Phishing has and will continue to be a threat to anyone connected to the web. This is a fact set in stone, and regardless of advancements in technology, social engineering will allow these attacks to continue to be successful.
Today, we are releasing our latest version of the annual Phishing Trends and Intelligence report. Using data collected from millions of social engineering attacks spanning email, web, social media, SMS, and mobile channels, the report highlights the latest trends and techniques that threat actors use to exploit the employees, customers, and brands of today's enterprises.
In this year's report, we observed shifts in how social engineering is continuing to change. In particular, why malware is landing in less user's inboxes, but both credential theft and phish are on the rise.
In addition to the evolution of social engineering-based threats, our analysts observed continued attacks on the financial industry (back on top), HTTPS use on phishing sites continue to rise, and we take a look at some of the top phishing simulations that organizations fall victim to.
Key Findings
- Phishing attack volume grew 40.9% in 2018
- 83.9% of attacks targeted credentials for financial, email, cloud, payment, and SaaS services
- The use of free website infrastructure to stage and launch attacks grew substantially
- 98% of attacks that made it past enterprise email security controls and into user inboxes contained no malware
- The most effective lures in simulated phishing exercises were Financial/HR and Ecommerce
To be among the first to gain access to the report, register for it here. For more color and insights into the analysis, you can also watch the on-demand webinar featuring our Founder and CTO, John LaCour. To access last year's report, download it here.