SpyCloud, the leading identity threat protection company, released an analysis of nearly 6 million phished data records recaptured from the criminal underground over the last six months. Phishing attacks have been growing in scale and sophistication, and SpyCloud’s research reveals that cybercriminals are increasingly targeting high-value identity data that can be used for follow-on attacks like ransomware, account takeover, and fraud.
While the data reflects only a snapshot of the phishing threat landscape, it provides valuable insights for organizations seeking to bolster defenses, enhance user training, and prevent identity-based attacks.
Cyber Technology Insights : TELUS Digital and Sumsub Expand Partnership to Offer Full-Stack Identity Verification and Fraud Solutions
Key findings from SpyCloud’s analysis of phished data include:
- 94% of Fortune 50 companies have employee identity data exposed as a consequence of phishing attacks.
- 81% of these records contain email addresses, 42% include IP addresses, and 31% include user-agent information identifying device and browser details.
- The top impersonated industries in phishing campaigns include: telecommunications, IT, and financial services.
- Two thirds of the 5.5 million records contained credentials, financial information, or visitor metadata, while 37% came from email targeting lists (a collection of addresses selected for phishing attempts, not necessarily resulting in compromise).
“Phishing threats are not only growing – they’re evolving. In the last six months alone, we’ve seen a 17% increase in phishing emails. What’s especially concerning is that nearly 82% of victims had their email credentials compromised in prior data breaches, giving attackers a critical advantage,” said Brian Jack, chief information security officer at KnowBe4, a partner of SpyCloud. “This highlights the urgent need for ongoing security awareness training, but it’s only half the equation. Security teams must also have visibility into these specific exposures so they can take swift, targeted action to remediate. Combining human vigilance with actionable intelligence is the most effective way to stop phishing in its tracks – and prevent it from opening the door to broader cyberattacks.”
Cyber Technology Insights : Summit 7 Launches Commander: A Managed GRC Advisory Service for Sustainable Compliance
Phishing attacks are on the rise – not because organizations lack defenses, but because cybercriminals are modernizing their tactics, evolving phishing campaigns into industrial scale operations with phishing-as-a-service (PhaaS) platforms and AI. With the ability to automate the creation of sophisticated phishing kits, threat actors can more easily harvest credentials and 2FA codes, distribute phishing links via QR codes, and bypass CAPTCHAs to avoid detection.
“To combat the growing scale and sophistication of phishing attacks, security teams need access to real-time exposed identity data before it leads to broader compromise,” said Trevor Hilligoss, head of security research at SpyCloud. “One area we find organizations lacking insight is when it comes to phishing target lists, ripe with potential victims of phishing campaigns. Armed with this knowledge, organizations can proactively flag vulnerable accounts, alert these users, and stay even more vigilant to avoid falling prey. This action, further up the attack chain, takes a proactive approach to combating phishing threats before they happen.”Hilligoss continues, “When organizations remediate phished credentials, terminate compromised web sessions, and act on other stolen identity artifacts, they reduce their risk substantially – and disrupt attackers’ ability to escalate privileges and launch ransomware.”
Cyber Technology Insights : TekStream Partners with Cloudflare to Bolster Cybersecurity and Digital Resilience Offerings
To participate in our interviews, please write to our CyberTech Media Room at sudipto@intentamplify.com
Source – prnewswire