The top five most-phished industries

New research reveals the top five industries most frequently targeted by specifically tailored phishing attacks using either the recipient's name, email address, phone number, or company name.

The study from Cofense using data drawn from the Cofense Intelligence product between Q3 2023 to Q3 2024 shows, unsurprisingly, that finance tops the list, accounting for 15.5 percent of all credential phishing emails where the product redacted information from the subject in order to safeguard the recipient.

Manufacturing comes next on 11.3 percent, again not too surprising as this is a sector where email communications related to orders, contracts, and agreements are common. In third place is the mining, quarrying, and oil and gas extraction industry where common subject lies focus on proposals, invoices, and notifications for shared documents.

Healthcare takes fourth place on 8.2 percent just ahead of retail on 7.4 percent. In healthcare emails tend to be notification or document related as there are commonly encountered in this sector. Subjects targeted at retail relate to sales, contracts, and urgent shipments to make the email look as if it is a legitimate business interaction.

The research identifies the most frequently encountered malicious file types from credential phishing-based emails as .HTM(L) and .DOC(X) files. This corresponds with the common formats used for legitimate documents in daily operations across industries such as contracts, invoices, and reports. HTM(L) files are most common, accounting for over 90 percent, as they are able to replicate legitimate login pages. Often the HTML page will have the recipient's email address embedded in it too increasing the chances of the user falling prey to the file as it closely replicates a legitimate login page.

You can read more on the Cofense blog.

Image credit: Josepalbert13/Dreamstime.com