The other day I happened to catch a radio program in which one of the experts from Mandiant was sharing the latest trends in cybersecurity. Here are some statistics that might shock you:
1—Click-through Rates With Phishing Schemes. Mandiant has done experiments in which it constructed phishing emails that were ultimately harmless, but simply enabled the researcher to see how many people choose to click on the links. Even in cases in which the grammar was purposefully sloppy and the appearance of the email screamed VIRUS, the click-through rate ran about 20 to 25%. Some of these phishing emails were of the sort, “you won’t believe what was posted about you; click here to see it.”
2—China’s PC Infection Rate. Click-through rates help explain the situation in China where 50% of all PCs are now infected with some form of malware. It appears China’s rapid industrialization coupled with brand new PCs in so many homes made the average user a ready target. Being a growing nation with an increasingly high-tech population, I am amazed this would happen in China, but then again, human nature is the same worldwide.
Alas, as many have observed: Social engineering works because there is no patch for human stupidity.