Pittsburgh Tech Guy

In a study conducted by TNS Global for Halon, an email security service, 30 percent of those surveyed admitted they would open an email, even if they were aware that it contained a virus or was otherwise suspicious.

The study included only 1000 adults within the U.S., so this isn't a national index by any means. But of those surveyed, one in 11 admitted to having infected their system after they opened a malicious email attachment. Given the fact that email is still an easy way for attackers to gain access to the network, often via social engineering (phishing/spear phishing), the survey's results are somewhat alarming.

The reasons given for accessing the messages are telling: For women, the survey results marked messages containing invitations from social networks as the most alluring, while men were tempted messages with the time-tested suggestions of money, power, and sex. More often than not, the malicious messages claimed to be from banking institutions (15.9 percent), social media sites like Facebook or Twitter (15.2 percent), and online payment services, like PayPal (12.8 percent).

According to the stats form the Anti-Phishing Working Group (APWG), in its 2013 First Quarter report, there were more than 74,000 unique phishing campaigns discovered during the reporting period, leveraging over 110,000 hijacked domains and targeting more than 1100 brands.

Based on the data reported by the APWG and various security vendors, Phishing kits are rather inexpensive and the time to develop a workable campaign is rarely longer than a few hours. So the numbers mean that the attack surface is large, and the pool of potential victims is rather full. Combine this with a reported 30 percent success rate, and the criminals behind these campaigns are more than likely pleased with their return on investment.