I had a look at the recent Mandiant M-Trends report. Interesting stuff. They observed that employees seem to fall for hacking tricks mostly on Wednesdays, and are most likely to click on these phishing links seem to come from IT in their own organization. The graph above is just a snippet of much more interesting data.
Laura Galante, manager of threat intelligence for Mandiant, told SCMagazine.com in an interview that the social engineering trend remained a common attack method through the first quarter of this year, as well. "We were able to go in and see the initial compromise, in this case, [by] looking at spear phishing emails," Galante said. More at SC Magazine.
Funny thing is that well over three years ago, we standardized on an email coming from IT in our baseline Phishing Security Test which is the start of our Kevin Mitnick Security Awareness Training program.