- The Identity Theft Resource Center’s (ITRC) 2020 Data Breach Report shows 62 percent of cyberattacks that led to data breaches in 2020 involved phishing and ransomware.
- A Google and Stanford University study reveals that people with more than one device are more likely to be struck by a phishing attempt. It also says that Australia is the most targeted country for phishing attacks.
- A Proofpoint Security study says people who had personal data exposed in a third-party breach were five times more likely to be targeted by phishing or malware.
- All three reports make the same point about the rise in phishing attacks – a data breach does not mean someone’s identity has been misused. It means people impacted are at increased risk of becoming an identity crime victim.
- For information about recent data breaches, consumers and businesses should visit the ITRC’s new data breach tracking tool, notified.
- For more information, or if someone believes they are the victim of identity theft, consumers can contact the ITRC toll-free at 888.400.5530 or via live-chat on the company website www.idtheftcenter.org.
Welcome to the Identity Theft Resource Center’s (ITRC) Weekly Breach Breakdown for February 12, 2021. Each week, we look at the most recent and interesting events and trends related to data security and privacy. This week we talk about what seems to be the average cybercriminals’ favorite pastime – phishing and the rise in phishing attacks. Phishing with a ph. In Troilus & Cressida, Shakespeare’s incredibly complex play about the Trojan War, the main character compares the great lengths some people go to deceive the search for the other kind of fishing that gives rise to our episode title:
Whiles others fish with craft for great opinion,
I with great truth catch mere simplicity
ITRC 2020 Data Breach Report & the Rise in Phishing Attacks
Two weeks ago, the ITRC released our annual data breach analysis, which pointed out that 62 percent of cyberattacks that led to data breaches in 2020 involved phishing and ransomware. Phishing was in the number one position because it is a simple attack to execute.
Google and Stanford University Study Reveals New Phishing Attack Findings
This week, Google and Stanford University released a new study that looked at the 1.2 billion phishing emails aimed at Gmail users during a five-month period in 2020. Among the findings:
- People are more at risk of a phishing attempt if they have more than one device. If someone only has a desktop or laptop, or only has a smartphone, they are less likely to be a target. The conclusion is if someone has multiple devices, they have more of an online presence. It is the same if someone sends a lot of emails – they are five times more likely to be phished if they do.
- Older users are targeted more frequently than younger people. Someone between the ages of 55-64-years-old is 1.6 times more likely to be the target of a phishing scheme than someone who is 18-24-years-old. One potential reason is that the older someone gets, the bigger their footprint, which makes them easier to find.
People in Australia are More Likely to be Targeted by a Phishing Attack
Who in the world do you think is the most targeted country? This will surprise you. While U.S. residents send more emails by volume than any other country, people in Australia are more likely to be targeted for a phishing attack than anyone else. In fact, the odds are nearly double that they will be phish bait down under.
The U.S is number 16 when it comes to the likelihood of being targeted on a country adjusted basis. This is the point where we need to ask once again – why is there a rise in phishing attacks?
Third-Party Breaches and Their Impact on the Rise in Phishing Attacks
Proofpoint Security reported this week a 14 percent increase in malicious phishing emails in 2020 over the previous year. Here is the truly staggering statistic: People who had personal data exposed in a third-party breach were five times more likely to be targeted by phishing or malware, according to the report, which highlights just how damaging these types of data breaches can be, even in the long run.
What the Reports Mean for Consumers
The report comes on the heels of the announcement of the release in an identity marketplace of the largest set of logins and passwords ever compiled. Around 3.2 billion credentials were stolen in previous data breaches and bundled in a single file. All of these reports – from the ITRC, Google and Stanford University, and Proofpoint make the same point – a data breach does not mean someone’s identity has been misused. It means people those impacted are at increased risk of becoming an identity crime victim.
To quote Proofpoint:
“Our results suggest that data breaches expose users to lasting harms due to the lack of viable remediation options.”
Contact the ITRC
If anyone has questions about protecting their information from data breaches and data exposures before they happen, visit www.idtheftcenter.org, where there are helpful tips on phishing attacks and many other topics – including the 2020 Data Breach Report.
If someone believes they have already been the victim of an identity crime or a data breach and needs help figuring out what to do next, contact us to speak with an expert advisor on the phone (888.400.5530), chat live on the web or exchange emails during our normal business hours (6 a.m.-5 p.m. PST). Just visit www.idtheftcenter.org to get started.
Be sure to check out the most recent episode of our sister podcast – The Fraudian Slip – with a special guest from the Federal Trade Commission (FTC). We will be back next week for another Weekly Breach Breakdown.