{"id":36399,"date":"2020-08-01T15:14:37","date_gmt":"2020-08-01T15:14:37","guid":{"rendered":"http:\/\/5a23397f-f909-43af-a601-2f94b864c0ba"},"modified":"2020-08-01T15:14:37","modified_gmt":"2020-08-01T15:14:37","slug":"phishing-campaigns-from-first-to-last-victim-take-21h-on-average","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/phishing-campaigns-from-first-to-last-victim-take-21h-on-average\/","title":{"rendered":"Phishing campaigns, from first to last victim, take 21h on average"},"content":{"rendered":"<figure class=\"image image-original shortcode-image\"><span class=\"img aspect-set \"><img decoding=\"async\" src=\"https:\/\/zdnet3.cbsistatic.com\/hub\/i\/2019\/07\/12\/50ded6e9-b8ae-4536-b8b8-c38ecd3cc3e2\/istock-9162001221.jpg\" class alt=\"istock-9162001221.jpg\"><\/span><figcaption><span class=\"caption\"><\/span><span class=\"credit\"> Getty Images\/iStockphoto <\/span><\/figcaption><\/figure>\n<p>A mixed team of security researchers from Google, PayPal, Samsung, and Arizona State University has spent an entire year analyzing the phishing landscape and how users interact with phishing pages.<\/p>\n<p>In a mammoth project that involved analyzing 22,553,707 user visits to 404,628 phishing pages, the research team has been able to gather some of the deepest insights into how phishing campaigns work.<\/p>\n<p>&#8220;We find that the average phishing attack spans 21 hours between the first and last victim visit, and that the detection of each attack by anti-phishing entities occurs on average nine hours after the first victim visit,&#8221; the research team wrote in a report they are scheduled to present at the USENIX security conference this month.<\/p>\n<p>&#8220;Once detected, a further seven hours elapse prior to peak mitigation by browser-based warnings.&#8221;<\/p>\n<p>The research team calls this interval between the start of the campaign and the deployment of phishing warnings inside browsers the &#8220;golden hours&#8221; of a phishing attack &#8212; when attackers make most of their victims.<\/p>\n<p>But the research team says that once the golden hours end, the attacks continue to make victims, even after browser warnings are deployed via systems like Google&#8217;s Safe Browsing API.<\/p>\n<p>&#8220;Alarmingly, 37.73% of all victim traffic within our dataset took place after attack detection,&#8221; researchers said.<\/p>\n<figure class=\"image image-original shortcode-image\"><span class=\"img aspect-set \"><img decoding=\"async\" src=\"https:\/\/www.zdnet.com\/article\/phishing-campaigns-from-first-to-last-victim-take-21h-on-average\/\" class=\"lazy\" alt=\"phishing-histogram.png\" data-original=\"https:\/\/zdnet1.cbsistatic.com\/hub\/i\/2020\/08\/01\/43718a93-8969-4f76-b466-e1f0f4ce2367\/phishing-histogram.png\"><\/span><noscript><span class=\"img aspect-set \"><img decoding=\"async\" src=\"https:\/\/zdnet1.cbsistatic.com\/hub\/i\/2020\/08\/01\/43718a93-8969-4f76-b466-e1f0f4ce2367\/phishing-histogram.png\" class alt=\"phishing-histogram.png\"><\/span><\/noscript><figcaption><span class=\"caption\"><\/span><span class=\"credit\"> Image: Oest et al. <\/span><\/figcaption><\/figure>\n<section class=\"sharethrough-top\" data-component=\"medusaContentRecommendation\" data-medusa-content-recommendation-options=\"{&quot;promo&quot;:&quot;promo_zd_recommendation_sharethrough_top_in_article_desktop&quot;,&quot;spot&quot;:&quot;dfp-in-article&quot;}\"> <\/section>\n<p>Further, researchers also analyzed user interactions on the phishing pages. They said that 7.42% of the victims entered credentials in the phishing forms, and eventually suffered a breach or fraudulent transaction on their account.<\/p>\n<p>On average, crooks would attempt to breach user accounts and perform fraudulent transactions 5.19 days after the user visited the phishing site, on average, and victim credentials would end up in public dumps or criminal portals after 6.92 days after the user visited the phishing page.<\/p>\n<h3>Most phishing campaigns come from a few major players<\/h3>\n<p>But while researchers analyzed more than 400,000 phishing sites, they said that the vast majority of phishing campaigns weren&#8217;t really that effective, and that just a handful of phishing operators\/campaigns accounted for most of the victims.<\/p>\n<p>&#8220;We found that the top 10% largest attacks in our dataset accounted for 89.13% of targeted victims and that these attacks proved capable of effectively defeating the ecosystem&#8217;s mitigations in the long term,&#8221; they wrote in the report.<\/p>\n<p>Researchers said that some campaign remained active as long as nine months, while making tens of thousands of victims, using nothing more than &#8220;off-the-shelf phishing kits on a single compromised domain name [phishing site].