Why Phishing Attacks Aren't Going Anywhere in 2022

A new survey has confirmed that phishing attacks remain the most significant cyber security threat to businesses.


A new survey has confirmed that phishing attacks remain the most significant cyber security threat to businesses.

Phishing Revisited

Phishing content comes in a variety of ways, some we've talked about before in our Cyber Security Awareness Month article. Many phishing attempts will try to impersonate someone you already know, such as a colleague, service provider, or friend. Afterward, these bad actors try to trick you into believing their malicious content is trustworthy. They do this by cleverly disguising their communication to get you to divulge some information they need to wreak havoc.

An example would be an email in your inbox. It could look like it's from an existing contact, but it's actually "spoofed" to look like the person you think it is. Perhaps you click a link in the email that takes you to a page that looks like your Microsoft login page.

But it's not the page you think it is.

It's a false page set up to divert your credentials to these hackers. These criminals hope you'll type in your login credentials, allowing them full access to your account.

What does this attack look like? Check out our Behind The Hack video series.


These types of phishing tactics aren't the only active threats out there. Other notable mentions are phishing emails that include fake PDFs with subject lines such as "invoice". Another commonly used practice is sending an email regarding "legal action", asking you to view a link with further information. Whenever you click these links, a hacker can install malicious software, known as malware, on your computer.

What You Need To Know

In the survey, Dark Reading elaborated on a few key points:

53% of businesses said it happened primarily because of a phishing attack
41% blamed malware for playing a part in their breach
7% experienced a denial-of-service attack that crashed their network

What's important to mention is that none of these attacks were specifically targeted at businesses in this report. Bad actors flood thousands of people with emails in an attempt to get someone to fall for their tactics.

This is why you should expand your best practices to include the human element. Employee training and educational empowerment will help better in the long run. Still, some software can help to protect your business, but proactive training should be a key strategy for your organization.

If you need help with phishing awareness training or if you believe your business could be at risk, please get in touch with us today.

Book a CallEmail Us

Similar posts