Credential phishing continues to be a major threat


Credential phishing continues to be the top threat facing organizations, increasing 10 percentage points since 2020, accounting for 67 percent of all phishing emails now observed.

The latest Annual State of Phishing Report from Cofense also reveals that 52 percent of all credential phishing attempts observed by the Cofense Phishing Defense Center (PDC) were branded as Microsoft.

Among other findings the healthcare industry continues to be the top target of business email compromise (BEC) attacks which accounted for 16 percent of malicious emails found in healthcare environments.

Threats continue to break through into environments protected by email security vendors too, of the Indicators of Compromise (IOCs) analyzed by Cofense, 80 percent contained malicious URLs in the body of the email, while 20 percent used nefarious attachments.

On a positive note organizations are increasingly aligning their employee simulation training with real threats known to be targeting their organization. Cofense has seen a seven-point increase in simulations based on credential phishing in 2021.

“Early on in our journey as a company, we grew our focus from solely security awareness simulation training to more broadly addressing the real phishing threats facing organizations,” says said Aaron Higbee, co-founder and chief technology officer at Cofense. “We knew solving these problems would require continuous innovation, and in 2021 we were proud to take our multi-layered email security architecture to a whole new level through the acquisition of Cyberfish and the launch of brand-new product capabilities.”

You can get the full report and register for a series of webinars to discuss the findings on the Cofense site.

Image Credit: Maksim Kabakou / Shutterstock

Author: Martha Meyer