New trend report shows how email phishing attacks hook organizations

A new study on email phishing attacks revealed that DHL, Google & Amazon were the most frequently spoofed brands while operations and finance were the most remediated departments.

Anti-email phishing technologies, Ironscales has published its first email phishing attack report called, Trend Report: How Modern Email Phishing Attacks Have Organizations on the Hook. The study, which was commissioned to identify trends in email phishing, such as attacker patterns, current phishing tools & techniques and emerging hacker preferences, analysed more than 8,500 verified attacks against 500,000 mailboxes at 100 organisations within the financial services, insurance, healthcare and power industries, among others, across EMEA and North America. The report can be downloaded here.

Phishing has evolved from a nuisance into a global epidemic in which organisations of all sizes and across all industries are being negatively impacted at high frequency. In 2016 alone, the SANS Institute revealed that 95 percent of all cyberattacks began with spear-phishing; the Ponemon Institute reported 86 percent of all phishing attacks contain ransomware, and the Anti Phishing World Group (APWG) discovered a 65 percent increase in phishing attacks compared to the previous year, totalling 1,220,523 events worldwide.

Key Findings from the email phishing attack report include: 

  • Spear-phishing is increasingly laser-focused – 77 percent of the verified attacks targeted only 10 mailboxes or less while one-third (33 percent) targeted just one single mailbox.
  • Blast campaigns have become micro-targeted – 47 percent of email phishing attacks lasted less than 24 hours while 65 percent of email phishing attacks lasted for less than 30 days.
  • Attackers testing ‘drip campaigns’ – Of the email phishing attacks that lasted for more than 30 days, 35 percent lasted for 12 months or more.
  • Targeted attacks bypassing traditional email spam filters – For every 5 brand spoofed attacks identified by spam filters, approximately 20 spear-phishing attacks bypassed the safeguard and went undetected.

Eyal Benishti, founder and CEO of Ironscales said: “Sophisticated email phishing attacks represent the biggest threats to organisations of all sizes,”

“This report verifies that attackers have adopted numerous tools and techniques to circumvent traditional rules-based email security and spam filters. It’s now incumbent upon all organisational leaders to make sure that their employees are well-trained in phishing mitigation and that the cybersecurity technology in place is sophisticated enough to identify, verify and remediate email phishing attacks in real-time.”

Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.