&#8221;<\/p>\n<p>The study&#8217;s findings are conclusive with what <a href=\"https:\/\/www.linkedin.com\/in\/sherroddegrippo\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">Sherrod DeGrippo<\/a>, Sr. Director, Threat Research and Detection at Proofpoint, told <em>ZDNet <\/em>in an interview this week. DeGrippo said that Proofpoint usually tracks around 12 million credential phishing attacks per month and that the best threat actors focus on evasion tactics to avoid getting detected, knowing this would keep their campaigns running for longer, and prolong the &#8220;golden hours.&#8221;<\/p>\n<p>&#8220;In terms of evasion, this is something the credential phish threat actors absolutely work hard on,&#8221; DeGrippo said.<\/p>\n<h3>More collaboration needed<\/h3>\n<p>The academic team blamed the current state of affairs on the reactive nature of anti-phishing defenses, which are usually slow in detecting phishing attacks. However, researchers also blamed the lack of collaboration between industry partners, urging the different anti-phishing entities to work together more.<\/p>\n<p>&#8220;Cross-industry and cross-vendor collaboration certainly makes all entities stronger against phishing and other attacks,&#8221; DeGrippo also added, echoing the study&#8217;s conclusion.<\/p>\n<p>However, the Proofpoint exec also says that entities outside the anti-phishing and cyber-security world also need to pitch in, as well.<\/p>\n<p>&#8220;Additional effectiveness also involves domain registrars, encryption cert providers, and hosting companies to complete abuse takedowns, which can be a challenge as providers can be resource-restrained.<\/p>\n<p>&#8220;Stopping phishing attacks is vital to help protect organizations worldwide and industry collaboration, insight sharing, and action, such as blocking cred phish from reaching victims, is essential,&#8221; DeGrippo said.<\/p>\n<p>The full academic study, entitled &#8220;<strong>Sunrise to Sunset: Analyzing the End-to-end Life Cycle and Effectiveness of Phishing Attacks at Scale<\/strong>,&#8221; is available for download as a <a href=\"https:\/\/www.usenix.org\/system\/files\/sec20fall_oest_prepub.pdf\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">PDF<\/a>.<\/p>\n<p> READ MORE <a href=\"https:\/\/www.zdnet.com\/article\/phishing-campaigns-from-first-to-last-victim-take-21h-on-average\/#ftag=RSSbaffb68\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Most phishing victims experience a fraudulent transaction around 5 days after getting phished, new research shows.<br \/>\nREAD MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":36400,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[62],"tags":[],"class_list":["post-36399","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-zdnet-security"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.7 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Phishing campaigns, from first to last victim, take 21h on average 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/phishing-campaigns-from-first-to-last-victim-take-21h-on-average\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Phishing campaigns, from first to last victim, take 21h on average 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/phishing-campaigns-from-first-to-last-victim-take-21h-on-average\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2020-08-01T15:14:37+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/08\/phishing-campaigns-from-first-to-last-victim-take-21h-on-average.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"770\" \/>\n\t<meta property=\"og:image:height\" content=\"513\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/phishing-campaigns-from-first-to-last-victim-take-21h-on-average\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/phishing-campaigns-from-first-to-last-victim-take-21h-on-average\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Phishing campaigns, from first to last victim, take 21h on average\",\"datePublished\":\"2020-08-01T15:14:37+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/phishing-campaigns-from-first-to-last-victim-take-21h-on-average\\\/\"},\"wordCount\":681,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/phishing-campaigns-from-first-to-last-victim-take-21h-on-average\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/08\\\/phishing-campaigns-from-first-to-last-victim-take-21h-on-average.jpg\",\"articleSection\":[\"ZDNet | Security\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/phishing-campaigns-from-first-to-last-victim-take-21h-on-average\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/phishing-campaigns-from-first-to-last-victim-take-21h-on-average\\\/\",\"name\":\"Phishing campaigns, from first to last victim, take 21h on average 