45% of companies have experienced AI-driven phishing attacks.

51% of organizations are prepared for phishing.

74% of respondents stated that phishing is the leading threat, with impersonation of executives or trusted colleagues being the most common tactic.

74% of respondents stated that phishing is the leading threat, with impersonation of executives or trusted colleagues being the most common tactic.

A majority (62%) of people feel confident they can spot a phishing attack.

58% of phishing sites now use unidentifiable phishing kits.

Among the unidentifiable phishing kits used by phishing sites, 16shop accounts for 7%.

Among the unidentifiable phishing kits used by phishing sites, Evilginx accounts for 20%.

Among the unidentifiable phishing kits used by phishing sites, Tycoon 2FA accounts for 10%.

The use of URL shorteners accounts for 7% of phishing delivery.

PDFs remain the preferred vehicle for delivering malicious attachments in phishing, at 64%.

Financial lures are the number one ploy in phishing emails, representing 35% of samples.

Account verification and updates account for 20% of approaches in phishing emails.

Compromised websites are the second most prevalent link delivery method, at 30%.

Among the unidentifiable phishing kits used by phishing sites, other generic kits account for 5%.

Package delivery messages account for 5% in phishing emails.

Legal or HR notices account for 5% in phishing emails.

Urgency-based messaging is the second most tried approach in phishing emails, at 25%.

Travel-themed messages account for 10% in phishing emails.

For phishing delivery, the majority (54%) of cybercriminals leveraged open redirect mechanisms.