Proofpoint’s Annual Human Factor Cybersecurity Report Details Ransomware Phishing, Cryptocurrency Threats, Cloud Application Attacks, and Email Fraud Trends

Cybercriminals continue to rely on human interaction to click malicious links, download dangerous files, inadvertently install malware, transfer funds, and disclose sensitive information

Sunnyvale, Calif.—April 17, 2018 – Proofpoint, Inc., (NASDAQ: PFPT), a leading cybersecurity and compliance company, today announced its annual Human Factor report findings, which detail how cyberattackers are actively working to exploit people instead of software flaws to steal money and information for financial gain, espionage, and to establish footholds for future attacks. The report, based on analysis of attack attempts across more than 6,000 worldwide enterprise customers throughout 2017, provides insight into attack trends across email, cloud applications, and social media communication channels to help organizations and users stay safe.

“Threat actors continue to find new ways to exploit our natural curiosity, desire to be helpful, love of a good bargain, and even our time constraints to convince us to click,” said Kevin Epstein, vice president of Threat Operations for Proofpoint. “Our research clearly shows that it’s imperative to stop threats before they reach users over email, cloud applications, and social networks. Reducing initial exposure minimizes the chances that an organization will experience a confidential data breach, business disruption, or direct financial loss.”

Proofpoint’s 2018 Human Factor report findings include:

  • Advanced persistent threat (APT) activity is far more likely to target government and defense industries (40% of observed attack attempts), but no industries were exempt.
  • Email continues to be the top attack vector of choice. 30% of clicks in malicious emails happen within 10 minutes of delivery and 52% of clicks occur within one hour.
  • Dropbox-related fraudulent emails were the top lure for phishing attacks, with over twice as many messages as the next most popular lure. However, Docusign phishing click rates exceeded those for Dropbox phishing, and indeed all other credential phishing email lures.
  • More than 80% of malicious emails distributed ransomware and banking Trojans, making them the most widely distributed malware families. Banking Trojans appeared in more than 30% of malicious emails in Europe, Japan, and Australia. Japan also saw the highest regional level of downloader activity in email.
  • Roughly 80% of organizations experienced business email compromise (BEC)/email fraud attacks. The number of email fraud emails using language related to legal advice or practices in their subject lines increased by 1,850% year-over-year.


Email Attacks: Verticals Most at Risk

  • Education, management consulting, and entertainment/media industries experienced the greatest number of email fraud attacks, averaging more than 250 attacks per organization. Education was the most-targeted vertical with an average number of attacks per organization almost four times the average across all industries (up 120% year-over-year).
  • Construction, manufacturing, and technology topped the most phished industries, while manufacturing, healthcare, and technology were the top targets of crimeware, which aims to steal identities for financial gain.


Cryptocurrency Botnets, Cloud Applications, Fraudulent Domains, and Social Media Attacks:

  • Network traffic of cryptocurrency coin-mining botnets jumped nearly 90% between September and November 2017 (mirroring trends in Bitcoin valuations).
  • 60% of cloud service users, including 37% of privileged users, did not have a password policy or multi-factor authentication enforced, which created significant risks.
  • For large enterprises, suspiciously registered domains can outnumber brand-registered domains 20 to 1, meaning victims of phishing attacks are more likely to mistake typosquatted and suspicious domains for their legitimate counterparts.
  • 55% of social media customer support attacks targeted customers of financial services companies.


To download Proofpoint’s 2018 Human Factor report, please visit:

About Proofpoint, Inc.

Proofpoint Inc. (NASDAQ: PFPT) is a leading next-generation security and compliance company that provides cloud-based solutions to protect the way people work today. Proofpoint solutions enable organizations to protect their users from advanced attacks delivered via email, social media, mobile, and cloud applications, protect the information their users create from advanced attacks and compliance risks, and respond quickly when incidents occur. More information is available at

Connect with Proofpoint: Twitter | LinkedIn | Facebook | YouTube | Google+


Proofpoint is a registered trademark or tradename of Proofpoint, Inc. in the U.S. and/or other countries. All other trademarks contained herein are the property of their respective owners.