Phishing works. Not all the time, not every time, but enough of the time. Either because users are in a hurry, are careless, or simply aren’t well-trained enough to recognize an attack, phishing emails catch enough employees and consumers that cybercriminals continue to fire them off by the millions and use them to deliver all manner of malware, lure users to fake or compromised sites and steal personal information.
It doesn’t help that phishing emails are becoming increasingly sophisticated. While some are still quite easily recognized by their lack of context, poor grammar, or unexpected content, many look quite legitimate and some are even used as part of long-term campaigns that build upon knowledge hackers have already obtained. Bottom line, there’s a reason that phishing remains a go-to vector for a lot of cybercriminals.
While some email gateways can pick up many of these attacks before they even reach end users, oftentimes users (both business and consumer) don’t have the benefit of such protection. The best defense then, becomes education.
To that end, two FortiGuard researchers in our Singapore office analyzed thousands of samples of phishing emails and put together a comprehensive report on the most common language used in these attacks. They also detailed ways that users could take responsibility for better screening emails to avoid the havoc that phishing attacks could wreak. Check out the full report here and feel free to share it with colleagues and users as you put training and education front and center in your security efforts along with hardware and software investments.
Access the report here: