The overall trend of employees clicking on phishing links is steadily increasing within the financial services industry. From January to September 2019, there was a 147% increase in total number of clicks on phishing links.

For instance, one attack in May 2019 caused a temporary spike of 274% among Menlo Security’s customers. The data refers to actual clicks rather than phishing emails received, which means that the attack bypassed all existing security defences, landed in an inbox and was clicked by an employee.

Overall, despite advances in security technology and new products, phishing attacks still seem to be effective. As enterprise cloud applications like Box, Salesforce, OneDrive, DropBox and others are adopted more widely, there has been a surge in phishing/credential theft carried out on those cloud services.

Attackers are increasingly hosting malicious content or files on SaaS services to trick users and security products into thinking the email is for a legitimate business purpose.