Read on Twitter
So I stumbled on the Hashedout phishing report for 2019, and it's terrifying.
https://www.thesslstore.com/blog/phishing-statistics-latest-phishing-stats-to-know/
#Phishing #FIDO #FIDO2 #U2F #WebAuthn
A thread
https://www.thesslstore.com/blog/phishing-statistics-latest-phishing-stats-to-know/
#Phishing #FIDO #FIDO2 #U2F #WebAuthn
A thread
1/
Between 2016-2019 the damage from phishing is 26bn$. Now you generally take these numbers with grain of salt, because they usually include a fat amount of reputation and sales dame.
Well... Out of 26bn, 10bn was a pure cash!
This is from FBI https://www.ic3.gov/Media/Y2019/PSA190910
Between 2016-2019 the damage from phishing is 26bn$. Now you generally take these numbers with grain of salt, because they usually include a fat amount of reputation and sales dame.
Well... Out of 26bn, 10bn was a pure cash!
This is from FBI https://www.ic3.gov/Media/Y2019/PSA190910
2/ 32% of confirmed breaches involved phishing, while 88% of organisations report attempted spear phishing attacks. Businesses are major target.
3/
Here is the fun part. Phishing is actually down! DOWN! Guess why? Because phishers realised that it's counterproductive to email million and hope one sticks. Instead they moved to a targeted spear phishing. This is together with majority of the emails are malwarefree.
Here is the fun part. Phishing is actually down! DOWN! Guess why? Because phishers realised that it's counterproductive to email million and hope one sticks. Instead they moved to a targeted spear phishing. This is together with majority of the emails are malwarefree.
4/
Report shows that users can't detect phishing, and human error is major cause for breach, because phishing is game of psychology. Additionally I think "phishing training" is giving false sense of security, while creating a flood of false positives. Even my score is 75%ish
Report shows that users can't detect phishing, and human error is major cause for breach, because phishing is game of psychology. Additionally I think "phishing training" is giving false sense of security, while creating a flood of false positives. Even my score is 75%ish
5/
Every 20 seconds there is a new phishing site, and there were detected 51000 new COVID related phishing websites between Jan-March 2020. Most of the phishing sites use TLS. Amazing, they do a better job than majority of the security companies *)
Every 20 seconds there is a new phishing site, and there were detected 51000 new COVID related phishing websites between Jan-March 2020. Most of the phishing sites use TLS. Amazing, they do a better job than majority of the security companies *)
6/
A kind of a note to Apple about improving security **cough**
A kind of a note to Apple about improving security **cough**
/7
In conclusion: credential stuffing, mass phishing, and even malware with every email, is disappearing. Targeted phishing becomes prevalent vector of attack. OTP solutions are basically as insecure as simple passwords. You can't detect phishing with your eyes.
In conclusion: credential stuffing, mass phishing, and even malware with every email, is disappearing. Targeted phishing becomes prevalent vector of attack. OTP solutions are basically as insecure as simple passwords. You can't detect phishing with your eyes.
/8
No AI phishing detection, SMS OTP, TOTP, training will save you. Phishers are creative. We need to solve the problem in it root. @FIDOAlliance protocols are the future, today. They are open, user friendly, phishing proof, passwordless, authentication standards.
No AI phishing detection, SMS OTP, TOTP, training will save you. Phishers are creative. We need to solve the problem in it root. @FIDOAlliance protocols are the future, today. They are open, user friendly, phishing proof, passwordless, authentication standards.
