Phishing attacks often use personalized subject lines with recipient information to deceive targets, as an analysis of Q3 2023 to Q3 2024 data reveals the top five industries targeted by these attacks, including common subject customization tactics employed within each sector.
Cofense Intelligence redacts PII and proprietary information from threat intelligence reports to safeguard customer privacy, enabling the delivery of actionable insights while maintaining confidentiality.
Subject redaction was most frequently applied to emails targeting finance, manufacturing, mining, healthcare, and retail. Threat actors customized email subjects to evade detection, and attack volumes varied seasonally within each industry.
Credential phishing attacks targeting the finance and insurance industries are increasing, with subject lines mimicking legitimate business communications. While attack volumes fluctuated throughout 2023 and early 2024, the industry remains a primary target for cybercriminals.
Cyber threat actors are increasingly targeting the manufacturing industry with personalized phishing emails, which often contain sensitive information like order numbers or contract details in the subject line to bypass security filters and increase the likelihood of successful attacks.
The mining, quarrying, and oil and gas extraction industries experienced a high rate of targeted emails with sensitive subject lines, particularly proposals, invoices, and document sharing notifications. While the redaction volume decreased slightly in Q3 2023, it remained significantly higher compared to other industries.
Threat actors frequently target the healthcare and social assistance industry with credential phishing emails disguised as legitimate notifications or document-related communications, capitalizing on the industry’s reliance on such emails.
Retail trade remains a prime target for credential phishing attacks. Despite a slight decrease in Q4 2023, Q3 2024 saw a resurgence in such attacks, indicating a potential uptick in the coming quarter.
The purpose of the attack is to trick victims into divulging their credentials by using subject lines that are highly targeted and frequently imitate legitimate business interactions.
Cofense Intelligence found that voicemail-themed phishing emails often use personal or company names in both the subject and .HTM(L) attachments, a tactic commonly exploited by attackers to steal credentials, despite the uncommon legitimate use of .HTM(L) files within organizations.
Emails with finance-themed subjects, often including personalized recipient names or company names, can be used to mask malicious attachments, which typically .docx files with PII-containing filenames can be easily overlooked due to their seemingly legitimate nature.
Credential phishing attacks commonly leverage .HTM(L) and .DOC(X) file types disguised as legitimate documents, often with familiar email subjects, to trick users into compromising their credentials.
HTML attachments in phishing emails, often with redacted subjects, are frequently used to mimic legitimate login pages, which can be pre-populated with the recipient’s email address, increasing the likelihood of successful phishing attacks.
It frequently use .DOC(X) attachments to deliver malicious URLs or QR codes, which often bypass security filters due to their common use in business settings, increasing the risk of successful attacks.