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/phishing-campaigns-from-first-to-last-victim-take-21h-on-average\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/phishing-campaigns-from-first-to-last-victim-take-21h-on-average\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/08\\\/phishing-campaigns-from-first-to-last-victim-take-21h-on-average.jpg\",\"datePublished\":\"2020-08-01T15:14:37+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/phishing-campaigns-from-first-to-last-victim-take-21h-on-average\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/phishing-campaigns-from-first-to-last-victim-take-21h-on-average\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/phishing-campaigns-from-first-to-last-victim-take-21h-on-average\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/08\\\/phishing-campaigns-from-first-to-last-victim-take-21h-on-average.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/08\\\/phishing-campaigns-from-first-to-last-victim-take-21h-on-average.jpg\",\"width\":770,\"height\":513},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/phishing-campaigns-from-first-to-last-victim-take-21h-on-average\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Phishing campaigns, from first to last victim, take 21h on average\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Phishing campaigns, from first to last victim, take 21h on average 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/phishing-campaigns-from-first-to-last-victim-take-21h-on-average\/","og_locale":"en_US","og_type":"article","og_title":"Phishing campaigns, from first to last victim, take 21h on average 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/phishing-campaigns-from-first-to-last-victim-take-21h-on-average\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2020-08-01T15:14:37+00:00","og_image":[{"width":770,"height":513,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/08\/phishing-campaigns-from-first-to-last-victim-take-21h-on-average.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/phishing-campaigns-from-first-to-last-victim-take-21h-on-average\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/phishing-campaigns-from-first-to-last-victim-take-21h-on-average\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Phishing campaigns, from first to last victim, take 21h on average","datePublished":"2020-08-01T15:14:37+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/phishing-campaigns-from-first-to-last-victim-take-21h-on-average\/"},"wordCount":681,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/phishing-campaigns-from-first-to-last-victim-take-21h-on-average\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/08\/phishing-campaigns-from-first-to-last-victim-take-21h-on-average.jpg","articleSection":["ZDNet | Security"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/phishing-campaigns-from-first-to-last-victim-take-21h-on-average\/","url":"https:\/\/www.threatshub.org\/blog\/phishing-campaigns-from-first-to-last-victim-take-21h-on-average\/","name":"Phishing campaigns, from first to last victim, take 21h on average 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/phishing-campaigns-from-first-to-last-victim-take-21h-on-average\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/phishing-campaigns-from-first-to-last-victim-take-21h-on-average\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/08\/phishing-campaigns-from-first-to-last-victim-take-21h-on-average.jpg","datePublished":"2020-08-01T15:14:37+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/phishing-campaigns-from-first-to-last-victim-take-21h-on-average\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/phishing-campaigns-from-first-to-last-victim-take-21h-on-average\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/phishing-campaigns-from-first-to-last-victim-take-21h-on-average\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/08\/phishing-campaigns-from-first-to-last-victim-take-21h-on-average.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/08\/phishing-campaigns-from-first-to-last-victim-take-21h-on-average.jpg","width":770,"height":513},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/phishing-campaigns-from-first-to-last-victim-take-21h-on-average\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Phishing campaigns, from first to last victim, take 21h on average"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/36399","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=36399"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/36399\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/36400"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=36399"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=36399"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=36399"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}