According to Phishing.org, the practice of phishing started around 1995. Nearly 25 years later, phishing is still used by attackers of all levels of sophistication. The 2018 Verizon Data Breach Investigations Report (VDBIR) ranks it as the third most common technique used in incidents and confirmed breaches and finds that 70 percent of breaches associated with nation-state or state-affiliated actors involved phishing. However, even low-level hackers are using phishing with success thanks to a rich ecosystem of threat actors on cybercriminal forums and messaging applications sharing tips and tools.
Here are just a few examples of the techniques this wide swath of actors can choose from when executing their phishing campaigns.