Introduction

Welcome to F5 Labs’ third annual report on phishing and fraud. Once again, we’re bringing you data from our partner Webroot® as well as the F5 Security Operations Center.

Phishing continues to be a major source of profit for cyber-criminals, and a big hassle for cyber-defenders. In the F5 Labs 2019 Application Protection Report, F5 Labs found that phishing was responsible for 21% of breaches, the second largest cause of breach reported by U.S. companies. The number one reported breach cause (absent other details) was unauthorized access to email. Because phishing can commonly grant unauthorized access to email, it’s likely phishing is also the cause of some of these breaches. So there you have it: one of the most prevalent ways attackers are breaching data is via phishing.

Anyone who’s been reading our reports over the years should not be surprised by this, since phishing has been bouncing into the top spot every time we look at breach causes. Speaking of breach causes, the 2019 Application Protection Report showed that the finance, health, education, non-profit, and accounting sectors were significantly more likely to be compromised through phishing or illicit email access than any other means.

Why so much phishing? The reason is simple: it’s easy and it works. Attackers don’t have to worry about hacking through a firewall, finding a zero-day exploit, deciphering encryption, or rappelling down an elevator shaft with a set of lockpicks in their teeth. The hardest part is coming up with a good trick email pitch to get people to click on, and a fake site to land on.

The Extant State of Phishing Attacks

It’s 2019 and we’re still dealing with phishing, which stretches back 25 or more years. Mike Simon, CTO of managed detection and response firm CI Security, sees a lot of security incidents. We asked him what he thought of the current state of phishing attacks.