Cofense Annual Phishing Report Highlights 10 Point Increase in Credential Phishing

67% of all phishing emails observed are credential phishing; new report highlights ways that traditional technology can’t keep up with phishing tactics

Cofense, the leading provider of Phishing Detection and Response (PDR) solutions, released its 2022 Annual State of Phishing Report, which sheds light on the value of human reporting and the downfall of relying too heavily on technology controls to prevent phishing. As observed by the Cofense Phishing Defense Center (PDC), phishing attacks containing malicious URLs were four times more likely to bypass secure email gateways than those with attachments.

Marketing Technology News: Martech Interview With Jeanne Hopkins, CRO at Onescreen.Ai

Cofense has equipped more than 30 million people in organizations across the globe to report suspicious emails through Cofense Reporter™, an easy to use, one-click email toolbar button. As a result, Cofense has access to a dynamic and vast dataset of advanced phishing threat intelligence – with more visibility into the actionable phishing emails that are bypassing secure email gateways and hitting user inboxes than any other security company.

Key insights from Cofense’s research and analysis from 2021 include:

• Credential phishing continues to be the top threat facing organizations, increasing 10 percentage points since 2020
  • 67% of all phishing emails observed are credential phishing
  • 52% of all credential phish were branded as Microsoft
• Cofense observed nearly 100 unique malware families, representing the complicated landscape of distinct threats organizations need to keep up with
• The healthcare industry continues to be the top target of business email compromise (BEC) attacks
  • 16% of malicious emails found in healthcare environments were BEC attacks
• Threats continue to break through into environments protected by email security vendors
  • Of the Indicators of Compromise (IOCs) analyzed by Cofense’s Phishing Defense Center, 80% contained malicious URLs found in the body of the email, while 20% utilized nefarious attachments.
• Organizations are increasingly aligning their employee simulation training with real threats known to be targeting their organization
  • Cofense saw a 7-point increase in simulations based on credential phishing in 2021

“Early on in our journey as a company, we grew our focus from solely security awareness simulation training to more broadly addressing the real phishing threats facing organizations. We knew solving these problems would require continuous innovation, and in 2021 we were proud to take our multi-layered email security architecture to a whole new level through the acquisition of Cyberfish and the launch of brand-new product capabilities,” said Aaron Higbee, co-founder and Chief Technology Officer, Cofense.

Marketing Technology News: Chatmeter Completes SOC 2 Compliance Certification

“If there is anything I hope the industry takes away from Cofense’s 2022 Annual State of Phishing Report, it is that threat actors are innovating but SEGs are not, and well-conditioned users report real phish. Cofense is the only email security company that detects phish that have bypassed all major SEG vendors. I believe the number of real phish, reported by real users, found in all major SEG environments speaks for itself,” added Higbee.