Phishing: Today's #1 security threat

A recent Cyren study found that 43% of small- to medium-sized businesses suffered a phishing breach in the last 12 months, making it the top cyber threat category for SMBs. Criminals will go to great lengths to “phish” for sensitive personal employee and corporate financial information that can be resold on the black market or used directly for monetary gain.

What is phishing?

Using an email or link to an online site, a criminal attempts to entice a person into providing sensitive or confidential information which can be used or monetized by the phisher.


A targeted phishing attack focused on a specific person or group of people.

Clone Phishing

A phishing attack in which the 'phisher' uses a genuine, previously delivered email to create an identical (or almost identical) email containing similar content, attachment, recipient, and sender email address. A fraudulent link or attachment replaces the original one.


A form of spear phishing focused on senior corporate executives or high-profile individuals, such as those in government. Email content may request the recipient perform a task, such as providing employee records or sending a wire transfer, or contain malicious links.

Stay up to date with the latest resources from Cyren

Threat report

"The Phishing Issue: From Targeted Attacks to High-velocity Phishing" – Gain insight on the global rise of phishing attacks with Cyren’s special report. Become better informed on phishing and its various sub-genres like business email compromise, financial phishing, spear phishing, and whaling.


On-demand webinar

"10 Steps To Protect Your Business From Phishing Attacks" – Learn how you can stop phishing attacks from impacting your business and employees – how phishing works, how to identify phishing emails and websites, and best practices you can take to stop these attacks.


Blog article

"Trickbot Banking Trojan Making Phishing More Real" – Cyren phishing experts Igor Glik and Magni Reynir Sigurðsson analyze Trickbot, a notorious trojan malware which employs new techniques to hijack browser sessions and steal credentials and security codes.


The phish: Step by step (Download infographic!)

Victim identification

Mass phishing attack
— Untargeted, large group of victims

Targeted phishing attack
— Specific group or high profile victim

Source setup

Brand names
— Phisher selects a brand name for mass email
— Uses newly created domain or hacked website for webpages that resemble the brand name website.

Sophisticated content
— Develops an email with legitimate-looking content
— Spoofs the email address of someone at a target organization

Distribute attack

Mass distribution
— Phisher sends email with brand logos/name and links to fake webpages
— Places links to fake web pages in banner ads, on social media, and in text messages

Targeted distribution
— Phisher sends emails to specific target victim or group

Hook victims

Click Fake Links
— Victims click fake links and enter personal information into fake web page

Respond to email request
— Victim replies to email with request information

Expand / Monetize

Develop additional attacks
— Phisher uses stolen credentials for next phase of attack.
— Collects additional email addresses from hacked accounts

Financial gain
— Phisher sells stolen credentials
— Steals money using credentials from bank, PayPal, or fake wire transfer.

Did you know...

Phishing doesn’t always involve an email distribution. Criminals are creating fake website advertising banners or text advertisements that link back to a malicious URL. The unsuspecting victim clicks the link and enters credentials on the fake site. The sensitive information is then captured and saved by the cybercriminal.

Phishing as a Service (PhaaS): An iPhone phish

Criminal obtains a stolen iPhone.

iPhone owner sends contact info via Find My iPhone.

PhaaS provider sends email or SMS with fake iCloud link to phone's owner.

Original owner clicks link and enters iCloud credentials on fake site.

Provider uses credentials to unlock and reset phone for new criminal owner.

Provider resells credentials on black market.

Prepare for phishing attacks with Cyren's Cyberthreat Report

Phishing sites don't last a zero-day

Cyren experts examined phishing sites tracked and flagged by Cyren's global security cloud and discovered that after 40 hours, over half of the phishing sites analyzed no longer exist, making it difficult for many cybersecurity solutions to detect and block them.

Did you know...

Phishing uses social engineering to create an email that looks like it came from someone the victim knows. The email requests that recipient do something like provide financial information or the password to a corporate login.

Improve your phishing protection level

Password Management

Use password manager that creates different and unique passwords for every site.

Two-Factor Authentication

Require staff to use two different components for login, such as a PIN or password and something he possesses (a phone).

Automated Detection

Use real-time web security gateway with real-time phishing intelligence that draws from large data sources and analytics and provides continuous protection from emerging web threats on all devices.

Browsers provide little phishing protection

 IE 11Internet ExplorerEdgeMicrosoft EdgeFirefoxMozilla FirefoxChromeGoogle Chrome
% of new phishing sites UNDETECTED within 48 hours of Cyren detection or before site went down78%78%48%26%
Average elapsed time for browser warning to appear for new phishing sites, compared to Cyren detection15 hours
29 minutes
15 hours
29 minutes
1 hour
52 minutes
6 hours
23 minutes

Shopping, financial, and internet services most popular phishing targets

Amazon, Apple, eBay, PayPal, and Google are the top five brands most often used in phishing scams.

Brand#URLs% phishing URLs

How Cyren helps stop phishing

Cyren Email Security
  • Blocks delivery of sophisticated, large-scale phishing email attacks on a global basis as attacks happen, in real time
  • Stops users from accessing phishing URLs with "time-of-click" analysis and blocking, not just when an email was sent
Cyren Web Security
  • The Cyren security cloud continuously monitors and blocks access to millions of malicious phishing URLs
  • Pro-active phishing protection identifies just-released "zero-day" and previously unknown phishing links based on the correlation of data across billions of daily and historical transactions