Top Five Industries Most Frequently Targeted by Phishing Attacks

Researchers analyzed phishing attacks from Q3 2023 to Q3 2024 and identified the top five industries targeted by subject-customized emails, which often leverage personal information like names, emails, phone numbers, or company names to bypass security measures. 

Employing redaction techniques to protect sensitive information while providing actionable intelligence to clients ensures that valuable insights are shared without compromising privacy.

Subject redaction, a tactic employed by threat actors to obfuscate malicious email content, was most prevalent in finance, insurance, manufacturing, mining, healthcare, and retail. 

Correlations between email themes and threat actors have been observed, as have seasonal fluctuations in attack volume and distinct subject-redacted patterns across these industries, which underscores the evolving tactics of cybercriminals and the importance of robust email security measures to mitigate such threats.

Credential phishing attacks targeting the finance and insurance industries have increased in 2023 and 2024, where cybercriminals employ customized subject lines mimicking legitimate business communications to deceive recipients into divulging sensitive information.

Free Webinar on Best Practices for API vulnerability & Penetration Testing:  Free Registration

Particularly in the second half of the year 2023, the industry continues to be a primary target, despite the fact that the frequency of these attacks experiences fluctuations. 

Cyber threat actors are increasingly targeting the manufacturing industry with personalized phishing emails, which often contain subject lines with Personally Identifiable Information (PII) to bypass security measures and trick recipients into engaging with malicious content. 

This tactic is particularly effective in the manufacturing industry due to the frequent exchange of sensitive information like orders, contracts, and agreements.

While the overall volume of these targeted attacks has decreased, the industry remains a primary target for cybercriminals.

The mining, quarrying, and oil and gas extraction industries are prime targets for targeted email attacks, particularly those involving sensitive information in the subject line, which often leverage proposals, invoices, and document-sharing notifications. 

Similarly, the healthcare and social assistance industry is frequently targeted with credential phishing emails containing PII in the subject line, capitalizing on the industry’s reliance on document-based communication. 

Both industries experienced a high volume of such attacks in Q3 2023, with a less pronounced decline in the former and a slight dip in the latter in subsequent quarters.

There is a correlation between email themes and redacted PII, particularly in voicemail and finance-themed emails.

Attackers often include the recipient’s name or company name in both the subject and attachment names to enhance legitimacy. 

The most common malicious file types associated with these emails are .HTM(L) and .DOC(X), mimicking legitimate document formats, which increases the likelihood of employee interaction with these phishing emails.

Cofense Intelligence found a significant correlation between redacted subject lines and .HTM/.HTML attachments in credential phishing emails, which are often embedded with the recipient’s email address, mimic legitimate login pages, increasing the likelihood of successful attacks. 

Less common but still prevalent are .DOC/.DOCX attachments, which typically contain malicious URLs or QR codes that redirect users to phishing sites, as well as the use of common file formats like .DOC(X) can bypass security filters, making these attacks more effective.

Analyse Real-World Malware & Phishing Attacks With ANY.RUN - Get up to 3 Free Licenses