A report by Verizon has found that the average phishing campaign will dupe its first victim within just two minutes. The company found that it takes just 82 seconds for a phishing campaign to start working. It analyzed almost 80,000 phishing incidents that took place in 2014 and found that, in a number of companies, 25% of employees receiving a phishing e-mail will open it.
Verizon’s Bob Rudis said that employee training was crucial if phishing attacks were to be defeated. Rudis said that that cybercriminals didn’t always necessarily have to rely on sophisticated techniques to obtain information due to the efficiency of phishing. He said that, of all people that do fall for phishing messages, around half of them did within the first hour of the message being sent.
The report found that companies were taking a considerable amount of time to realize they had been “phished”. Rudis says that, whilst one in four people receiving a message will open it, extra training could reduce that figure to one in twenty. He said that many cyber-thieves were still exploiting companies running old un-patched software and urged companies to improve their patching regimes.