New trend report shows how email phishing attacks hook organizations

A new study on email phishing attacks revealed that DHL, Google & Amazon were the most frequently spoofed brands while operations and finance were the most remediated departments.

Anti-email phishing technologies, Ironscales has published its first email phishing attack report called, Trend Report: How Modern Email Phishing Attacks Have Organizations on the Hook. The study, which was commissioned to identify trends in email phishing, such as attacker patterns, current phishing tools & techniques and emerging hacker preferences, analysed more than 8,500 verified attacks against 500,000 mailboxes at 100 organisations within the financial services, insurance, healthcare and power industries, among others, across EMEA and North America. The report can be downloaded here.

Phishing has evolved from a nuisance into a global epidemic in which organisations of all sizes and across all industries are being negatively impacted at high frequency. In 2016 alone, the SANS Institute revealed that 95 percent of all cyberattacks began with spear-phishing; the Ponemon Institute reported 86 percent of all phishing attacks contain ransomware, and the Anti Phishing World Group (APWG) discovered a 65 percent increase in phishing attacks compared to the previous year, totalling 1,220,523 events worldwide.

Key Findings from the email phishing attack report include: 

  • Spear-phishing is increasingly laser-focused – 77 percent of the verified attacks targeted only 10 mailboxes or less while one-third (33 percent) targeted just one single mailbox.
  • Blast campaigns have become micro-targeted – 47 percent of email phishing attacks lasted less than 24 hours while 65 percent of email phishing attacks lasted for less than 30 days.
  • Attackers testing ‘drip campaigns’ – Of the email phishing attacks that lasted for more than 30 days, 35 percent lasted for 12 months or more.
  • Targeted attacks bypassing traditional email spam filters – For every 5 brand spoofed attacks identified by spam filters, approximately 20 spear-phishing attacks bypassed the safeguard and went undetected.

Eyal Benishti, founder and CEO of Ironscales said: “Sophisticated email phishing attacks represent the biggest threats to organisations of all sizes,”

“This report verifies that attackers have adopted numerous tools and techniques to circumvent traditional rules-based email security and spam filters. It’s now incumbent upon all organisational leaders to make sure that their employees are well-trained in phishing mitigation and that the cybersecurity technology in place is sophisticated enough to identify, verify and remediate email phishing attacks in real-time.”


We’re now live at PrivSec Global!
Taking place across four days from 30 Nov to 3 Dec, PrivSec Global, will be the largest data protection, privacy and security event of 2020.

Register your virtual seat today and gain access to the entire event free of charge. With all sessions available to view live or on-demand, you can build a personalised agenda based on your key focus topics and make the event fit around your work schedule.

Secure your seat

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.