版权说明:本文档由用户提供并上传,收益归属内容提供方,若内容存在侵权,请进行举报或认领
文档简介
2025
CyberThreatIntelligenceReport
TableofContents
01ExecutiveSummary&Introduction
07
ThreatLandscapeOverview
25
HumanRiskFindings
28
Campaigns,toolingand
environmentsresearch
43StrategicGuidance
ExecutiveSummary
WhileAI-generatedvoiceandvideodeepfakesdominated
headlinesanddiscussionsinthecybercommunityin2025,theseattacksaccountedforafractionofthethreatsthat
bypassedfiltersandactuallyreachedemployees.Thevast
majorityofattacksleveragedmoretraditionalimpersonationanddeceptiontechniquesthathavebeenupdatedtotrickfiltersandslideintonewcommunicationenvironments,
includingsocialmedia.
Sometimesdevelopmentsinthethreatlandscapewere
enhancedbyAIandsometimesnot.Theireffectiveness
wasfueledbyfamiliarity,notvisiblyslickdeceptionand
sophistication.Thenewgenerationofattacksimitated
normalbusinessprocesses,crediblebrands,trustedtoolsandeverydaycommunicationpatterns.
Thisreportrevealsthequantityandqualityofthreatsthatmattermost:theonesthatbypassfiltersandaffectreal
people.Thisintelligencewillhelpyoudevelopyourtrainingandmanageyourhumanriskmoreeffectively.Thisreport’sdatasetisbasedonmillionsofuser-reportedemailsthat
bypassedfiltersin2025.
3keydevelopments
•First,attackersareusingAItoimproveclassicphishingtechniqueswithcleanerlanguage,moreconvincing
formattingandmorebelievableworkflowmimicry.
•Second,adversary-in-the-middle(AitM)phishingkits
havebecomeeasiertodeployandarebecomingmore
widelyadopted.Thesetoolkitsinterceptloginsinrealtime,forwardtheauthenticationtothelegitimateservice,andcapturesessiontokensinadditiontopasswords.AitM
attackscancircumventMFA.
•Third,socialengineeringisincreasinglyexpandingbeyondemailenvironmentsandmovingintosocialplatforms,
recruitmentchannelsandothercommunicationlayersthatshapeprofessionalidentity.
Fluentphish:Flawlessgrammar,livechatsandAitMtoolkits
GenerativeAIraisedthequalitybaselineforphishing
content.Manyphishingemailsarenowpolishedand
grammaticallyperfect,underminingtheclassic“lookfor
typos”advice.Today’sthreatsmightevenreadmorefluentlythanlegitimatecorrespondence.
Recruitmentandaccountsuspensionthemedsocial-mediaaccounttakeoversemergedwithnoveltacticstohijackMetabusinessaccountsthroughbrowser-in-the-browserandlive-chattechniques.Thesecampaigns
underscorehowprofessionalidentities—notjustcredentials—arebeingmonetized.
Phishing-resistantMFAremainsvital,yettheriseofadversary-in-the-middletoolkitscapableofsession-tokentheftshows
thatidentityprotectionmustevolvebeyondtraditionalMFA
prompts.OrganizationscannolongerrelysolelyonpasswordsorSMScodestomaintainaccountintegrity.
Trustedroutines,trustedbrands
Byblendingintolegitimateworkflows,thirdparties,andinfrastructure,attackersachieveafalsesenseoftrust.In2025,theychangedtheirtacticsandadoptedsomenewtechnologiestodoexactlythat,butmoreeffectively.
•Consumerwebmailcontinuestodominate,with
accountingforroughlyone-fifthofallmalicioussenders.
•Themisuseoflegitimateserviceswasalsoprevalent
throughoutthefirsthalfoftheyear,with,forexample,themisuseofSalesforcetripling—from0.6%inJanuary
to1.8%,signalingincreasingattackerpreferenceforrecognized,trusteddeliverypathsthatexploitbothtechnologicalandhumanblindspots.
•Attachment-basedtechniquesdiversifiedasmaliciousSVGattachmentssurged,growing50-foldcomparedto2024,whilemaliciousQRcodes--onceabreakouttrend--now
appearinlessthantwopercentofmaliciousemails.
