91% Of Cyber-Attacks Begin With A Phishing Email: Here’s How To Fight Against It

Ernesto Rodriguez
Jun 19, 2017 · 3 min read

An expert cybercriminal is just one phishing email away to gaining unprecedented access to your computer network and valuable data. Despite all the high-endcybersecurity defenses deployed by organizations, the phishing emails hold the potential to bypass any defense walls. As concluded by the PhishMe research, 91% of the times, phishing emails are behind the cyber-attacks.

It took over a 40 million simulated phishing emails sent to about a 1000 organizations to arrive at this conclusion. An interesting revelation of the study was that healthcare employees had a phishing email response rate of 31% in spite of directing security awareness training.

Cybercriminals have a wide variety of social engineering techniques at their disposal to lure the user into clicking on links and falling into their trap. Theses malicious links can result in opening infected email attachments, or disclose delicate information such as login credentials.

Phishing emails can arrive in the shape of confirmation emails for bogus orders, job applications, failed delivery notifications, security updates, and even legal notices.

PhishMe also discovered that employees tend to respond to the most basic form of phishing emails too which are usually blank and contain harmful links and attachments.

Google, the undisputed tech giant, lately became a target of the phishing scheme. A strangely sophisticated identity phishing campaign attacked Google’s approximately 1 billion Gmail users globally, in pursuit to acquirerecord of the user’s complete histories and spread over their contacts, Google confirmed.

The email seemed to appear as arriving from the users trusted contacted asking them to open an attached ‘Google Docs”, or GDocs, file. Upon clicking, the link redirected the users to the real Google security page, where users were requested to give permission for the fake app, posing as GDocs, to manage users’ email account.

To rub salt in the wounds, the worm sent itself to the user’s contact, reproducing itself 100 times or more whenever any contact fell for it.


Although it was very common phishing strategy, the released worn did cause chaos for millions of Gmail users due to its oddly sophisticated construction.

How to avoid phishing attacks

It goes without saying how important it is to protect oneself from being targeted by cybercriminals. So here are a few tips to prevent falling trap to phishing emails:

  • Vigilant email communication: One should carefully check the email addresses of the emails requesting for financial transactions. Any tiny error can be deemed shady and deduced as a fraud. It is strongly recommended to always verify the validity of a request for a wire transfer or sensitive information before acting upon it. Be vigilant about who is asking for what information and always cross check.
  • Carefully check links: Don’t click on the link provided by any emails or site notification about which you are suspicious. Hover over the link to double check if the link being shown is the same as the email or website it’s claiming to be. To be extra careful, rather type the websites address instead of clicking the links. This method is quite effective in finding out fraudulent schemes.
  • Do an online search: Never hesitate in doing an online research for anything you find doubtful. If it really is a scam, you would find ample results showing so. Also, help spread awareness on different platforms on any phishing scam you encounter to help your fellow netizens from
  • Use a VPN to secure Internet connection: A VPN does the job of encrypting your internet connection and keeps the sites you have visited and the information you share, private. A VPN with a military-string encryption secures and protects all your internet activities. Therefore, it can be made certain that your private and sensitive data is in your custody only. VPN is your online guardian and is regarded as the best possible way to avoid phishing.
  • Lookout for typos: Phishing scams are infamous for having typos. This is not a very hard clue to crack dow. Only a thorough reading of the content can give away the typo.If you receive an email or notification from a reputable company consisting a typo, maybe it’s not as reputable as it seems. If it’s a scam, there are probably people online complaining about it and you can find more information.
  • Use multi-level authentication: It is recommended to have two forms of verification, for example, a password and a security question, before logging into any sensitive accounts. It would only give you an extra layer of security. Even if the hackers manage to break into the first layer, they will have another waiting. Multi-level authentication would only make the job difficult for cyber-criminals and assure your security.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch

Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore

Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store