Email phishing is a major threat, but phishing attack vectors have expanded to target people via ads, pop-ups, social media, search, IM, SMS, rogue apps, and more. Security teams need to make sure employees are protected against these other phishing lures too.
A continued focus on the timeline of phishing attacks shows how much is at stake based on just the first few minutes of phishing attacks, and makes it clear why successful front-end protection of your organization’s employees against phishing attacks requires a high-speed, highly automated, real-time approach that is designed to operate faster than both users and attackers. The sheer volume of domain names and URLs and the speed at which they change only exacerbates the problem.
From over 1,400 simulated phishing attacks, the likelihood of the first user click on malicious emails occurring within 30 seconds was about eight percent. The likelihood of the first user click on malicious emails occurring within 60 seconds was about 30%, while the median time-to-first-click on malicious emails was just 134 seconds. (Aberdeen Research 2019)
Empirical testing shows that by the end of the first 60 minutes, automated browser-based protections range from 77.3% to 89.5%, and increase over time to between 94.3% and 96.7% (NSS Labs December 2018)
Attackers hook virtually 100 percent of their phishing victims within the first 4 to 8 hours — by which time they have shut down 75% of their phishing URLs and moved on. (Webroot 2018 Threat Report)
93% of confirmed data breaches involved phishing by getting users to click on malicious attachments or links through emails, plus the increasing use of social media and other methods like ads, browser extensions, freeware, instant messages, and pop-ups to attack organizations. (Verizon 2018 DBIR)
Email phishing threats grew 250% in 2018, with attackers moving to multiple points of attacks during the same campaign, switching between URLs, domains, and servers when sending e-mails and hosting phishing forms. (Microsoft Security Intelligence Report 2019)