Phishing campaigns intensify on Tuesdays, with reports showing a pronounced peak every week. On average, this day accounts for nearly one in five fake messages, roughly 19.7 percent of the week’s total. Insights from the Cyber Security Center of the FAS.ST company, shared with socialbites.ca by Yaroslav Kargalev, underline this Tuesday surge.
Following Tuesday, scammers favor Mondays, which attract about 19.2 percent of phishing emails. Wednesdays also see substantial activity at around 19 percent. After midweek, the volume gradually drops, culminating in Sunday when the fewest messages are sent, about seven percent.
Phishing messages are the primary method used to deliver malicious files to victims, a pattern reported by Kargalev as present in the vast majority of letters, well over 98 percent. The most common attachment type is the .rar archive, representing 22.3 percent of all attachments, with .zip close behind at 21.1 percent. The next tier includes files with various extensions that do not hold the top rank, collectively comprising about 17.3 percent. Following this group are extensions such as .z at 7.7 percent, .gz at 5.7 percent, .docx at 5.4 percent, .doc at 4.5 percent, .xls at 4.4 percent, .7z at 4.2 percent, .img at 3.5 percent, and .r00 at 2.8 percent.
Attachment sizes in phishing emails typically range from 32 kilobytes to 2 megabytes. The most common size bracket is around 512 kilobytes to 1 megabyte, which accounts for more than 36 percent of cases. This size profile helps criminals balance payload delivery with email filtering and user willingness to open files on devices.
Observers note a shift over the prior year toward high quality, believable bait letters. Such campaigns often resemble legitimate communications and may reflect the involvement of organized cybercrime groups with resources comparable to state-sponsored efforts. The observed trend includes well-crafted messages and targeted content designed to mislead recipients and prompt quick action, potentially bypassing initial skepticism. These observations come from the Cyber Security Center of the FAS.ST organization and corroborate similar findings from other security researchers in the field.
Most phishing attachments aim to harvest credentials and other sensitive data by prompting users to enter logins into counterfeit sites or embedded forms. The objective is to capture information that can be exploited for unauthorized access, financial theft, or further spread of malware. Analysts emphasize that even seemingly ordinary updates or routine notices can disguise malicious intent when delivered via email attachments or linked download prompts.
Practical steps to reduce risk include verifying sender details, using updated security software, and enabling multi factor authentication across critical accounts. Users should be cautious about opening unfamiliar attachments, especially when the email requests urgent action or uses alarmist language. Organizations are advised to implement robust email filtering, educate staff on identifying common phish indicators, and maintain incident response plans to quickly isolate and remediate breaches. The ongoing campaigns demonstrate that cyber adversaries continually adapt their methods to exploit human behavior, making ongoing awareness and defense essential for personal and corporate resilience. This evolving landscape was highlighted by the same security center in recent briefings and remains a priority for ongoing risk management. (Citation: Cyber Security Center of FAS.ST)