UpdatingYourSecurityAwarenessandDefensePlaybook
Overall,thefindingsimplyasteadyshifttowardstealth,
automation,andtoken-basedcompromise.Defenders
shouldassumethatattackerscanbypasscommonfiltersandinsteadfocusondetectinganomaliesafterlogin,bindingtokenstodevices,andshorteningsessionlifetimes.
Thedevelopmentoferror-freephishingmessagesreinforcestheneedforbehavioraltrainingthatteachesemployees
toquestionroutine,notjusturgencyanderrors.Awarenessprogramsshouldemphasizeroutine-lookingluresover
sensationalones,whiletechnicalteamsimplementtoken-centricincidentresponseandphishing-resistantMFA.
Finally,everyorganizationshouldreinforcea“Pause→Verify→Act”culturethattreatsordinaryrequestswiththesame
cautionreservedforhigh-urgencyscams.
Together,thesebehavioralandtechnicalsafeguards
transformhumansintoanearlywarningsystemratherthananentrypoint.
Topentitiesimpersonated
Topemotionsexploited
01
Urgency
Curiosity
Trust
02
HumanResources
Approval
Reward-seeking
03
Supplychain3rdparties
PhishingemailscreatedwithAImirrortheoverallthreat
landscape.*Traditionalsigns
liketyposorgrammarmistakesarefarlesssignificanttoday
BackinOctober2023,the
occurrenceofQRcodesin
maliciousemailswentfrom
negligibletoover20%.InH12025,theyonlyshowedupinlessthan2%ofmaliciousemails.
AttachmentTypesbyPopularityin2025vs.2024
25%
15%
10%
5%
0%
In2025,SVGattachmentssawa50-foldincreasein
volumecomparedto2024
.pdf.html.svg.docx.eml
Sincelate2024threatactorshaveincreasingly
abusedSalesforce’smailingservicetosendphishing
emailsfrom:
itsshareofalldomainsusedinphishingrosefrom0.6%inJanuary2025to
1.8%inJune2025
wasoftenusedtodeliverrecruitment-
themedthreatstargetingbusinesssocialmediaaccounts
Linkshortenerpopularity
bit.ly
.t.cocutt.lyshorturl.al
Documentsharingpopularity
Sharepoint.DropboxAdobeDocusign
Twittershortlinksremainthemostpopularlinkshorteningservice
usedinphishing
Dropboxalsoremainsasthe
mostpopulardocumentsharingserviceusedinphishing
600%
Increaseinsocialmedialinksseeninphishingemailssince2023.*Mostlyduetoincreasinguseof
compromisedbusinessemails,astheirsignaturesoftencontainlinkstosocialmedia.
170%
Increaseinpopularityoflinksleading
to
G
inphishingemails.
Threatlandscapeoverview6CyberThreatIntelligenceReport
Introduction
Structuredfordifferentdecisionlevels
anddepth,thisreportstartswithaThreat
LandscapeOverviewsectionthatprovidesTactics,TechniquesandProcedures(TTPs)
andreal-worldexamplesthatdefenders
andanalystscantranslateintodetections,
awarenessplaybooks,andhardeningtasks.HumanRiskFindingsdetailshowendusersperformagainstrelevantthreats,giving
securityawarenessleadersbenchmarks,targets,andresourcingsignals
Finally,TheCampaigns,Tooling,and
EnvironmentResearchsectioncovers
Microsoftvs.Googleplatformnuances,
killchain-styledissectionoftwoseparateMetaimpersonationcampaigns,analysisofGenAI-enabledlures,and2025phishingkitstrends,offeringpractitionersthedeepdivesneededtoanticipateattackermoves,tailorcontrols
andtraining,andpreparecountermeasures.
ThereportisbasedonHoxhunt’sglobal
phishingcampaigndata,includinghundredsofthousandsofattacksbetweenJanuary
andJune2025,referencedagainstdata
fromprioryears.Thedatasetconsistsof
user-reportedemailsthatbypassedfilters;
thus,verystealthysuccess(noreport)is
underrepresented,whilealotofhigh-volumebulkphishingblockedatthegatewayis
excluded.Instead,thereporthighlights
whatslipsthroughdefencesandshowcaseshowattackersareconstantlyadaptingtheiroperations.
Abouttheauthors
Hoxhuntistheleadingplatformforhumancyber-riskmanagement.
