New research from Google, U.C. Berkeley and International Computer Science Institute made this stunning finding:
We find victims of phishing are 400x more likely to be successfully hijacked compared to a random Google user. In comparison, this rate falls to 10x for data breach victims and roughly 40x for keylogger victims.
This just examined one problem — stolen credentials. Now consider how this applies to installing ransomware and malware, abuse of native processes, human misdirection of files (such as sending payroll tax returns in response to phishing) and the Business Email Compromise.
Interestingly, the researchers do not ask why phishing is so successful in compromising systems or what interventions could impact that problem.