You are most likely to get a phishing email on Monday
Among the myriad of tactics employed by cybercriminals, phishing emails continue to reign as one of the most prevalent and effective methods for breaching personal and organizational security. These nefarious campaigns are designed to trick recipients into divulging personal data, such as passwords or credit card details.
According to the data presented by the Atlas VPN team, 27% of phishing emails targeting C-Suite employees are sent out on Mondays. While the statistics are based on C-Suite, they should reflect similarly to the general public. Furthermore, the most common payloads attached to phishing emails are hyperlinks or attachments carrying malware.
The data is based on the Egress Email Threats Pulsereleased in May. This research demonstrates some of the evolving attack methodologies currently used by cybercriminals and rising phishing trends. The phishing attacks analyzed here were sent out between January 1st and April 30th, 2023.
For a lot of people, Mondays are busy and stressful. As the workweek starts, inboxes get filled with new messages, deadlines, and essential tasks that must be addressed immediately. Unfortunately, this is also the time when cybercriminals take advantage of people who are distracted and vulnerable.
Saturdays are the second favorite day for cybercriminals, as one out of five (19%) phishing emails come on this day. On Saturdays, fewer emails are sent than on weekdays, making it easier for phishing emails to catch people's attention. This can lead individuals to engage with suspicious emails and become victims of cybercrime unknowingly.
Fridays (14%), Tuesdays (13%), and Thursdays (12%) are the next most common days for phishing emails to arrive at your door. As the end of the workweek approaches, many people feel excited and look forward to the weekend. However, this excitement can sometimes cause them to let their guard down and become more vulnerable to phishing attempts.
You are the least likely to receive a phishing email on Wednesdays (9%) and Sundays (6%). Wednesday is the middle of the week, so people will probably be the most focused and likely to recognize a phishing attempt. While Sunday is a weekend day, and many people might not even check their email at all.
Payloads in phishing attacks
Although we have analyzed the frequency of phishing emails on different workdays, it's crucial to investigate cybercriminals' methods to execute their harmful intentions. Familiarity with these commonly used tactics can empower people and businesses to recognize and counteract the dangers of phishing attacks.
Phishing hyperlinks made up 38% of all payloads delivered in phishing attacks sent from compromised accounts. Phishing hyperlinks exploit people's trust in familiar websites by tricking them into visiting fake ones. These hyperlinks are designed to look real, often copying the URLs of popular organizations, social media platforms, or financial institutions.
Attachments, including malware, accounted for 35% of payloads delivered in phishing attacks. Malicious attachments are intentionally created to take advantage of weaknesses in receivers' devices. Once opened, attackers can gain unauthorized access, steal sensitive information, or infect entire systems or networks with harmful malware.
Financial payloads made up 16% of phishing attacks sent from compromised accounts. These payloads are specifically designed to deceive recipients into exposing sensitive financial information like credit card numbers, banking credentials, or personal identity information.
Lastly, phishing attacks using puretactics with no payload accounted for 11%. Pure social engineering attacks don't require malware or fraudulent links. Instead, they aim to obtain sensitive information or persuade victims to take specific actions without relying on technical means.
Individuals and organizations must take a proactive approach to strengthen their defenses against the evolving and sophisticated landscape of phishing attacks. Ongoing education on robust security measures and promoting a culture of skepticism are necessary to combat the constant and widespread threat of phishing attacks effectively.