Today we published the 2016 Phishing Trends & Intelligence Report: Hacking the Human. We are proud that this report uniquely provides a first-hand, in-depth view of phishing directly from the continuous work PhishLabsTM does to fight back against phishing attacks and the threat actors behind them.
It was researched and written by our very own PhishLabs R.A.I.D.TM (Research, Analysis, and Intelligence Division), which is made up of some of the world’s most respected threat researchers. The information and analysis in this report came directly from our operations and the technology systems we use to fight back against phishing attacks. We analyzed more than one million confirmed malicious phishing sites in 2015, residing on more than 130,000 unique domains.
A few key findings from the report:
- Spear phishing remains the primary initial attack vector used by APT actors. However, 22 percent of spear phishing attacks analyzed in 2015 were motivated by financial fraud or related crimes.
- The number of organizations targeted with Business Email Compromise (BEC) spear phishing attacks grew tremendously in 2015 as threat actors refined BEC techniques and sought new victims.
- 90% of consumer-focused phishing attacks targeted financial institutions, cloud storage/file hosting sites, webmail and online services, ecommerce sites, and payment services.
- While financial institutions and payment services continue to be the most highly targeted organizations, their share of overall phishing volume declined in 2015.
We wrote this report to shed light on significant phishing trends and expose the underlying tools and techniques being used by threat actors to carry out phishing attacks. We hope you find it helpful in your fight against phishing. Download the report here.
We will be hosting a Webinar on March 16, 2016 to go over the results and answer any questions. Register for the webinar here.