Oursolutiongoesbeyondsecurity
awarenesstodrivebehaviourchange
andmeasurablylowerhumancyber-
risk.CombiningAIandbehavioural
science,wecreateindividualized
trainingmomentspeoplelove.We
workwithleadingglobalcompanies
suchasAirbus,IGT,DocuSign,Nokia,
AES,Avanade,andKärcherand
partnerwithglobalcybersecurity
companiessuchasMicrosoft
andDeloitte.
Hoxhunt’sThreatOperationsteam
consistsofthreatanalysts,threat
intelligenceanalystsanddata
scientiststaskedwithprocessing
threatdatareportedtoHoxhunt.
Onamonthlybasis,over500,000
emailthreatsarereportedtousby
endusers.Becauseourendusers
manuallyreporttheemails,ourdata
onlyconsistsofthreatsthathave
managedtobypassemailspamfilters.
ThisdataisanalyzedbytheThreat
Operationsteamandcombined
withotherdatasourcestocreate
actionableintelligence.
Threat
LandscapeOverview
01
HumanRiskFindings8CyberThreatIntelligenceReport
TopSocial
EngineeringTactics
Popularcampaigns
Thissectiondivesintothemostpopularsocialengineeringtechniquesandoffersreal-lifeexamplesofsomeofthemostcommonphishing
campaignsofH12025.
↑Figure1.Exampleofavoicemail-themedMicrosoftimpersonation.
Age-oldtacticsremaineffectiveandhave
continuedtoevolveoverthepastyear,withthemessuchasMicrosoftimpersonationsstillamongthelargestcampaignsobservedbyHoxhunt’sanalysts.Attackerscommonlyutilizeasecurityalerttheme,exploitingurgency,orclaimanewvoicemail
transcriptisavailable(Figure1),toexploitcuriosity.
Attackersmimicfamiliarworkflowsandexploit
urgencyandauthority.
Topentitiesimpersonated
》Microsoft
》Humanresources
》Supplychainthirdparties
Topemotionsexploited
》Urgency》Curiosity
》Trust
》Approval
》Reward-seeking
Gainingaccessto
organizationalaccountsremainsamaingoalforthreatactors.
»MicrosoftimpersonationsarestillamongthelargestcampaignsobservedbyHoxhunt’sanalysts.
HumanRiskFindings9CyberThreatIntelligenceReport
FilesharethemedphishinghasalsoremainedwidespreadthisyearwithDocusignasthemostimpersonatedandmisusedservice(Figure3).Specificsocialengineeringtechniquesvary,buttheendgoalisthesame:stealingtherecipient’sorganizationalcredentials,exploitingbothcuriosityandthefamiliarityofeverydayworkflows.
Threatactorsimpersonatearangeofparties,likeHR,suppliersandserviceprovidersinfileshareattacks.Insomeofthemostpopularcampaignsof
2025,attackersimpersonatedhumanresources,claimingtosharealinktoalistofsalaryincreases(Figure
2),oraskingtherecipienttoreviewadocumentregardingbonus
distributionplans(Figure3).The
socialengineersareexploitingtherecipient’sdesiretoberecognizedandrewarded,stirringcuriosity,andleveragingtrustinanorganizationalauthorityfigure.
»Insomeofthemostpopular
campaignsof2025,attackers
impersonatedhumanresources,claimingtosharealinktoalistofsalaryincreases
↑Figure3.HRimpersonationwhereamaliciousQRcodeissharedviaDocusign,atrustedthird-partyservice.
↓Figure2.HRimpersonationutilizingasalarylisttheme.
HumanRiskFindings10CyberThreatIntelligenceReport
Threatactorsalsoimpersonatesuppliers,partners,andserviceproviderstoshare
maliciousfilesandmanipulateinvoicing,deliverydetails,orcontractterms.Supplychainfraudphishingisoftensentfromfreeemailaddressesorlook-a-likedomains,andemailsalsooriginatefromcompromisedorganizationalemailaddresses(Figure4).Thesetypesofphishingemailsoftenincludemaliciousattachmentswithembeddedlinksleadingtocredentialharvesters.
WhensharingfilesorsendingotherfraudulentemailsfromlegitimateemailaddressesofSMBs,orevenfromlook-a-likedomains,attackersareexploitingtrustandthefamiliarityofeverydayworkflows.
