In this year's annual Phishing Trends and Intelligence report we identified phishing sites targeting more than 1,200 different brands belonging to 773 parent institutions. Of the top five targeted industries, they accounted for 83.9% of total phishing volume. There are two big takeaways from this finding: financial institutions are back on top, and each industry is still at risk.
Through our analysis we tracked dozens of different industries that are targeted by and impacted by phishing directly; however, just because a particular industry, real estate for example, make up less than a single percent of all targeted volume, they are still at risk. Let me explain why. Within that real estate group or agency, there can be anywhere from one to dozens or hundreds of employees.
Each of those employees has:
- Bank accounts or accounts with other financial institutions
- Use email
- Store files in cloud storage platforms
- Use online payment service systems
- Probably use some form of software as a service (SaaS) platform
The above five bolded industries are the top most targeted that account for nearly 84 percent of all phishing volume, which means that even though real estate brands may directly be abused less in social engineered attacks, the users that work there are still at risk. This means the firm's accountant can still be targeted by BEC attacks, the marketing team could get a fake Adobe phishing email, and the office admin might be sent a malicious email posing as their bank.
Here's a closer look at how the top five most targeted industries compare to one another:
- Financial Institutions: 28.8%
- Email: 24.1%
- Cloud: 12.6%
- Payment Services: 11.1%
- SaaS: 7.2%
Compared to last year, financial institutions are now back on top. Previously, email, which accounted for 26.1% of phishing volume, held the place over financial, which was at around 20.5%.
Payment Services saw a decline in their overall share of the pie, but still saw an increase in volume. They moved from 16.1% down to 11.1% in the past year. Both Cloud Storage and SaaS remained relatively the same in the past two years. To further highlight the overall shift, though Cloud Storage remained the same, the volume of attacks rose by 48%.
Increasing Shares
After being displaced by email/online services in 2017, financial institutions are back on top as the single most targeted industry. While the financial industry's share of global volume has fluctuated each year, the volume of attacks has consistently risen.
Financial Industry
Year |
Phishing Volume |
2018 |
28.9% |
2017 |
21.1% |
2016 |
24% |
2015 |
29% |
Software-as-a-Service (SaaS)
Meanwhile, as the SaaS industry has acquired more users, it has also seen a steady increase in volume and share.
Year |
Phishing Volume |
2018 |
7.1% |
2017 |
6.4% |
2016 |
1.7% |
2015 |
.7% |
Decreasing Shares
As the only top five targeted industry to see a decline in phishing volume (- 0.1%) payment services dropped down into fourth place overall.
Year |
Phishing Volume |
2018 |
11.1% |
2017 |
15.6% |
2016 |
14.9% |
2015 |
10.4% |
Ecommerce
The Ecommerce industry also dropped one position (into sixth overall) although it did see a 2% increase in phishing volume.
Year |
Phishing Volume |
2018 |
5.8% |
2017 |
8% |
2016 |
11.8% |
2015 |
10.1% |
For further insights on the industries being targeted by phishing attacks and who is at risk, download the newest Phishing Trends and Intelligence report.