Friday Phish Fry

Phishing Email Alerts

Catch of the Day: Data Breach Phish

Examples of clever phish that made it past my anti-spam nets and into my inbox. Some are contributed by clients or readers like you, and other reliable sources on the Internet.

You can send phishing samples to me at

My intention is to provide a warning and show current examples of phishing scams, related articles, and education about how these scams and exploits work, and how to detect them in your inbox. If the pictures are too small or extend off the page, double clicking the image will display them in a photo viewer app.

Verizon: Nearly 80% of Data Breaches Involve Phishing and the Misuse of Credentials

Innovative analysis of data breaches shows which attack vectors are being used and how they’re enabled, highlighting the roles phishing and credentials play.

With the release of the new 2024 Verizon Data Breach Investigations Report, we dug into the findings to continue our coverage of important cybersecurity issues, specifically data breaches and phishing.

The report offers fresh insights and perspectives, which are critical to understanding the evolving landscape of cyber threats.

Traditionally, we’ve seen this report talk about action varieties with phishing as an example, and specific attack vectors (e.g., web applications), but this latest report takes things a step further and combines them to provide InfoSec professionals with a new perspective on where the real problems lie with attacks that lead to data breaches.

As you can see from the table in the blog post, credentials and phishing are present in three of the top four attack combinations.

The combination of credentials and web applications in the top spot aligns with the growth and evolution we’ve seen in the “credential cyber-economy” of late, where credentials are obtained using impersonated brand login pages and then sold on the dark web. According to the report, credentials are compromised in 71% of web application attacks.

Phishing involves email, but it’s interesting to see it take second place, when the top initial attack vector for credential harvesting attacks is actually phishing (meaning behind the top entry is a string of phishing attacks that enabled that attack combination).

Jumping down to fourth and fifth spot, we see that credentials continue to play a role in attack vectors involving desktop sharing software and VPNs.

In total, we see credentials and phishing involved in nearly 80% of data breaches, making the combination of email, social engineering and your users the most critical aspect of your cybersecurity strategy.

Blog post with links and graphics:



About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.