by …however once a user had been fooled into clicking the link, half were likely to enter credentials regardless of what sector they worked in.
Link: https://research.nccgroup.com/2020/04/03/crave-the-data-statistics-from-1300-phishing-campaigns/
Summary:
- Authored on April 3rd by Simon Palmer at NCC Group, the article summarises results of 360,000 emails across 1,300 phishing campaigns
- Data points tracked include click counts, credentials entered, & time-to-click by targets
- Differences in click-rate on malicious emails were observed between certain sectors
- Top three sectors for click-through were charities, IT Services, and Local and Public Sector
- Users in charities were 3 x more likely to click a link in phishing email vs Healthcare sector
- Lowest click-rate sectors were Retail, Health, and Financial Services (FSI)
- Financial Services accounts for the majority of campaigns
- The average rate of users entering credentials following click-through across sectors is 42%
- IT Services exhibited most credentials entered once a phishing link is clicked (62%)
- Security organisations should assume at least half of phishing email recipients will click a malicious link, and around half of those will enter credentials
- Two-Factor Authentication (2FA) is the strongest and most efficient mitigation control when considering phishing targeting credential-theft
Share Post:
