Phishing is one of the oldest and most effective online threats. Cybercriminals launch phishing campaigns to obtain sensitive information such as usernames, passwords and financial materials from unsuspecting online banking customers. Using social engineering, they send malicious messages that appear to be from a legitimate company, to potential victims’ email addresses or through instant messaging with a URL inside. Once a victim opens the email, clicks on the link or downloads the malware attached, login credentials or credit card information will be sent to the fraudsters. Researchers at Proofpoint found that Apple IDs are the #1 target for credential theft emails.

According to Barkly, 30% of phishing emails are opened. It often falls on the receiver to recognize the phishing attack and resist the temptation to click.

According to Wombat Security Technologies’ State of the Phish report, about 38% of infosec professionals who reported a phishing attack cited the cause to be an employee activity.

Companies should enlighten their employees about phishing links and attachment. The ultimate goal of an information security department would be with phishing mitigation: blocking all phishing attacks from ever reaching users’ device screens, and thus, reducing users’ involvement in defending against phishing attacks.

Banks usually have security systems, external services and security teams as a first line of defense against cybercriminals, but with the speed of creating and closing these malicious sites, banks’ teams and systems seem unable to identify and record all malicious addresses. Training employees to recognize phishing attempts is essential, but with the increasing sophistication of targeted attacks, raising awareness alone isn't enough. Companies need to invest in strong security technology. 

Anti-Phishing Working Group’s (APWG) report states that there were over 1.2 million known phishing attacks in 2016. That is a 65 percent increase during 2015, and it represents the highest annual total since APWG began monitoring attacks in 2004. In the GCC, it is reported that, over the past three years, there have been over 11,500 record breaches, however only 70% of online phishing victims reported it.