• by Ray Schultz , Columnist, January 25, 2019

Phishing, smishing and vishing. Do you know what they are?

Most people can define phishing, but are clueless about the latter two cyber crimes, according to State of the Phish, a study by Proofpoint. Baby boomers are the best informed.

This ignorance could have serious consequences. Of the professionals polled, 83% experienced phishing attacks in 2018 -- a 9% increase over 2017. And 64% experienced spear phishing.

This number may be highest because more people understand what phishing is — 72% in the UK, 70% in Italy and 65% in the U.S.  

Smishing (SMS/text phishing) is another matter — most countries had a high percentage of “I don’t knows,” with France being most likely to give a correct answer. However, general awareness rose to 20%, up from 16% in 2017.

And vishing (voice phishing)? No country stood out as having the right answer, although Italy came closest.

In general, 49% experienced either smishing or vishing in 2018, compared to 45% the prior year.

Proofpoint tested the cybersecurity knowledge of over than 7,000 working individuals in the U.S., Australia, France, Germany, Italy, Japan, and the UK. In addition, it studied . Data from tens of millions of simulated phishing attacks. 

Overall awareness varies by country — and age. When asked what ransomware is, German respondents were most likely to say they didn’t know. Those in the UK were highest in giving the correct answer, followed by the U.S.

What’s going on with German techies? They actually showed a decline in knowledge, with 64% able to define phishing, compared to 71% in 2017. 

Have they forgotten, or does this reflect the entry of new hires into the field? 

It probably is the latter. Globally, baby boomers seem the best educated on cyber threats, with 73% able to define phishing (vs. 58% of millennials) and 52% who know what ransomware is (compared to 40% of millennials). GenXers also beat millennials, the so-called digital natives, on this score.

In general, the problem doesn’t seem to be going away—the study also notes a 70% increase in credential compromises since 2017 and 280 percent since 2016. This type of attack is now the most common, surpassing malware infections.

What’s more, end users reported almost 5.5 million suspicious emails during ProofPoint’s measurement period, 59% of which were classified as potential phishing emails. 

“Email is the top cyberattack vector, and today’s cybercriminals are persistently targeting high-value individuals who have privileged access or handle sensitive data within an organization,” states Joe Ferrara, general manager of security awareness training at Proofpoint.

He adds: “As these threats grow in scope and sophistication, it is critical that organizations prioritize security awareness training to educate employees about cybersecurity best practices and establish a people-centric strategy to defend against threat actors’ unwavering focus on compromising end users.”