Phishing Emails: All the Stats, Facts, and Data!

5th January 2021

Phishing Emails: All the Stats, Facts, and Data!

Phishing emails are on a steady climb, and scammers are getting more and more advanced in their ways of scamming individuals; and are sending these phishing emails more often. A phishing email is a fake email that is sent from a scammer in the attempt to steal personal information from a user or something far worse…  These emails are usually camouflaged quite well and can appear like an email sent from the company themselves and therefore it’s crucial to keep an eye out before replying or taking action from one of these emails.

Cyber Security Breaches Survey

The UK government preforms a quantitative and qualitative study of UK business and Charities each year, and publishes these results. The results from this survey are quite alarming.

In 2020 46% of business had experienced cyber breaches! Shown in the graph below Phishing emails are the most common cause of these breaches.

Cyber Security Breaches Survey 2020 Gov.uk

Cyber Security Breaches Survey 2020 (Gov.uk)

In 2017 Phishing emails accounted for 72% of total breaches, however this number rose to 86% in 2020, Which is a significant 14% rise in the frequency of phishing emails. However, not all phishing emails are successful in their attempts, but the ones that are successful can cost an average loss of £3,230. Meanwhile in comparison to medium and large firms this loss can raise up to £5,220.

The Solution

Companies such as Google, Apple, Netflix and recently the DVLA have been affected by these Phishing emails. When users see emails from big companies like this you tend to trust them without thinking. I’ve recently received an email from ‘PayPal’ about my card information being leaked, asking me to log in and update my password information. Like any normal person this would cause a major panic. I clicked on the link to check what was going on, luckily last second, I realised a spelling mistake in the text and instantly thought there’s no way ‘PayPal’ can make a mistake like this.

When it comes to Phishing emails the solution is quite simple, companies inform and train their users about these threats and show them things to look out for and perform tests (get in touch to see find out how we may be able to assist with phishing campaigns).

When it comes to companies on a smaller scale this can be quite hard, as smaller companies sometimes don’t have a specific domain name. A solution for companies in this situation would be to either bolt ISO 27701 to their existing ISO 27001 system or the stand alone BS 10012. In simpler terms this management system will identify potential risks and come up with a reasonable solution to address them.

Ways to detect Phishing Emails

Paypal Phishing email example - annotated

Above is an example of a phishing email from ‘PayPal’, as you can see in the image there’s a number of things you should look out for before replying to any of these emails. Below I’ll go over the top 3 things you should look out for before replying or taking action to these emails.

TOP 3 things to look out for phishing emails!

  1. The email domain – Companies such as Google will never send an email with the domain @gmail or @hotmail. Major companies like this will have their own email domain, for example an email from Google will be @google.com. At first glance things must seem all okay but be sure to have a closer look.
  1. Spelling and Grammatical Mistakes – this is arguably the biggest give away. Think about it – have you ever received an email from Google or Netflix that’s been misspelt? Emails that are sent out by companies are often mass sent and therefore will be double or even triple checked before sending. Therefore, the chance of a spelling or grammatical mistake is practically none.
  1. The link itself – Usually these types of phishing emails will have a link attached trying to redirect you to a page, where the scammer can install a virus or malware on your pc. Sometimes to try to steal your card information. It’s always best to be on the safer side of things and instead of clicking on the email link itself go onto google and access the website via its own secure domain and check if everything is OK through there.

Want some more info? Download our ISO 27701 Factsheet!

Global QA Consultants can help you implement ISO 27701 contact us here.