Phishing Campaigns Snare Victims Quickly, Data Breach Report Finds

Phishing is reeling in more victims than in previous years, a new report found.

In 2014, 23 percent of phishing email recipients open up the message, up from earlier yearly averages of 10 to 20 percent.  In addition, 11 percent of the recipients click on the attachments, the 2015 Data Breach Investigations Report conducted by Verizon found.

In a “sanctioned” test, the report noted that of phishing messages that were opened 50 percent were opened within the first hour after the message was sent.  Some messages were opened slightly over one minute after the message was sent.  Within organizations, “Departments such as Communications, Legal, and Customer Service were far more likely to actually open an e-mail than all other departments,” the report said.  “Then again, opening e-mail is a central, often mandatory, component of their jobs.”

The report found phishing has evolved over the years to incorporate installation of malware rather than merely duping people into providing personal identification or bank information.  “The user interaction is not about eliciting information, but for attackers to establish persistence on user devices, set up camp, and continue their stealthy march inside the network.”  Moreover, phishing has become “a favorite tactic of state-sponsored threat actors and criminal organizations.”

Over 70 organizations contributed to the data breach report, which is designed to help paint a picture of the threats, vulnerabilities, and actions that lead to security incidents.