing Patterns Constantly Evolve 

Researchers noted changes in phishing patterns in many industries, and it’s easy to see that phishing is a foe that constantly evolves, making it a threat that can be hard to pin down. APWG researchers noted that phishing attacks against webmail and software-as-a-service (SaaS) providers remained prevalent, as they were in late 2021 as well. Seasonal shifts occurred in the pace of attacks against retail and eCommerce companies falling from 17.3% in late 2021 to 14.6% after the holiday shopping season. Phishing against social media sites also rose in the first part of 2022, climbing from 8.5% of all attacks in Q4 2021 to 12.5% in Q1 2022. Phishing around cryptocurrency has continued to be a problem. Cryptocurrency exchanges and wallet providers were hot phishing topics and phishing risk around them remained steady from late 2021, inching up from 6.5% in late 2021 to 6.6% in Q1 2022.  

7 Industries Most Targeted by Phishing 

in % of total phishing messages analyzed 

Finance 23.6
SaaS/Webmail  20.5
eCommerce/Retail  14.6
Social Media 12.5
Cryptocurrency 6.6
Payment 5.0
Shipping/Logistics 3.8
Other 13.4

Source: APWG Phishing Activity Trends Report Q1 2022 

Go inside nation-state cybercrime to get the facts and learn to keep organizations safe from trouble! GET EBOOK>>

 What Phishing Tricks Do Employees Fall For? 

Phishing has been the reigning champion of data breach risks for three consecutive years because it’s versatile, cheap for cybercriminals to run and highly effective. CISCO’s 2021 Cybersecurity threat trends report shows that at least one person clicked a phishing link in around 86% of the organizations studied. Our award-winning security and compliance awareness training solution BullPhish ID is used by organizations of all sizes in a wide variety of industries. Analyzing the results of thousands of phishing resistance training sessions and phishing simulations with BullPhish ID illustrates the degree to which phishing is an ongoing challenge to conquer. 

2021 BullPhish ID phishing resistance training totals    

  • Total number of training campaigns created – 81,484 
  • Total number of phishing simulation emails sent – 2,424,762   
  • Total number of clicks on phishing simulation emails – 106,670 

Top 3 security awareness training courses of 2021 

  1. Phishing: Introduction to Phishing – 150,163 created trainings 
  2. How to Avoid Phishing Scams – 129,666 created trainings 
  3. Phishing: The Dangers of Malicious Attachments – 100,265 created trainings 

Drill down to the bottom line to see why security & compliance awareness training is a smart investment. GET IT>>

  Security Awareness Training to Reduce Phishing Works 

One of the most effective weapons against phishing is regular security awareness training. This multi-benefit dynamo slashes the chance that employees will fall for a phishing lure dramatically. In fact, 80% of organizations in a study said that security awareness training reduced the chance that a staffer would fall for phishing substantially. Ultimately researchers determined that although security awareness training doesn’t work overnight, it makes steady progress that holds up over time reducing a company’s phishing risk from 60% to 10% within the first 12 months

Every minute an employee spends in training pays off. Employees who receive training know that they play a part in defending their employers from cyberattacks. In a study by Osterman Research, analysts noted that the less security awareness training employees receive, the less they see themselves as playing a role in maintaining security. An estimated 70% of employees who spent less than five minutes per month on security awareness training said that they played little to no role in defending their company from cyber threats. But with more than five minutes of training every month, there’s a 40% improvement in the percentage of employees knowing that they play a role in defending their organization from cyber threats. 

Is it time to update your security awareness training policy – or create one? These 6 tips can help! DOWNLOAD NOW>>

Phishing Simulations Are Effective 

Beyond training with videos and quizzes (the most effective type of security awareness training), training employees to resist the temptations of phishing lures using phishing simulations is an effective tactic. In a report by Microsoft, analysts determined that when employees receive simulated phishing training, they’re 50% less likely to fall for phishing.  People are more likely to learn and retain new knowledge by experience, and phishing simulations help employees hone their ability to spot red flags – and an estimated 90% of employees who receive more than five minutes of security awareness training every month are likely to know to divert suspicious messages to administrators or the IT team.  

Our award-winning security awareness training solution BullPhish ID offers organizations the ability to train employees with phishing simulations using customized content or plug-and-play premade modules. Here are the results of employee phishing simulations conducted through BullPhish ID in 2021. 

Top 3 phishing simulation campaigns that successfully drew employee interaction   

  1. Office 365 – Suspicious Login – 10,879 clicked   
  2. FedEx – Package Delivery – 6,535 clicked   
  3. Google Docs – Invitation to Edit – 4,492 clicked   

Top 3 phishing simulation campaigns that captured credentials & data    

  1. FedEx – Package Delivery – 2,056 captures   
  2. Office 365 – Suspicious Login – 1,736 captures   
  3. COVID-19: SharePoint Webinar – 1,440 captures  

Top 9 industries where employees supplied their credentials in phishing simulations 

  1. High-Tech & IT — 3,755    
  2. Medical & Healthcare — 3,504  
  3. Other — 4647  
  4. Manufacturing — 1,801    
  5. Non-Profit Organization — 1,758   
  6. Education & Research — 1,522  
  7. Finance & Insurance – 1,239  
  8. Business & Professional Services – 1,144  
  9. Retail & Ecommerce — 1,046  
  10. Legal — 704 

Total number of credentials submitted in simulations in 2021 — 23,353 

Are your users ready to handle all of the risks they face daily? Make sure you’ve covered all the bases! GET A CHECKLIST>>

Choose a Phishing Simulator & Security Awareness Training in One Powerhouse Solution

Prevent phishing incidents with BullPhish ID and Graphus

BullPhish ID is a security awareness training and phishing simulation solution that transforms your employees into your biggest security asset. It empowers your employees to detect and eliminate phishing attempts effortlessly, thus protecting your organization from costly cybersecurity mistakes.   

Graphus, an AI-based, automated anti-phishing email security solution, recognizes and stops even the most sophisticated phishing attacks. It blocks the vast majority of phishing emails from reaching an employee’s inboxes, so they never have to interact with malicious messages, reducing the risk of mistakes.

Book a demo of our anti-phishing solutions today and protect your organization from phishing threats.

NEW FEATURE!  Enjoy a major BullPhish ID enhancement, Advanced Phishing Simulations (Drop-A-Phish), that leverages the power of integration with Graphus to eliminate the need for domain whitelisting and ensure 100% campaign deliverability to end users. LEARN MORE>> 

dark web threats

Read case studies of MSPs and businesses that have conquered challenges using Kaseya’s Security Suite. SEE CASE STUDIES>>