Phishing is one of the oldest and most common techniques cyber criminals employ. In the U.K., phishing was the most common technique used against 83% of businesses that have identified a breach [1]. Approximately 4.25 billion email users worldwide communicate through an estimated 333 billion emails daily [2]. Another research estimated that over half of all emails are spam [3]. A more granular breakdown of the spam into categories identified more than 3% of the spam messages as phishing [3]. Collating these numbers together gives us around 5 billion phishing emails sent daily. So, with some simplification, we can claim that every person is targeted by phishing daily. Now also add to these figures the vishing(voice call), smishing(SMS), and the newest addition - qishing (QR codes), and it's clear that these are still conservative estimates. It is undeniable that phishing is a serious problem impacting all of us individually and as a society. 

Trying to validate this theory empirically on my own email account, I can "proudly" confirm that last Thursday 9th of November I received 3 phishing emails (the brands being imitated were Telekom, DHL, and the last one was "I recorded you" extortion attempt). Right the next day, I received two more phishing emails (imitating VUB Bank and again DHL in Arabic.) 

Why would anyone attack me?

OK, you might oppose me by saying it doesn't necessarily mean that truly everyone is in the attacker's scope, but let's move on. Many might be asking - why would anyone want to target you - a commoner, a regular dude, or a girl? Well, the truth is - if you are an average Joe - they don't necessarily target you specifically; you might just end up in their nets, which were thrown nearby (a tactic called "spray and pray").

Yet you have to remember that regardless of a person's socio-economic status, everyone possesses financial assets or information that can be exploited! And then, there is also revenge motive and, last but not least - access linked to one's occupation. These things interest the fraudsters, though the most common (or visible) one is the financial gain.

Especially for the last point, cybercriminals might be more interested in you than you might think. 76% of (zero-hour) phishing attacks were spear phishing attacks trying to steal the target's credentials [4]. If you have a certain role within your organization, like CxO, Accounting, and Finance staff, you could very well be a facilitator to an Authorized Push Payments fraud. If you are holding a more technical position, e.g., IT admin, DB admin, Architect, etc., you might allow a data exfiltration thanks to your IT access privileges. Anyone with access to valuable information, access to money, authority to move money, and force decisions is a very "juicy" target, and it often depends on the maturity of the attackers how wide and far they will want to exploit their entry point. Be aware that phishing and stolen or compromised credentials were the two most common initial attack vectors [5].

I'm well aware of the risks; It can't happen to me!

I would put the above heading into the category of  "Last famous words." If you agree with the paragraph heading, pay extra attention to the below newspaper headlines:

• Tech Executive Falls Victim to $450K Scam on Dating Site [6]
• IT pros: Half Of Our CEOs Fall Victim To Phishing Scams [7]
• 1 in 4 employees who fell victim to cyberattacks lost their jobs [8]
• Phishing Scheme Targets Professors’ Desire to Please Their Deans [9]
• Nidhi Razdan, News Anchor, Falls Victim to Phishing Attack in The Name of Job Offer From Harvard University [10]
• 9 Celebrity Victims of Fraud [11]
• Nobel Laureates Get Scammed, Too [12]
  

These headlines were supposed to make a point that no matter your knowledge, experience, or awareness, literally anyone - me, you, your spouse, your kids, best friends, family members - we all can fall victim to fraud. I have also been the victim of fraud on more than one occasion, but let's leave the story for some other time. So trust me on this - everyone is a target and everyone can become a victim of fraud. Period.

As we see in almost every report - fraud is all around us, and it is practically impossible not to be targeted by it. It's not only more prevalent but also more sophisticated. Especially with new technologies, new scams are becoming harder to spot, even for seasoned professionals!

Therefore, please don't become the headline of the newspaper article like the ones above. Be vigilant and try to slow down and re-assess situations, especially when something feels odd. We often unconsciously feel something is off, yet due to many things on our minds at any given moment, we learned to push through. Even the most cautious person is not cautious and vigilant 100% of the time, so when you feel tired, under a lot of stress, or exhausted, and you receive a call from the bank, police, or IRS, slow down the conversation and think twice before taking any further step. And, finally, after securing yourself - please help the others - those around you, your friends and family, and don't forget also your kids. Make them aware of potential risk and scams they might face.

---------------------

References: 

[1] Cyber Security Breaches Survey 2021, https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2021/cyber-security-breaches-survey-2021 

[2] Email Statistics Report, 2018-2022, https://www.radicati.com/wp/wp-content/uploads/2018/01/Email_Statistics_Report,_2018-2022_Executive_Summary.pdf 

[3] Email Usage Statistics 2022: How Many People Use Email?, https://wpdevshed.com/email-usage-statistics/ 

[4] Slashnet - The State of Phishing 2022, https://www.slashnext.com/wp-content/uploads/2022/10/SlashNext-The-State-of-Phishing-2022.pdf

[5] IBM’s Cost of a Data Breach Report 2023, https://www.ibm.com/reports/data-breach?utm_content=SRCWW

[6] https://finance.yahoo.com/news/tech-executive-falls-victim-450k-190411822.html

[7] https://blog.knowbe4.com/it-pros-half-of-our-ceos-fall-victim-to-phishing-scams

[8] https://www.securitymagazine.com/articles/97321-1-in-4-employees-who-fell-victim-to-cyberattacks-lost-their-jobs

[9] https://www.chronicle.com/article/phishing-scheme-targets-professors-desire-to-please-their-deans-all-for-500-in-gift-cards/

[10] https://www.latestly.com/india/news/nidhi-razdan-news-anchor-falls-victim-to-phishing-attack-in-the-name-of-job-offer-from-harvard-university-read-her-statement-2268344.html

[11] https://celsolicitors.co.uk/9-celebrity-victims-of-fraud/

[12] https://blog.knowbe4.com/nobel-laureates-get-scammed-too