↑Figure4.Remittance-themedphishingemailsentfromacompromisedaccount.
»Supplychainfraudphishingisoftensentfromfreeemailaddressesorlook-a-likedomains,andemailsalsooriginatefromcompromised
organizationalemailaddresses
HumanRiskFindings11CyberThreatIntelligenceReport
↑Figure5.Fakeemailthreadimpersonatingtherecipient’sCEOandBakerMcKenzie.
Supplychainattacksarenota2025novelty(
wewroteabouttheminearly2024,for
example
),buttheyremainapopularthemeusedinmajorcampaigns.Perhapsevenmorenoteworthyin2025istheobservedincreaseofthefakeemailchaintechnique.Threat
actorscraftemailthreadsthatappeartobeapartanongoingconversations,making
theircall-to-action,oftenrequestingthepaymentofalargeinvoice,seemmorecredible.Inonecampaignthatusesthistechnique,attackersattemptedtoconvincetherecipienttoexecutealargefinancialtransactionbyclaimingtherewasanunpaidinvoiceand
impersonatingtherecipient’sCEO(Figure5).
HumanRiskFindings12CyberThreatIntelligenceReport
GenerativeAIandPhishingVisuals
Lately,thevisualoutlookof
commonbulkphishinghasshiftedfromminimal,unformattedemailstomorerefinedtemplateswith
brandingelementsandstructuredlayouts,withtimingthataligns
withtheincreasingqualityand
availabilityofgenerativeAItools.
Arepresentativeshiftinvisual
presentationistheMicrosoft
impersonationframedasa“full
mailbox”alert,aconventionallure.Theneweremailtemplate(Figure6)looksslickerwithbranding
elementsandfootersandis
probabletobeAI-generated,whileanolderphishingemail(Figure7)isplainwithminimalgraphics.
→Figure6.Microsoftimpersonationutilizingasecurityalertthemefrom2025.
»ArepresentativeshiftinvisualpresentationistheMicrosoftimpersonationframedasa“fullmailbox”alert,aconventionallure.Theneweremailtemplatelooksslicker
withbrandingelementsandfootersandisprobabletobeAI-generated,whileanolderphishingemailisplainwithminimalgraphics.
HumanRiskFindings13CyberThreatIntelligenceReport
Althoughneweremailslookmorepolished,improvedvisualsdonotnecessarilymakeacampaignappearmorelegitimate.Infact,thesimpler“fullmailbox”alertfrom2023(Figure7)morecloselymirroredgenuineMicrosoftnotifications(Figure8),appearingmoreauthenticthanthenewer,moreelaborateversion(Figure6).
↑Figure7.Microsoftimpersonationutilizingasecurityalert
themefrom2023.
↑Figure8.RealMicrosoftsecurityalertnotificationfrom2025.
»Althoughneweremailslookmorepolished,improvedvisualsdonotnecessarilymakea
campaignappearmorelegitimate.
》ItisprobablegenerativeAIisdrivingglossier,
moreprofessional-
lookingphishingemails,whilelegitimateemailsareoftenmorestripped-downandutilitarian.
》Themorepolished
designshavenot
completelyreplacedthebasicones:analystsstill
seebothusedinphishingemails.EvenasgenerativeAIgainspopularityin
attackers’toolkits,the
threatlandscapeof2025remainsablendofolderphishingtemplatesandAI-enhancedphishing.
HumanRiskFindings14CyberThreatIntelligenceReport
IndustryObservations
Whilebulkphishingremainsbroadand
opportunistic,sometechniquesshowsigns
ofselectiveuse.Industry-specifictargetingis
limitedbutdoesoccur.Forexample,QR-code-basedluresstandoutinretailwheretheir
usageismorecommon,especiallyinconsumer-facingworkflows.Itisprobablethattacticsare
occasionallytailoredtosector-specificbehaviors,technologies,ortrustdynamics.
↑Figure9.
B
impersonationtargetinghotel
owners.
»Areviewofwestern
cybersecuritynewsinH1
2025reportedmore
human-riskrelatedattacksinthefinancialand
technology/ITindustriesthaninothersectors.
Evenifthebroaderdatadoesn’t
highlightstrongindustrytargeting,therearesomeclearexamplesof
campaignstargetedatspecificindustries.
