Cybersecurity

Email Attachments Pose Biggest Security Threat

Phishing is one of the longest-running cybersecurity threats, with the first iterations of this style of email fraud believed to have originated in 1995. It first gained widespread notoriety in 2000 with the ILOVEYOU virus, also known as Love Bug, spread to millions of Windows PCs via a corrupted email attachment. In 2024, the threat landscape might have evolved, but attachments can still be considered the biggest security risk.

As an analysis of 183 million phishing simulations conducted by customers of enterprise cybersecurity firm Proofpoint shows, almost one in six recipients of a phishing email containing a suspicious attachment failed the test set by their IT department. Attempts at link-based phishing, which can range from directing a user to a malicious website downloading malware or ransomware to a fake password reset request, were successful in 11 percent of all such cases analyzed. Data entry phishing, which can be used to gather personally identifiable information or login credentials to email or bank accounts, had the lowest success rate with three percent.

Not clicking on dubious links or downloading attachments and double-checking if the sender and the URL behind a link is legitimate are the best ways to protect oneself from financial and other damage caused by cyberattacks. However, reporting said attacks is also a crucial part in eliminating further threats according to cybersecurity experts. Out of the above-mentioned simulations, only 18 percent were reported to the corresponding team, according to Proofpoint's 2024 State of the Phish report.

Dave Alison, Senior Vice President of Products at cybersecurity firm Cofense, highlights the importance of reporting phishing attempts in a company blog post: "If all we focus on is recognizing suspicious or malicious emails, we are basically setting up an ineffective neighborhood watch program," says Alison. "What’s the point of seeing something suspicious if you don’t report it? As one of the most important lines of defense, employees must learn to not only identify but report questionable activity as it benefits their organization and all those around them.

Description

This chart shows the average failure rate of recipients in phishing simulations conducted by Proofpoint customers.

Download Chart
Premium statistics
Cybersecurity of hybrid work in Poland 2024
Phishing most targeted industry sectors worldwide Q3 2024
Phishing: number of affected brands 2009-2024
Premium statistics
Share of smartphone owners who received a phishing scam SMS Japan 2023
Premium statistics
Most common ways of distinguishing between legitimate and phishing SMS Japan 2023
Premium statistics
Most commonly known phishing scam methods among female smartphone owners Japan 2023

Any more questions?

Get in touch with us quickly and easily.
We are happy to help!

Do you still have questions?

Feel free to contact us anytime using our contact form or visit our FAQ page.

Statista Content & Design

Need infographics, animated videos, presentations, data research or social media charts?

More Information