Executive Summary
Most of you are probably very familiar with phishing at this point. You know, those emails that pretend to be from your bank, social network, or email provider and try to steal your credentials. It’s an old, established, and (sadly) effective tactic.
If you’ve been unfortunate enough to fall victim to this type of attack, you are not alone, and don’t beat yourself up over it. Due to the psychological and sociological aspects of phishing, even highly knowledgeable individuals may fall prey.
Human error continues to be an integral element whenever organizational security fails against data breaches. The human element features in 74% of all breaches, with people being involved either via error, privilege misuse, use of stolen credentials or social engineering.
Phishing has now evolved and become a field of study that merges social psychology, technical systems, security subjects, and politics used most typically for financial gain. Generally these attacks are conducted at scale and more often now with the aid of AI automation making them increasingly difficult to detect and catch.
Phishing is a lucrative game. And, like any criminal enterprise, its participants continually refine their tactics to be more effective and targeted.