---
title: "Phishing in the News | Phish Protection"
description: "2018"
image: "https://phishprotection.com/og/blog/phishing-in-the-news.png"
canonical: "https://phishprotection.com/blog/phishing-in-the-news/"
---

Quick Answer

According to a Whitepaper by security firm Tripwire, "2018’s primary breach actors were malicious outsiders. They were behind 56 percent of all breaches, followed by - accidental loss at 34 per­cent, So, a majority of beaches come from outside the organization.

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fphishing-in-the-news%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Phishing%20in%20the%20News&url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fphishing-in-the-news%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fphishprotection.com%2Fblog%2Fphishing-in-the-news%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fphishing-in-the-news%2F&title=Phishing%20in%20the%20News "Share on Reddit") [ ](mailto:?subject=Phishing%20in%20the%20News&body=Check out this article: https%3A%2F%2Fphishprotection.com%2Fblog%2Fphishing-in-the-news%2F "Share via Email") 

![Phish Protection blog post image](https://media.mailhop.org/phishprotection/images/2019/02/spear-phishing-prevention-9374.jpg) 

### 2018’s Primary Breach Actors Were Malicious Outsiders

According to a[Whitepaper](http://my.tripwire.com/s04y0bX0JATg0I1rwD10j0H)by security firm Tripwire, “2018’s primary breach actors were malicious outsiders. They were behind 56 percent of all breaches, followed by

accidental loss at 34 per­cent,

- malicious insiders at 7 percent,
- hacktivists at 2 percent, and
- the remain­ing 1 percent falling into unknown.”

So, a majority of beaches come from outside the organization. What we know about external attacks is that somewhere between[91% and 93% of all cybercrimes and cyber-attacks start with a phishing email](https://www.securityweek.com/deepphish-project-shows-malicious-ai-not-dangerous-feared). From this we can conclude that in 2018, a majority of breaches were initiated by a phishing email. And what were those breaches mostly interested in? Identity theft.

![Spear phishing prevention](https://media.mailhop.org/phishprotection/images/2019/02/spear-phishing-prevention-9374.jpg) 

### Phishing Surpasses Ransomware Attacks in 2018

According to research detailed in the new[2019 State of the Phish](https://www.proofpoint.com/us/resources/threat-reports/state-of-phish)report, “last year saw a _65% increase in enterprises compromised by phishing attacks_, with credential compromises rising by **more than 70%** to become the most commonly experienced attack in 2018.”

This increase in phishing attacks now means it’s\_ more prevalent than ransomware as a threat to organizations\_. This was confirmed in the report which claimed that, “83% of IT professionals surveyed said they experienced phishing attacks in 2018.”

### Artificial Intelligence Will Dramatically Improve Phishing Attacks

A[Security Week](https://www.securityweek.com/deepphish-project-shows-malicious-ai-not-dangerous-feared)article discusses the DeepPhish Project in which artificial intelligence (AI) was used to\*\* by-pass anti-phishing defenses\*\*. According to the article, “attackers are already beginning to use their own AI - and this will swing the advantage back to the attacker.”

DeepPhish is the name given to the potential malicious use of AI to aid criminal phishing campaigns. The result of the project was astonishing. Fraud effectiveness at _defeating current defenses increased by 3,000%, from 0.69% to 20.9%._

From the article, “The implication, at least in the short term, is that if bad actors develop new AI-enhanced attacks in other areas, they will achieve increased success until defenders produce their own response to the new attacks.”

![Anti phishing protection](https://media.mailhop.org/phishprotection/images/2019/02/anti-phishing-protection-4875.jpg) 

### Phishing Education Providers Have Been Too Successful

Siggi Stefnisson of Security Week said what we’ve been saying all along:[phishing training is a tool not a solution](https://www.securityweek.com/phishing-training-tool-not-solution). In a recent article, Siggi laments that phishing education providers have been so successful at marketing their services, “_they’ve convinced many that the job of protection should be shifted to the user_.” Unfortunately the reality is much different.

> 

Everyone agrees that training is good, but not at the expense of protection technology.

