Happy New Year! At least we hope it to be this year! Unfortunately, coming from various reports from last year by Dark Reading, 91% of cyberattacks have all started with a simple phishing email. Users have been quickly clicking away on unknown links and email attachments that they have received. The comprehensive phishing email report comes from the security research firm named Phishme. Phishme security researchers state that users are clicking on the embedded email links and attachments based only from curiosity and work related deadlines. The work-related deadlines are based on employees’ anxiety of their fear of being fired from their jobs. Anxiety and urgency are also the top causes of clicking on unknown links and attachments in emails. Yes, this has been deemed an odd reason for the number one cause of effective phishing techniques and why systems have been compromised. However, the fear of the employees was based on today’s economic culture and completed tasks. Phishme’s study was based on 40 million well-crafted and simulated phishing emails. The study was conducted over an 18-month study period.
Dark Reading went on to describe one of the most malicious ransomwares named Locky which was discovered in the wild. The Locky Ransomware was very successful because of how threat actors can meticulously craft the email for phishing to get unsuspecting users to click on the malicious link. The crafted email was made to look like a typical business email that is personalized to the recipient without spelling or grammar errors that could make it look more suspicious. The study used the Locky Ransomware for analysis by distributing the malware with the phishing email for their study. The email was sent to ten (10) different industry sectors. Transportation and the healthcare sectors were the top sectors that responded and were infected by the Locky Ransomware. The research data collected by Phishme is currently still being evaluated. Therefore, all the official results have not been fully examined. Phishme researchers are particularly interested in discovering why the transportation and healthcare sectors were the most affected.
The research conducted by Phishme was quite interesting because of the importance of understanding why users in certain industry sectors click on suspicious emails and to use the results for making users more cybersecurity aware. The study should remind users to take their time in reading and analyzing their emails and to verify before opening any tempting looking links and attachments in their personal email. Users must remember that phishing email is designed to bait you to immediately react in opening any attachments or clicking links that could be malicious. Once the malicious links are clicked or attachment has been opened could potentially damage users’ systems and files. So, all users need to be cautious of handling their email and wary of any links or attachments that may be embedded in the email.
Steve Reinkemeyer, Redport’s President and CEO commented, “Its better to be safe than sorry when handling email attachments”.


For more information about Redport’s information assurance and cyber security services, visit www.redport-ia.com, email us at info@redport-ia.com, like us on Facebook, and follow us on Twitter@redport_ia.