43% of small healthcare organisations reported experiencing a phishing or spoofing incident in the past year.

Solara Medical faced a $9.76 million class-action settlement following a phishing attack.

Phishing attacks now account for over 70% of healthcare data breaches as of 2024.

About 50% of small healthcare organisations lack anti-phishing controls beyond default spam filters.

Only half of small healthcare practices have phishing or spoofing protection enabled.

Salud Family Health had a phishing attack exposing 80,000+ records.

50% of law firms cited phishing as the top cybersecurity concern, a new category this year, surpassing ransomware and user behavior.

Analysis of suspected phishing emails revealed that only 16% were genuinely malicious.

Compromised websites are the second most prevalent link delivery method, at 30%.

Swedish and Norwegian targets comprise a combined 19% of BEC targets.

Among the unidentifiable phishing kits used by phishing sites, Tycoon 2FA accounts for 10%.

After CEOs and executives, the remaining BEC impersonation efforts are aimed at directors and managers (9%), HR personnel (4%), IT staff (3%), and school heads (2%).

Among the unidentifiable phishing kits used by phishing sites, Evilginx accounts for 20%.

The use of URL shorteners accounts for 7% of phishing delivery.

The strategic use of Danish language in BEC scams is 11.9%.

Among the unidentifiable phishing kits used by phishing sites, 16shop accounts for 7%.

The most observed phishing exploitation mechanisms are HTTP POST to remote server accounting (52%) and email exfiltration (30%).

58% of phishing sites now use unidentifiable phishing kits.

PDFs remain the preferred vehicle for delivering malicious attachments in phishing, at 64%.

A significant portion of BEC targets are Danish, at 38%.