Most Common Phishing Emails Used by Cybercriminals in 2018

The most common types of phishing emails that cybercriminals send to healthcare organizations have been revealed by Cofense in a new report, together with the message subjects that attract the most clicks.

In the 2018 Cofense State of Phishing Defense Report, response rates to different phishing emails are revealed and susceptibility to phishing attacks and resiliency are detailed by industry sector.

The report has been issued at an appropriate time, given that the Department of Health and Human Services has just agreed its largest ever financial penalty for HIPAA violations that contributed to a data breach. Anthem Inc., has just been fined $16 million for the 78.8 million-record data breach it suffered in 2015.  That breach started with a phishing email sent to one of its affiliates.

Previous research conducted by Cofense (PhishMe) suggested 91% of all data breaches start with a phishing attack. Cofense also notes in the report that 92% of malware attacks are conducted by email (Verizon, Data Breach Investigations Report, 2018). Many emails are also getting past perimeter defenses, with an average of 16 malicious messages delivered to user’s inboxes every month (Symantec, Internet Security Threat Report, 2018). With so many messages being delivered, it is therefore essential to train employees how to recognize phishing attacks. However, the Cofense report shows that many companies are still vulnerable and employees are still often fooled by phishing emails.

For the report, Cofense analyzed the responses to more than 135 million phishing simulation emails and assessed around 50,000 real phishing threats that had been reported by employees through the Cofense Reporter one-click email reporting solution.

The analysis revealed that for every ten potentially malicious emails reported by end users, one was confirmed as malicious. Out of the confirmed phishing emails, 50% attempted to get end users to disclose their credentials. 21% of crimeware emails used malicious attachments to infect end users with malware.

The most common phishing emails are fake invoices, which were used in six of the ten top phishing campaigns in 2018. Fake invoices were the leading lures in all industry sectors apart from healthcare and ‘miscellaneous industries.’ The most common email threats in healthcare are fake payment notifications (58%), followed by new message alerts (25.5%) and fake invoices (16.5%).

To reduce the risk from phishing, companies need to train employees and conduct phishing simulations exercises. Cofense data show that the companies that provide the most training are the most resilient to phishing attacks. The most resilient companies train their employees at least every quarter, use phishing simulation exercises that are focused on active threats, and focus on encouraging users to report suspicious emails rather than punishing employees for failing phishing simulations.

The Cofense State of Phishing Defense Report can be downloaded here.