Safe Surfing

Phishing 2016: How Safe Is Your Network?

The Latest in Cyber Schemes

PITTSBURGH, PA–(Marketwired – January 19, 2016) – Wombat Security brings you the latest in phishing statistics and attacks from the wild.

Phishing attacks have been surging in 2015, according to the Anti-Phishing Working Group (APWG). Check out their latest report to see all of the recent trends appearing in the wild.

How many employees will click a phishing email? JPMorgan was able to dupe 20% of its staff into clicking the fake phishing email. Looking to send a fake phishing email to gauge susceptibility? Look no further.

According to Kaspersky Lab, phishing remains a major threat in Russia and the EU as the number of attacks has increased in the region, up 18% to 36.3 million attacks in Q3 2015 compared with the same time period last year. For those working in finance or accounting, for example, the number of ‘whaling’ attacks, a specific kind of phishing attack where hackers use spoofed or similar-looking domain names to send targeted attacks, are on the rise according to Mimecast.


Security researchers were able to breach a server belonging to Iranian hackers with the code name ‘Rocket Kitten.’ Rocket Kitten is a hacking group that first appeared in April 2014 and was unmasked for the first time by FireEye researchers in May 2014. The most damning report on their activity was published this year by a joint effort between Trend Micro & ClearSky.

Since their first appearance, the group’s main targets were individuals and institutions that opposed or criticized the Iranian government. Read more about what the researchers learned from breaching this group’s servers.

SSL certificates ensure data on a website is being submitted in a secure manner, but they do not guarantee the site itself is safe. Because of this, hackers are taking advantage of buying cheap SSL certificates and using them on phishing websites to appear legitimate.

How much does phishing cost an average 10,000-person company? Almost $4 million USD annually, according to research from the Ponemon Institute, which also looked at how effective security awareness and training for employees can cut that risk dramatically.

Latest in Phishing Attacks

  • A successful phishing campaign at Middlesex Hospital affected the personal information of approximately 950 patients. The hospital responded by offering free credit monitoring for a year, but said the information did not include direct access to full medical records or Social Security Number.
  • Tax season in the United Kingdom is in full-swing, and with it, millions of people are being targeted with phishing emails that claim to be from the HRMC. Tax season is also ramping up in the United States, and scammers are delivering fake IRS emails with a nasty malware payload.
  • A Moldovan man ran a phishing scheme that resulted in a loss of $3.5 million for a western Pennsylvania drilling firm. A school district was almost tricked by the same scam into wiring almost a million dollars.
How many employees will click a phishing email? JPMorgan was able to dupe 20% of its staff into clicking the fake phishing email


Time Warner customer?

Time Warner revealed that up to 320,000 customers may have had their passwords compromised by a targeted phishing attack, and urged these customers to reset the passwords on their accounts.

A Facebook page named ‘Facebook Security’ that warns “Your page will be disabled” is making the rounds which redirects you to a phishing site designed to steal your login information.

On December 23 in Ukraine approximately 700,000 lost power when an electricity provider was compromised by a phishing attack. Hackers used the phishing attack to insert malicious software into the systems that shut power down and prevented the systems from rebooting.

Get a ‘WhatsApp’ notification claiming you missed a voice notification? Hackers have been using multiple subject lines in an extensive phishing attack on users worldwide. The email contains a malware executable in a zip attachment.



Wombat Security Technologies is a company born from research at the world-renowned Carnegie Mellon University (CMU). In June 2008 the company was founded by Drs. Lorrie Cranor, Jason Hong, and Norman Sadeh, all faculty members at the CMU School of Computer Science. Visit


Looking to send a simulated phishing attack to your employees? Wombat Security’s ThreatSim Simulated Phishing Attacks tool makes it easy to gauge your organization’s susceptibility.