Forexample,in2025several
campaignstargetingthe
hospitalityindustrywereidentified,impersonatingservicessuchas
B.Figure9shows
anexampleofsuchacampaign,requestingahoteltoconfirmitsdetailstoreactivateanaccount
While
B
impersonationsarenotanovelthreat,theyhave
persistedin2025asoneofthemostprominentexamplesofindustry
targeting.
»Acrossindustries,campaignsconsistently
relyoncoresocialengineeringtactics,such
asurgency,authorityimpersonation,and
moneytransferrequests.Thesetechniques
exploituniversalemotionalandhierarchical
triggers,makingthemeffectiveregardlessofthetargetsector.Threatdatareflectshigh-
volumecampaignsdesignedtobeuniversallyeffectivewithsomeexamplesofindustry-
specifictargeting.However,itisprobablethatmanyseeminglyindustry-focusedattacksareevenmoreprecise,aimingtobreachaspecificcompanyratherthanjustasector.
HumanRiskFindings16CyberThreatIntelligenceReport
RegionalAnalysis
Globallypopulartechniquesincludeurgency,money-transferlures,
authorityimpersonation,document-signinglures,andsecurityalerts.
However,threatdatasuggeststhatregionalvariationinphishingtacticsismorepronouncedthanindustry-specificdifferences.
ThissectionincludesexamplesofregionaltargetingforNorthAmerica,Asia-PacificandEurope.
»Areviewofwesterncybersecurity
newsinH12025reportedmorehigh-
profileattackstargetingprimarilyNorthAmericaandEasternEurope,withEastAsiaandWesternEuropefollowing.
Region:NorthAmerica
Basedonregionaldata,itisprobablethatvoicemail-themedphishing
ismorecommoninNorthAmerica
thaninEuropeorAsia-Pacific.With
wideradoptionofVoIPsystems,like
voicemail-to-emailsolutionsintoday’shybridworkingenvironments,fake
voicemailtranscriptsareanappealingtacticforthreatactors.Somethreat
actorsusingvoicemailtranscriptthemesfocusspecificallyonNorthAmerica.
Inthedataset,faxphishingalsoappearsmorecommonlyinNorthAmericathaninotherregions.
↑Figure10.Voicemail-themedMicrosoftimpersonationtargetingNorthAmerica.
↑Figure11.Exampleofafaxthemedphish.
HumanRiskFindings17CyberThreatIntelligenceReport
Fakesubscriptionrenewalthreatswhichoftenutilizecallbackphishing,were
observedmorefrequentlyinNorthAmerica.
Certainthreatactors,such
asLunaMoth1,havetargetedtheUnitedStateswith
callbackphishing.
CommonlyimpersonatedbrandsincludeMicrosoft,PayPal,GeekSquadandMcAfee.
→Figure12.Fakesubscriptioncampaignutilizingcall-backphishing.
Region:Asia-Pacific
InAsia-Pacific,‘businessopportunity’lures:
opportunitiestoogoodtobetrue,likelow-interestloansorinvestmentpitches,are
observedmorecommonlythaninEuropeorNorth
America.
←Figure13.Exampleofabusinessopportunitythemedphishing
campaign.
1:
/news/security/luna-moth-extortion-hackers-pose-as-it-help-desks-to-breach-us-firms/
HumanRiskFindings18CyberThreatIntelligenceReport
Region:Europe
InEurope,threat
actorsareexploitingconsumers’trustin
traditionalinstitutions:
basedonHoxhunt
data,itispossiblethat
financialinstitution
impersonationsreflecttargetedactivityin
Europe.
→Figure14.Exampleofa
financial-themedphishingemailimpersonatingHSBCBank.
»Althoughmanysocialengineeringtacticsaregloballypopular,
somegroupsspecializeregionallyandmayusesomewhatdifferenttacticsdependingonthetargetregion.Forexample,inEurope,
trustedfinancialinstitutionsaremorecommonlyimpersonated
thanelsewhere,whileinNorthAmerica,particularlytheU.S.,fakesubscriptionrenewalandvoicemail-relatedluresareobserved
morefrequently.
HumanRiskFindings19CyberThreatIntelligenceReport
TopTechniques
Attachmenttypes
In2025,PDFattachmentsremainthetopfiletypeusedinattachment-
basedphishing,accountingfor23.7%inthefirsthalfoftheyear(Figure16).
