The Past, Present, and Future of Phishing and Malware

By on Jun 09, 2015

This blog was written by David Bull, McAfee’s former Director, Enterprise Solution Marketing.

In the Digital Age, email is second nature. It’s a commonly accepted method of communication, and a convenient one, at that. With convenience, however, comes danger – especially if you’re not even alerted to the bait!

This email ‘bait’ I’m referring to comes in the form of phishing scams, which are becoming increasingly abundant as hackers see high ROI on their efforts. In fact, up to 95% of hacks start with a phishing email. Obviously, this is a problem for you, your team, and your business. Like with any problem, the best way to understand it and seek a solution is by examining where it came from.

So, let’s take a look at the history of phishing scams, and see what we can glean from these evasive digital threats to educate our future paths.


Since there has been email, there have been phishers. From the great “Nigerian Prince” scam of the late 90s to more complex spear phishing techniques used today — phishing via email has been the single greatest threat to any organization because of the potential to expose corporate data, pertinent financials, banking details, and private employee information. While email is a tool that all businesses rely on to run daily operations, it can also put everyone at risk.

In recent years, organizations both large and small have become increasingly threatened by phishing. It’s not just high-profile enterprises that are phishing targets, but also SMBs with a lot to lose. Recently, a small San Diego lawyer unintentionally clicked on a phishing email that he believed was sent by the US Postal Service. The click triggered a malware installation that transferred nearly $300,000 out of his firm’s bank account to a bank in China. The moral of the story? From family-owned shops to SMBs and large enterprises, phishing has the potential to affect your organization.


Today, the majority of organizations have experienced malware infiltrating their networks through phishing. Two-thirds of decision makers report malware infiltrations through email in the last year. Additionally:

  • 45% believe phishing is a serious or very serious concern
  • 44% fear employees will click on phishing links leading to malware attacks
  • 39% worry about phishing attacks leading to customer data breaches
  • 37% are concerned that data breaches will leak sensitive internal data

The bottom line is that phishing as a method of network penetration is continuing to rise. But, there are preventative measures organizations of all sizes can take to decrease the probability of infiltration.


  1. Assess your risk: Where does your sensitive data reside? Who has access? Take inventory of these things and know how changes (i.e. upcoming new regulations) will affect them. It also helps to know which phishing tactics your users are most susceptible to. Use this combined intelligence to craft a strategy — a combination of people, process, and technology.
  1. Train users: Your employees are your last line of defense against phishing and malware, yet 78% of organizations do not properly train employees to detect and deal with phishing threats. Providing internal security training can boost the overall effectiveness of your security systems.
  1. Select the right security: Finally, keep your organization safe from phishing attempts with a quality security solution, especially when moving email infrastructure to cloud applications such as Office 365 or Hybrid Exchange.



About the Author


We're here to make life online safe and enjoyable for everyone.

Read more posts from McAfee

  1. The Phishing Quiz was very illuminating. Great tool to start a conversation with our community about the dangers of phishing. We did run into one snag however. For some folks the site is causing a certificate error to appear in the browser. The root cause appears to be that the appropriate intermediate certificate(s) has (have) not been installed and not all browsers will automatically fetch the intermediate certificates if they are not supplied by the server. Firefox is one of browsers that does not automatically fetch intermediate certificates.

    Asking folks to click through a security warning kind of nullifies the potential value of any discussion regarding security. The irony has not been lost on some folks.

    Can someone please pass along our findings regarding the certificate issue to the site owners? I could not find a contact link on the site. Thanks for your help.

Subscribe to McAfee Securing Tomorrow Blogs