Have you ever received an email like this? This was the trickiest cyberattack theme in 2020. Attackers were very creative and they used very tricky themes during last year. Here are some examples;
1. Free month of Netflix streaming for employees
2. Vacation contract rental
3. Starbucks pumpkin spice season
4. 2020 Summer Olympics advanced ticket sales
5. Overdue invoice reminder
1. New Microsoft Teams request
2. Coronavirus advisory alert and health warning
3. Office 365 password expiration notice
4. Deactivation of old OneDrive account
5. OneDrive shared contract notification
2020 was a challenging year for all of us. Not only health concerns and stress but as individuals, we have also been tested by security problems too. 2020 was an exceptional year for cybersecurity issues and phishing attacks. Cyberattacks came in very different forms; email, social media, text and even phone calls. According to the 2021 State of the Pishing Report of Proofpoint Inc., a cybersecurity and compliance company, “74% of U.S. organizations experienced a successful phishing attack last year, 30% higher than the global average and a 14% year-over-year increase”. This report also shows that cyberattacks’ common ways were large volumes of credential phishing emails and social engineering techniques, leading to data loss. The impacts of successful phishing attacks were also remarkable; 60% of data loss, 52% of credential/account compromise and 18% of financial loss. Those numbers can tell us so much about how significant is the threat of cyberattacks.
2020 was also an unlucky year for some organizations that experienced a ransomware attack. They had to pay attackers’ ransom to regain access to their systems. According to the 2021 State of the Pishing Report, “Victims who paid in 2020 were less likely to regain access after the first payment than they were the year before, and requests for additional ransom demands rose by more than 320% in 2020.” Very scary, isn’t it?
Of course, organizations have taken action against the attackers. According to this report, in 2020, “Their customers sent more than 60 million phishing tests to their users, nearly 15 million more than were sent in 2019”. Although there was a slight decrease in the average failure rate of 11% in 2020, according to the report, we believe that companies must continue to respond to test how well users can recognize and avoid phishing threats. Another critical point is to be able to create tricky campaign template themes to test users.
If you want to learn more about how attackers continue to get more creative and how companies respond to those attacks, you can download Proofpoint Inc.’s report here 2021 State of the Phish report.