Scam Overview
Phishing & Email Fraud
Emails or texts that impersonate trusted organizations to steal login credentials, financial details, or personal information.
Annual Loss
$2.9B reported globally in 2024
Primary Targets
Anyone with an email account, especially banking and payroll staff
Objective
Harvest passwords, redirect payroll deposits, install malware, steal identities
Key Red Flags
- Urgent language demanding immediate action
- Links that point to misspelled or unfamiliar domains
- Requests for passwords, MFA codes, or sensitive data
- Unexpected attachments (ZIP, HTML, PDF) from unknown senders
Sub-types & Playbooks
Common variations and tactics
01
Credential Harvesting
Fake login pages that capture usernames, passwords, and MFA codes.
02
Business Email Compromise
Attackers impersonate executives or vendors to convince finance teams to transfer money.
03
Malware Delivery
Attachments or links install remote access trojans (RATs) or ransomware payloads.
Insights & Stats
Median Loss
$11,250
Time to Compromise
Under 5 minutes once link is clicked
Growth
+27% YoY