Bad news for the good guys. PhishLabs, a company focused on providing phishing defense, has released their first report on phishing trends and they show “a thriving phishing underground.”
Key findings of the 2016 Phishing Trends & Intelligence Report: Hacking the Human:
- Spear phishing remains the primary initial attack vector used by APT actors. However, 22 percent of spear phishing attacks analyzed in 2015 were motivated by financial fraud or related crimes.
- The number of organizations targeted with Business Email Compromise (BEC) spear phishing attacks grew tremendously in 2015 as threat actors refined BEC techniques and sought new victims.
- 90% of consumer-focused phishing attacks targeted financial institutions, cloud storage/file hosting sites, webmail and online services, ecommerce sites, and payment services.
- While financial institutions and payment services continue to be the most highly targeted organizations, their share of overall phishing volume declined in 2015.
- There was a distinct increase in the percentage of phishing attacks targeting cloud storage and file hosting sites, webmail and online services, and ecommerce sites.
- Gmail is used for more than half of all drop email accounts, making it the top webmail service used by attackers to receive credentials stolen via phishing.
- During the holiday season, online services and ecommerce companies were heavily targeted while attacks targeting other sectors declined.
- Social media is a primary promotion and distribution channel for consumer-focused phishing kits and related goods or services.
- Techniques to evade automated detection of phishing attacks and to prevent analysis of attack components are becoming more commonplace, even among less sophisticated threat actors.
You can view the full report from PhishLabs in exchange for your contact information.
