Data from the Retail Cyber Intelligence Sharing Center (R-CISC) echoes the F5 SOC findings and shows that dramatic increases in shopping activity actually continue into January, making retailers a likely target of attackers.¹ In a 2018 survey of R-CISC members, respondents expressed their concern, identifying phishing, credential compromise, and account takeover (ATO) among their top threats and challenges.²

In F5 Labs’ report Lessons Learned from a Decade of Data Breaches, phishing was found to be the root cause in 48% of breach cases we investigated. Not only is phishing the number one attack vector, it’s considered the most successful because it nets the greatest number of stolen records and therefore has the highest potential impact.

F5 Labs analysis of breach reports to state attorneys general from April to August 2018 revealed that in 86% of cases where personally identifiable information (PII) was compromised, the initial attack vector was phishing—that is, access to confidential data was obtained by an unauthorized person. In 8% of the reported cases, US employees’ W-2 (wage and tax statement) information was requested in phishing emails that appeared to come from a legitimate email address. And in 5% of cases, customers were phished using email contacts stolen from a previously unidentified breach, which had compromised the PII of those customers.

Figure 2 summarizes the types of websites the F5 SOC has taken offline from January 2014 to the end of 2017. The overwhelming majority are phishing sites (75.6%), followed by malicious scripts (11.3%) and URL redirects (5.2%), which are also used in conjunction with phishing operations. Mobile phishing (2%) makes an appearance as a trending new problem, as well.