Among the myriad of tactics employed by cybercriminals, phishing emails continue to reign as one of the most prevalent and effective methods for breaching personal and organisational security.
According to the data presented by the Atlas VPN team, 27% of phishing emails targeting C-Suite employees are sent out on Mondays. While the statistics are based on C-Suite, they should reflect similarly to the general public. Furthermore, the most common payloads attached to phishing emails are hyperlinks or attachments carrying malware.
For a lot of people, Mondays are busy and stressful. As the workweek starts, inboxes get filled with new messages, deadlines and essential tasks that must be addressed immediately.
Saturdays are the second favorite day for cybercriminals, as one out of five (19%) phishing emails come on this day. Fridays (14%), Tuesdays (13%), and Thursdays (12%) are the next most common days for phishing emails to arrive at your door.
You are the least likely to receive a phishing email on Wednesdays (9%) and Sundays (6%).
Payloads in phishing attacks
Although we have analysed the frequency of phishing emails on different workdays, it’s crucial to investigate cybercriminals’ methods to execute their harmful intentions. Familiarity with these commonly used tactics can empower people and businesses to recognise and counteract the dangers of phishing attacks.
Phishing hyperlinks made up 38% of all payloads delivered in phishing attacks sent from compromised accounts. Phishing hyperlinks exploit people’s trust in familiar websites by tricking them into visiting fake ones. These hyperlinks are designed to look real, often copying the URLs of popular organizations, social media platforms or financial institutions.
Attachments, including malware, accounted for 35% of payloads delivered in phishing attacks. Malicious attachments are intentionally created to take advantage of weaknesses in receivers’ devices. Once opened, attackers can gain unauthorised access, steal sensitive information, or infect entire systems or networks with harmful malware.
Financial payloads made up 16% of phishing attacks sent from compromised accounts. These payloads are specifically designed to deceive recipients into exposing sensitive financial information like credit card numbers, banking credentials, or personal identity information.
Lastly, phishing attacks using pure social engineering tactics with no payload accounted for 11%. Pure social engineering attacks don’t require malware or fraudulent links. Instead, they aim to obtain sensitive information or persuade victims to take specific actions without relying on technical means.
Individuals and organisations must take a proactive approach to strengthen their cybersecurity defenses against the evolving and sophisticated landscape of phishing attacks. Ongoing education on robust security measures and promoting a culture of skepticism are necessary to combat the constant and widespread threat of phishing attacks effectively.