91% Of Cyberattacks Start With A Phishing Email

Phishing remains the number one attack vector, according to a new study that analyzes why users fall for these lures.

The majority of cyberattacks begin with a user clicking on a phishing email. Ever wondor why users continue to fall for phishing emails?
According to a new report from PhishMe that found that 91% of cyberattacks start with a phish, the top reasons people are duped by phishing emails are curiosity (13.7%), fear (13.4%), and urgency (13.2%), followed by reward/recognition, social, entertainment, and opportunity.
Fear and urgency are a normal part of every day work for many users, says Aaron Higbee, co-founder and CTO of PhishMe. Most employees are conscientious about losing their jobs due to poor performance and are often driven by deadlines, which leads them to be more susceptible to phishing.
Higbee says PhishMe based
the study
on more than 40 million simulation emails by about 1,000 of its customers around the world. The study took place over an 18-month span from January 2015 through July 2016.
Among the study’s top findings:
Susceptibility to phishing email drops almost 20% after a company runs just one failed simulation. So people do learn.
Reporting rates significantly outweigh susceptibility rates when simple reporting is deployed to more than 80% of a company’s population, even in the first year.
Active reporting of phishing email threats can reduce the standard time for detection of a breach to 1.2 hours on average – a significant improvement over the current industry average of 146 days. This was an important aspect of this report, notes Higbee, who says the study also includes results from more than 300,000 users in organizations that actively use the PhishMe Reporter tool for more than one year.
The study also found that users respond to Locky ransomwares phishing lures (21.5%) more than any other malware variant. The others that followed Locky included order confirmation (17%), job application received (15.5%), and blank email (11.9%).
Higbee adds that Lockys phishing campaign has been effective for the following reasons: It is presented in a business context; it’s personalized to the recipient; there are no noticeable errors in grammar or spelling; and finally, it mimics many organizations’ existing invoice processes.
When PhishMe analyzed the Locky data in vertical industries it found that the response rates in the insurance industry were more than one in three (34.7%), while other high response rates occurred in the retail industry at 31.7%; energy, 27.8%; and healthcare at 24.9%.
We don’t really know why insurance was the leading vertical, Higbee says. It could be that there’s not enough training or insurance workers tend to interact with many external people so the chance for them to receive a phishing email increases.
Here’s a look at the average response rate by industry when PhishMe analyzed the file from scanner benchmark simulation:

Transportation      49%
Healthcare             31%
Insurance               30%
Pharma/Biotech     30%
Energy                    24%
Retail                       16%
Consulting               14%
Utilities                    14%
Technology              10%
Non-Profits                 5%

Related Content:

5 Things Security Pros Need To Know About Machine Learning
Dark Reading Radio: The Coolest Hacks Of 2016
Phishing Services Reap Twice The Profit For Attackers
What’s Naughty & Nice About The Internet Of Things

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
91% Of Cyberattacks Start With A Phishing Email