2016 Phishing Trends & Intelligence Report: Hacking the Human 

There is no doubt that phishing remains the top threat vector for cyberattacks. Exploiting the human vulnerability continues to be the most attractive and successful path for threat actors targeting the assets of organizations and individuals. For this reason, phishing is used prevalently across the adversary spectrum, from novice cybercriminals to advanced nation-state cyber operations.

This report provides trend analysis in phishing attacks, and insight into the techniques being used in those attacks. It attempts to provide clarity on who is being targeted and how. Readers will have a better understanding of phishing threats, the changing phishing landscape, and be better equipped to protect against them (and, ideally, join the effort to fight back)

Key findings:

  • Spear phishing remains the primary initial attack vector used by APT actors. However, 22 percent of spear phishing attacks analyzed in 2015 were motivated by financial fraud or related crimes.
  • The number of organizations targeted with Business Email Compromise (BEC) spear phishing attacks grew tremendously in 2015 as threat actors refined BEC techniques and sought new victims.
  • 90% of consumer-focused phishing attacks targeted financial institutions, cloud storage/file hosting sites, webmail and online services, ecommerce sites, and payment services.
  • While financial institutions and payment services continue to be the most highly targeted organizations, their share of overall phishing volume declined in 2015.
  • There was a distinct increase in the percentage of phishing attacks targeting cloud storage and file hosting sites, webmail and online services, and ecommerce sites.
  • Gmail is used for more than half of all drop email accounts, making it the top webmail service used by attackers to receive credentials stolen via phishing.
  • During the holiday season, online services and ecommerce companies were heavily targeted while attacks targeting other sectors declined.
  • Social media is a primary promotion and distribution channel for consumer-focused phishing kits and related goods or services.
  • Techniques to evade automated detection of phishing attacks and to prevent analysis of attack components are becoming more commonplace, even among less sophisticated threat actors.