Besides financial and cloud storage, the remaining three among the top five targeted industries are webmail/online services, payment services and ecommerce sites. Those five accounted for 91% of all phishing attacks in 2016, the report says.
Attacks against software-as-a-service businesses is increasing rapidly, targeting mainly two companies, Adobe (Adobe ID) and DocuSigh. Again, attackers are attracted to them because they use email addresses as usernames.
“This practice of using email addresses as account credentials is a primary vulnerability in the phishing ecosystem,” the report says. “By targeting these websites, cybercriminals can easily harvest credentials for users of all email services. This is far more efficient than targeting each of those email providers individually and it allows cybercriminals to effectively sidestep potential anti-phishing measures those email providers have in place to prevent the theft of account credentials.”
Sign up for CIO Asia eNewsletters.