U.S. entities remained the most attractive targets of phishing attacks throughout 2018, with an estimated 84% of the total volume of millions of incidents analyzed during the last year.


The top organizations targeted by phishing attacks when taking into account the industry sectors were financial institutions (28,9%), email and online services (24,1%), cloud and file storage (12,6%), payment services (11,1%), and SaaS (7,2%).

“After being displaced by email/online services in 2017, financial institutions are back on top as the single most targeted industry. While the financial industry’s share of global volume has fluctuated each year, the volume of attacks has consistently risen,” says the report.

Free hosting and domains were also increasingly popular among phishing attackers seeing a 200% growth, while free SSL certificates designed to further boost the illusion of the emails coming from a trusted source saw an overall rise in usage of around 50%

In addition, out of the millions of malicious phishing analyzed during 2018, only 2% were used for malware delivery (crimeware, RAT, and ransomware), while approximately 65% were part of a credential theft scheme (redirecting to phishing and docuphishing sites), and roughly 33% were email scams (BEC, job scams, tech support, and 419 scam).


The report also stats, “Novice cybercriminals use phishing to steal credentials and distribute ransomware. Organized gangs use it to carry out financial fraud and steal millions of dollars. Nation-state actors use it to gain strategic access to target environments,”