“The State of Phishing Attacks” by Jason Hong provides an enlightening summary of the current state of phishing attacks. First, Hong defines and describes different types of phishing attacks. Second, he describes the motivations behind these attacks. Third, he notes how people create different attacks (e.g. fake phishing email, setting up fake websites, etc.) and he discusses the corresponding motives behind these types of attacks (e.g. using these tools to gain sensitive or confidential information from unsuspecting users). Fourth, Hong cites studies that shed light onto why people fall for phishing attacks. He paints the picture that human nature and human psychology are fallible in the face of expert criminals with advanced design tools and technical savvy. Next, in the section titled “How Bad?”, Hong describes the veracity, the scale, and magnitude of these attacks. He notes that due to lack of reporting by all institutions that are affected by cyber attacks and due to the lack of uniformity in measurement of various phenomena related to these attacks, it can be very difficult to reliably measure the impact of these attacks. Additionally, experts still do not always agree on the best measurement methods and there are some phenomena related to attacks (such as reputational effects) that are difficult to quantify accurately.
Hong also suggests countermeasure to fight back against attackers. One of his most interesting (and I believe useful) suggestions is to focus on