Monday, May 5, 2025
HomeCyber Security NewsTop Five Industries Most Frequently Targeted by Phishing Attacks

Top Five Industries Most Frequently Targeted by Phishing Attacks

Published on

SIEM as a Service

Follow Us on Google News

Researchers analyzed phishing attacks from Q3 2023 to Q3 2024 and identified the top five industries targeted by subject-customized emails, which often leverage personal information like names, emails, phone numbers, or company names to bypass security measures. 

Employing redaction techniques to protect sensitive information while providing actionable intelligence to clients ensures that valuable insights are shared without compromising privacy.

Subject redaction, a tactic employed by threat actors to obfuscate malicious email content, was most prevalent in finance, insurance, manufacturing, mining, healthcare, and retail. 

- Advertisement - Google News

Correlations between email themes and threat actors have been observed, as have seasonal fluctuations in attack volume and distinct subject-redacted patterns across these industries, which underscores the evolving tactics of cybercriminals and the importance of robust email security measures to mitigate such threats.

Top five industries targeted by emails with customized subjects requiring redaction.

Credential phishing attacks targeting the finance and insurance industries have increased in 2023 and 2024, where cybercriminals employ customized subject lines mimicking legitimate business communications to deceive recipients into divulging sensitive information.

Free Webinar on Best Practices for API vulnerability & Penetration Testing:  Free Registration

Particularly in the second half of the year 2023, the industry continues to be a primary target, despite the fact that the frequency of these attacks experiences fluctuations. 

Cyber threat actors are increasingly targeting the manufacturing industry with personalized phishing emails, which often contain subject lines with Personally Identifiable Information (PII) to bypass security measures and trick recipients into engaging with malicious content. 

This tactic is particularly effective in the manufacturing industry due to the frequent exchange of sensitive information like orders, contracts, and agreements.

While the overall volume of these targeted attacks has decreased, the industry remains a primary target for cybercriminals.

The mining, quarrying, and oil and gas extraction industries are prime targets for targeted email attacks, particularly those involving sensitive information in the subject line, which often leverage proposals, invoices, and document-sharing notifications. 

Similarly, the healthcare and social assistance industry is frequently targeted with credential phishing emails containing PII in the subject line, capitalizing on the industry’s reliance on document-based communication. 

Both industries experienced a high volume of such attacks in Q3 2023, with a less pronounced decline in the former and a slight dip in the latter in subsequent quarters.

There is a correlation between email themes and redacted PII, particularly in voicemail and finance-themed emails.

Attackers often include the recipient’s name or company name in both the subject and attachment names to enhance legitimacy. 

The most common malicious file types associated with these emails are .HTM(L) and .DOC(X), mimicking legitimate document formats, which increases the likelihood of employee interaction with these phishing emails.

Cofense Intelligence found a significant correlation between redacted subject lines and .HTM/.HTML attachments in credential phishing emails, which are often embedded with the recipient’s email address, mimic legitimate login pages, increasing the likelihood of successful attacks. 

Less common but still prevalent are .DOC/.DOCX attachments, which typically contain malicious URLs or QR codes that redirect users to phishing sites, as well as the use of common file formats like .DOC(X) can bypass security filters, making these attacks more effective.

Analyse Real-World Malware & Phishing Attacks With ANY.RUN - Get up to 3 Free Licenses

Aman Mishra
Aman Mishra
Aman Mishra is a Security and privacy Reporter covering various data breach, cyber crime, malware, & vulnerability.

Latest articles

NCSC Warns of Ransomware Attacks Targeting UK Organisations

National Cyber Security Centre (NCSC) has issued technical guidance following a series of cyber...

Claude AI Abused in Influence-as-a-Service Operations and Campaigns

Claude AI, developed by Anthropic, has been exploited by malicious actors in a range...

Threat Actors Attacking U.S. Citizens Via Social Engineering Attack

As Tax Day on April 15 approaches, a alarming cybersecurity threat has emerged targeting...

TerraStealer Strikes: Browser Credential & Sensitive‑Data Heists on the Rise

Insikt Group has uncovered two new malware families, TerraStealerV2 and TerraLogger, attributed to the...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

NCSC Warns of Ransomware Attacks Targeting UK Organisations

National Cyber Security Centre (NCSC) has issued technical guidance following a series of cyber...

Claude AI Abused in Influence-as-a-Service Operations and Campaigns

Claude AI, developed by Anthropic, has been exploited by malicious actors in a range...

Threat Actors Attacking U.S. Citizens Via Social Engineering Attack

As Tax Day on April 15 approaches, a alarming cybersecurity threat has emerged targeting...