PDFattachmentsincludedfakeinvoiceswithfraudulentpaymentdetailsandfake
Europolletters,andsomecontainedlinksoradditionalattachmentsleadingtopayloads,oftencredentialharvesters.ItisprobablethatPDFs’abilitytobypassfiltersandappeartrustworthycontributedtotheirfairlystablesharefrom2024(Figure16).
HTMLattachmentsrankedsecondat5.6%inH1,downfrom10%in2024(Figure16).SVGattachmentsrankedthirdat5.0%,markingasignificantincreasefromnear-negligiblesharein2024(Figures15and16).MicrosoftWorddocuments,werefourthat4.4%,whileEMLattachmentsrankedfifthat1.4%inH12025(Figure16).
Other2025attachmentsrangedfromimagefiles(e.g.fakeinvoices)toexecutablefiles.However,becausephishingemailsreportedtoHoxhunthavealwaysalreadybypassed
filters,executablefileswhichareoftenblockedbysecurityfilters,donotmakeupasignificantproportionofthedataset.
AttachmentTypesbyPopularityin2025vs.2024
ure16.Top5
hmenttypesof2025aredtotheirshares4
In2025,SVGattachments
sawa50-foldincreasein
volumecomparedto2024
←Figattaccompin202
.pdf.html.svg.docx.eml
25%
15%
10%
5%
0%
Ontherise:SVGs
WhatareSVGs?
SVG(ScalableVectorGraphics)files
areXML-basedimageformatsused
fordisplayingvectorgraphicsonthe
web.Theycanincludescripts,links,andinteractiveelements.SVGfilescanbeusedinphishingtoembedmalicious
codeorredirectuserstofakeloginpages.
Whatarethemitigationmeasures?
Tomitigatetherisksassociatedwith
maliciousSVGfiles,it’sadvisableto
combinebothhuman-centricand
technicalsolutions.Usersshouldbe
trainedtoknowtherisksassociated
withSVG-filesthroughadaptivesecurityawarenesstraining,andsecurityoperatorsmightconsiderblockingorquarantiningemailswithSVGattachments.
Sincelate2024,theuseofSVGfilesinphishinghasseenalargeincreasefromanichebaseline.
In2025,attacksutilizingSVG
attachmentssaw50-fold
increaseinvolumecomparedto2024.SVGsappearasharmless
graphicfilesandbypassmanyanti-spamemailtools,makingthemanattractivetechniquetoattackers.
AsofSeptember2025,MicrosofthasstoppeddisplayinginlineSVGimagestomitigateincreasing
misuselikecross-sitescripting(XSS)attacks.SVGattachmentscontinuetobesupported2.
2024-07
2024-08
2024-09
2024-10
2024-11
2024-12
2025-01
2025-02
2025-03
2025-04
2025-05
2025-06
ShareofSVGfilesinAttachement-BasedPhishing(July2024–June2025)
16%
14%
12%
10%
8%
6%
4%
2%
0%
↑Figure15.PercentageofSVGsoutofallattachment-basedphishing(July2024–June2025)
2:
/news/security/microsoft-outlook-stops-displaying-inline-svg-images-used-in-attacks/
HumanRiskFindings21CyberThreatIntelligenceReport
QRCodes–NowinAttachments
InOctober2023,theoccurrenceofQRcodesinmaliciousemailrosefromnegligibletoover20%.InH12025,theyonlyshowedupinless
than2%ofmaliciousemails.
》Whatchanged:Detectionsimproved
andattackersreduceduseofQRcodes.
TheyarenowalsohidingQRcodesinsideattachmentslikePDFsorotherwise
obscuringthem,makingithardertotrackusage.
》Whatitmeans:Countsmayhavedeclinedbuttheriskpersists.WhenattackersdouseQRcodes,thegoalisthesameasbefore:
redirectinguserstomalicioussites.
》Bottomline:The2023spikereflected
filterbypass:asfilterscaughtup,
attackersadaptedbyhidingQRcodesinattachmentsorstartingtousedifferenttechniquesaltogether.
»QRcodesinphishingemailsmovedto
attachments,andtheoccurrancereduceddrastically.
