Thursday, January 23, 2025
HomeCyber Security NewsTop Five Industries Most Frequently Targeted by Phishing Attacks

Top Five Industries Most Frequently Targeted by Phishing Attacks

Published on

SIEM as a Service

Follow Us on Google News

Researchers analyzed phishing attacks from Q3 2023 to Q3 2024 and identified the top five industries targeted by subject-customized emails, which often leverage personal information like names, emails, phone numbers, or company names to bypass security measures. 

Employing redaction techniques to protect sensitive information while providing actionable intelligence to clients ensures that valuable insights are shared without compromising privacy.

Subject redaction, a tactic employed by threat actors to obfuscate malicious email content, was most prevalent in finance, insurance, manufacturing, mining, healthcare, and retail. 

Correlations between email themes and threat actors have been observed, as have seasonal fluctuations in attack volume and distinct subject-redacted patterns across these industries, which underscores the evolving tactics of cybercriminals and the importance of robust email security measures to mitigate such threats.

Top five industries targeted by emails with customized subjects requiring redaction.

Credential phishing attacks targeting the finance and insurance industries have increased in 2023 and 2024, where cybercriminals employ customized subject lines mimicking legitimate business communications to deceive recipients into divulging sensitive information.

Free Webinar on Best Practices for API vulnerability & Penetration Testing:  Free Registration

Particularly in the second half of the year 2023, the industry continues to be a primary target, despite the fact that the frequency of these attacks experiences fluctuations. 

Cyber threat actors are increasingly targeting the manufacturing industry with personalized phishing emails, which often contain subject lines with Personally Identifiable Information (PII) to bypass security measures and trick recipients into engaging with malicious content. 

This tactic is particularly effective in the manufacturing industry due to the frequent exchange of sensitive information like orders, contracts, and agreements.

While the overall volume of these targeted attacks has decreased, the industry remains a primary target for cybercriminals.

The mining, quarrying, and oil and gas extraction industries are prime targets for targeted email attacks, particularly those involving sensitive information in the subject line, which often leverage proposals, invoices, and document-sharing notifications. 

Similarly, the healthcare and social assistance industry is frequently targeted with credential phishing emails containing PII in the subject line, capitalizing on the industry’s reliance on document-based communication. 

Both industries experienced a high volume of such attacks in Q3 2023, with a less pronounced decline in the former and a slight dip in the latter in subsequent quarters.

There is a correlation between email themes and redacted PII, particularly in voicemail and finance-themed emails.

Attackers often include the recipient’s name or company name in both the subject and attachment names to enhance legitimacy. 

The most common malicious file types associated with these emails are .HTM(L) and .DOC(X), mimicking legitimate document formats, which increases the likelihood of employee interaction with these phishing emails.

Cofense Intelligence found a significant correlation between redacted subject lines and .HTM/.HTML attachments in credential phishing emails, which are often embedded with the recipient’s email address, mimic legitimate login pages, increasing the likelihood of successful attacks. 

Less common but still prevalent are .DOC/.DOCX attachments, which typically contain malicious URLs or QR codes that redirect users to phishing sites, as well as the use of common file formats like .DOC(X) can bypass security filters, making these attacks more effective.

Analyse Real-World Malware & Phishing Attacks With ANY.RUN - Get up to 3 Free Licenses

Aman Mishra
Aman Mishra
Aman Mishra is a Security and privacy Reporter covering various data breach, cyber crime, malware, & vulnerability.

Latest articles

Critical Vulnerability in Next.js Framework Exposes Websites to Cache Poisoning and XSS Attacks

A new report has put the spotlight on potential security vulnerabilities within the popular...

New Cookie Sandwich Technique Allows Stealing of HttpOnly Cookies

The "Cookie Sandwich Attack" showcases a sophisticated way of exploiting inconsistencies in cookie parsing...

GhostGPT – Jailbreaked ChatGPT that Creates Malware & Exploits

Artificial intelligence (AI) tools have revolutionized how we approach everyday tasks, but they also...

Tycoon 2FA Phishing Kit Using Specially Crafted Code to Evade Detection

The rapid evolution of Phishing-as-a-Service (PhaaS) platforms is reshaping the threat landscape, enabling attackers...

API Security Webinar

Free Webinar - DevSecOps Hacks

By embedding security into your CI/CD workflows, you can shift left, streamline your DevSecOps processes, and release secure applications faster—all while saving time and resources.

In this webinar, join Phani Deepak Akella ( VP of Marketing ) and Karthik Krishnamoorthy (CTO), Indusface as they explores best practices for integrating application security into your CI/CD workflows using tools like Jenkins and Jira.

Discussion points

Automate security scans as part of the CI/CD pipeline.
Get real-time, actionable insights into vulnerabilities.
Prioritize and track fixes directly in Jira, enhancing collaboration.
Reduce risks and costs by addressing vulnerabilities pre-production.

More like this

GhostGPT – Jailbreaked ChatGPT that Creates Malware & Exploits

Artificial intelligence (AI) tools have revolutionized how we approach everyday tasks, but they also...

Tycoon 2FA Phishing Kit Using Specially Crafted Code to Evade Detection

The rapid evolution of Phishing-as-a-Service (PhaaS) platforms is reshaping the threat landscape, enabling attackers...

Microsoft Unveils New Identity Secure Score Recommendations in General Availability

Microsoft has announced the general availability of 11 new Identity Secure Score recommendations in...