1、Annual State ofPhishing Report2021Table of ContentsExecutive SummaryThe Big Phishing Campaigns of 2020Emotet and RyukFighting Crafty Humans Malware in 2020Stopping Attackers with Human Reporting and AnalysisPhishMe in 2020About CofenseLets Get Started The Phishing Defense Center(PDC)TodayHow COVID-1

2、9 Changed the Threat LandscapeThe Need for Decreasing Dwell TimeWhat We Might See in 2021 0314222732051925311357968242020 year in reviewIn fact,in 2020 Cofense stood alone actively discouraging sending COVID-19 themed phishing simulations at the outbreak of the pandemic.The peanut gallery of informa

3、tion security experts grumbled on Twitter about the need for realism.While they were occupied retweeting,the Cofense customer community produced more REAL coronavirus/COVID-19 phishing email indicators than the entirety of the global cyber vendor landscape combined.*Let that gel for a bit.The invent

4、ors of phishing simulations blocked COVID-19 themed PhishMe templates,yet our customers employees reported more real COVID-19 phish than anyone else.A Cofense theme for 2020 was shining a light on the phishing tactics that evade secure email gateway(SEG)detection.We published a stream of SEG bypass

5、samples on our blog prompting many organizations to ask for help testing their email environments.This report explains how Cofense is in a unique position to report on this.In fact,most of this report is focused on the REAL phish we see that bypassed multiple layers of automation,only to be smoked o

6、ut by real humans who are backed by organizations that encourage reporting.What went wrong in 2020Over 1.5 million simulated phishing emails leave our PhishMe infrastructure every Monday.Unfortunately,some non-Cofense customers did not heed our cautionary tale of avoiding certain emotionally charged