HumanRiskFindings22CyberThreatIntelligenceReport
Senderdomains
InH12025,
accountedfor20%of
senderdomainsinmaliciousemails,compared
with2.8%for
,thesecondmost
popularorigindomain(Figure17).
»
accountedfor20%ofsender
domainsinmaliciousemails
Twofactorslikelycontributetothehigher
share:easeofaccountcreationandGmail’sroleasGoogle’ssolefreeconsumeroptionversus
Microsoft’smultipleoptions(Outlook,Hotmail,Live)andtheirregionalvariants.
Top5MaliciousSenderDomainsin2025(occurrence%)
0%5%10%15%20%25%
↑Figure17.Top5malicioussenderdomainsin2025.
HumanRiskFindings23CyberThreatIntelligenceReport
Phishingemailssentfrom3rdpartyservices
Threatactorsutilizethirdpartyservicesforsendingphishingemailstoincreaseperceivedlegitimacyandbypassemailfilters.Commontypesofmisuseincludesign-upsonSalesforceorDropbox(oruseofcompromisedaccounts)and
misuseofDocusignorPayPalmessagefields.
Sincelate2024,threatactorshaveincreasinglyusedSalesforce’smailing
services,oftenusing
noreply@.More
recently,campaignshaveevolvedtoleveragetheSalesforceMarketingCloud,expandingdelivery
methodsbeyondtraditionaltransactionalsenders.
Salesforce’sshareofsenderdomainsamongmaliciousemailsrosefrom0.6%inJanuaryto1.8%inJune(Figure18).Salesforcehasbeencommonlymisusedforthedeliveryofrecruitment-themedcampaigns,seeMetaCampaign
Comparisonssectionforacampaignexample.
Shareofphishingemailssentfrom
01/2024
–
06
/2025
2.0%
1.5%
1.0%
0.5%
0.0%
2024-02
2024-03
2024-04
2024-05
2024-06
2024-07
2024-08
2024-09
2025-02
2025-04
2025-06
2024-01
2024-10
2024-11
2024-12
2025-01
2025-03
2025-05
↑Figure18.Shareofphishing
emailssentfrom
(January2024–June2025)
»Sincelate2024,threatactorshaveincreasinglyusedSalesforce’smailingservices,oftenusing
noreply@
.
Phishinglinks
600%
increaseinsocialmediain
phishingemailssince2023.
温馨提示
- 1. 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。图纸软件为CAD,CAXA,PROE,UG,SolidWorks等.压缩文件请下载最新的WinRAR软件解压。
- 2. 本站的文档不包含任何第三方提供的附件图纸等,如果需要附件,请联系上传者。文件的所有权益归上传用户所有。
- 3. 本站RAR压缩包中若带图纸,网页内容里面会有图纸预览,若没有图纸预览就没有图纸。
- 4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
- 5. 人人文库网仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对用户上传分享的文档内容本身不做任何修改或编辑,并不能对任何下载内容负责。
- 6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
- 7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。
最新文档
- 重组家庭小学生心理健康调查问卷
- 2026年矿山生态修复考试试卷及答案
- 神经炎症与疾病治疗新靶标
- 2026年春季学期高中生心理健康调查问卷(家长版)
- 社交媒体数据安全挑战
- 结核病疫苗递送系统的跨种属应用研究
- 2025 初中写作校园作文的生活场景捕捉课件
- 2025 初中写作成长作文的进步历程展现方法课件
- 节能技术应用实施承诺书3篇范文
- 提高经济效益与企业贡献承诺书3篇
- 【《甘肃天水市某公路隧道支护结构设计》25000字】
- 焊接操作工技能评定标准
- 雨课堂学堂在线学堂云《科技英语交流(北京理大)》单元测试考核答案
- GB/T 46587-2025光催化材料及制品空气净化性能测试方法甲硫醇的去除
- 2025年农村金融创新与发展项目可行性研究报告
- DB5107∕T 157-2025 天麻“两菌”-萌发菌、蜜环菌菌种生产技术规程
- 2026年苏州健雄职业技术学院单招职业倾向性测试必刷测试卷附答案
- DB11∕T 1399-2017 城市道路与管线地下病害探测及评价技术规范
- 中等职业学校数学课程标准
- 小儿慢性荨麻疹课件
- 深圳食品安全员考试题库及答案
评论
0/150
提交评论