During 2022 and 2023, more than half of phishing incidents were targeted, aiming at specific organizations, sectors, or countries. The data reveal that the attackers concentrated on government agencies within the public sector (government and defense-related targets accounted for a substantial portion of incidents), while businesses in science and education also emerged as a notable target. This pattern was highlighted in a briefing on cyber security in finance, based on a concise report from Positive Technologies.
Analysts note that impersonation is the most frequently used tactic in these targeted campaigns. In about a quarter of the cases, attackers pose as legitimate counterparties, delivering fake reconciliation reports, invoices, renewal notices, and other documents tied to routine business interactions. This approach leverages the trust that accompanies official-looking messages and documents.
The prevalence of this tactic is explained by its versatility: it can be deployed against virtually any organization, typically involving links or attachments that lure victims. In more than half of the observed incidents, the lure was not linked to a specific sector, enabling broad applicability. Still, targeted efforts extended to medical, financial, industrial, and telecommunications organizations, underscoring the broad reach of these scams. An analyst from the security analytics team at Positive Technologies emphasized that this technique remains popular due to its simplicity and effectiveness.
Phishing campaigns predominantly rely on email delivery, representing the vast majority of incidents. Yet attackers adapt to different business environments by using instant messaging and short message service channels to convey malicious content. A common scenario involves impersonating an executive or a trusted employee to propagate messages across multiple communication platforms. To craft convincing fake identities, attackers only need the name and available photos of a head or other key personnel within the victim organization.
Recent insights also highlight a historical trend in the region where deceptive practices were frequently used to mislead customers of certain financial institutions on the internet. This underscores the ongoing risk landscape and the need for robust defenses to mitigate credential theft, fraudulent invoices, and other manipulation tactics commonly employed in phishing schemes.