Much like the credential marketplaces, phishing is a problem that’s bigger than ransomware and will be around long after ransomware is finally eradicated. Phishing takes its name from “fishing,” which metaphorically refers to throwing out bait and seeing what responds. For instance, much phishing consists of sending email or other messages with links that look interesting or important (“Click here if you think this $499 charge is incorrect”), and that lead to installing malware on the victim’s computer. A variant of phishing called “vishing” refers to voice messages sent to victims’ phones.
Phishing attacks have been around since the mid-1990s* (Footnote 1). Today, approximately 3 billion phishing emails are sent per day* (Footnote 2), accounting for about 1% of all email sent* (Footnote 3).
A mere 1% of all email may not sound like a lot, but it’s enough to cause a lot of damage. According to the FBI, business email compromise (BEC), which almost always starts with a phishing or vishing attack, cost organizations more than $12 billion between 2013 and 2018* (Footnote 4). In 2020 alone, BEC accounted for $1.8 billion worth of losses* (Footnote 5), and that’s just one type of cybercriminal activity that uses phishing for its attack vector.
As with other parts of this site, covering every aspect of phishing attacks is beyond the scope of a single section. Instead, this page focuses on the role of phishing in the deployment of ransomware.
It’s the ransomware resource you can’t afford to be without. 437 Pages of ransomware know-how. Stay ahead of the cybercriminals: get your copy now!