According to one quote in the article which really puts things in perspective, “A CIO at a large company told me recently that he feels that **40 percent** of his users will click on anything.”

The article further points out that

”

even when an alert user does their duty, the phish may still happen, because we’ve already entered the realm of possible human error.” Effective email security is about layers, with phishing education just one of those layers.

### Evasive Phishware is on the Rise

“Evasive phishing is not a term much heard,” according to[an article on Security Week](https://www.securityweek.com/evasive-malware-meet-evasive-phishing). But the expectation is that it will be. The article added, “evasive phishing is about techniques to **hide phishing infrastructure** \- principally web sites - from security systems and phishing URL crawlers.”

Evasive phishing tactics tend to fall into one of two categories:

1. blocking security systems or
2. blocking access from security bots and crawlers.

According to research on phishing kits, **87% contain** at least one evasive technique. One of the main areas of emphasis for these phishing kits was [spoofing the Office 365](https://docs.microsoft.com/en-us/office365/securitycompliance/anti-spoofing-protection) login page. It is just one more reminder why Office 365 users are so vulnerable to phishing.

The bottom line is this: not only is phishing not going away, but cyber attackers are now taking advantage of the most sophisticated technologies and techniques to perpetrate their attacks. It has never been more challenging for organizations to [prevent phishing](/content/phishing-prevention/). Most companies need help. Let us help you.

## Topics

[ Phishing ](/tags/phishing/)[ Phishing Awareness ](/tags/phishing-awareness/) 

![Brad Slavin](https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg) 

[ Brad Slavin ](/authors/brad-slavin/) 

General Manager

Founder and General Manager of DuoCircle. Product strategy and commercial lead across DuoCircle's 2,000+ customer base.

[LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) 

## Protect your inbox from phishing attacks

Real-time email security with 60-day free trial. No credit card required.

[Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection) [View Pricing](/pricing/) 

## Related Articles

[  Foundational 5m  0ktapus, Okta Breach Helps Attackers Launch Sophisticated Supply Chain Attacks  Sep 5, 2022 ](/blog/0ktapus-okta-breach-helps-attackers-launch-sophisticated-supply-chain-attacks/)[  Foundational 23m  Anatomy of a Trust-Based Attack: Deconstructing the Nifty.com Phishing Campaign and the New Frontier of Corporate Defense  Jun 10, 2025 ](/blog/anatomy-of-a-trust-based-attack-deconstructing-the-nifty-com-phishing-campaign-and-the-new-frontier-of-corporate-defense/)[  Foundational 5m  Business Essentials: The Top Email Marketing Security Strategies for 2023  Dec 13, 2022 ](/blog/business-essentials-top-email-marketing-security-strategies-2023/)[  Foundational 5m  Interserve Fined $5 Million by ICO and Why Anti-Phishing Measures are the Need of the Hour  Oct 28, 2022 ](/blog/interserve-fined-5-million-ico-anti-phishing-measures-hour/)

```json
{"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}}
```

```json
{"@context":"https://schema.org","@type":"BlogPosting","headline":"Phishing in the News","description":"2018's Primary Breach Actors Were Malicious Outsiders by security firm Tripwire, \"2018’s primary breach actors were malicious outsiders.","url":"https://phishprotection.com/blog/phishing-in-the-news/","datePublished":"2019-02-06T09:05:19.000Z","dateModified":"2026-04-17T15:43:10.000Z","dateCreated":"2019-02-06T09:05:19.000Z","author":{"@type":"Person","@id":"https://phishprotection.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://phishprotection.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://phishprotection.com/blog/phishing-in-the-news/"},"articleSection":"foundational","keywords":"Phishing, Phishing Awareness","wordCount":686,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/2019/02/spear-phishing-prevention-9374.jpg","caption":"Phish Protection blog post image","width":1200,"height":630},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://phishprotection.com/blog/"},{"@type":"ListItem","position":3,"name":"Foundational","item":"https://phishprotection.com/foundational/"},{"@type":"ListItem","position":4,"name":"Phishing in the News","item":"https://phishprotection.com/blog/phishing-in-the-news/"}]}
```