2 OUT OF 10 EMPLOYEES ENTER THEIR CREDENTIALS IN PHISHING EMAIL TRAP FORMS

 

• Over 170,000 access credentials to critical company portals compromised in 2024
• Italy among the top five countries in Europe with 60,000 infected devices: data from Yarix (Var Group)

 

Treviso, 16 July 2025 – Two out of ten employees, equal to 20% of a company's workforce, end up unknowingly entering their credentials in deceptive forms contained in phishing emails, messages that simulate official communications – such as those from a bank, supplier or colleague – and prompt the user to click on a link and fill in a form with their username and password. This figure is up from 13.4% in 2023.

 

This is confirmed by the Y-Report 2025, the annual report by Yarix, the cybersecurity competence centre of Var Group, which states that Italian companies are increasingly exposed to cyber-attacks.

 

In addition to phishing, another method of data theft is becoming increasingly widespread: sensitive information is stolen using special malicious software called Infostealer, literally an “information thief”. in 2024 alone, the YCTI (Yarix Cyber Threat Intelligence) team identified over 8.1 million different compromised systems (PCs, company phones, tablets, etc.) and more than 920 million credentials compromised by this type of software (+376.7% compared to 2023).

Among the compromised credentials identified, over 170,000 would have allowed access to critical company portals managed by various technology providers, such as virtual private networks (VPNs), often used by employees working remotely, and firewalls, security “barriers” that filter communication between the inside and outside of the organisation.

This particular type of malicious software is mainly spread through phishing campaigns and pirated software, using a modus operandi commonly employed by ransomware gangs. Once the device is infected, the infostealer collects sensitive data and transmits it to the cybercriminal: from credentials saved on the browser to credit cards, cookies and wallets. These, especially when associated with critical and still valid services, allow attackers to access corporate systems.

According to data collected by Yarix, Italy was the fifth country in Europe in 2024 for infected devices (60,000, +57.9% compared to 2023), preceded by Spain (120,000), Germany (73,000), Poland (71,000) and France (66,000), followed by Romania (54,000), the United Kingdom (44,000), Portugal (34,000) and Hungary (29,000). During 2024, the security teams at the Yarix competence centre also managed and analysed several BEC (Business Email Compromise) incidents, i.e. seemingly legitimate emails sent from compromised or forged addresses, which simulate official communications to trick the user into opening attachments or clicking on malicious links.

Among the incidents analysed, 42% of attacks were concentrated in the first quarter of 2024, facilitated by the spread of new Phishing-as-a-Service, ready-to-use “kits” that allow even those with minimal IT skills to access advanced phishing tools. This tool allowed cybercriminals to bypass multi-factor authentication systems and gain direct access to victims' email inboxes. In these cases, the point of entry for the attack was mainly a phishing email containing a malicious link or attachment sent to a legitimate recipient. Once compromised, the account was in turn exploited to carry out further attacks within the organisation or against external contacts.

The sectors most affected by BEC include manufacturing (23.72%) and food (8.33%).

"Phishing is no longer a risk reserved for large companies: today, even Italian SMEs are the target of increasingly sophisticated and automated attacks. The spread of tools such as Infostealers and Phishing-as-a-Service kits lowers the technical threshold for cybercriminals who, even without in-depth hacking knowledge, have the ability to launch large-scale phishing campaigns. Italy is among the European countries most affected, and it is therefore essential that small and medium-sized enterprises also invest in training, prevention and continuous monitoring," said Mirko Gatto, Head of Cybersecurity at Var Group.