Phishing’s Role in Breaches: Behind the Numbers of Verizon’s 2025 DBIR

When the extent of phishing’s hidden impact is factored in, it is likely the initial source of compromise in over a third of all breaches

Verizon released the 18th annual installment of the Data Breach Investigations Report in late April. When it came to attack vectors, phishing ranked third in this year’s report, named as the initial access vector in 16% of breaches—behind the use of stolen credentials (22%) and exploitation of vulnerabilities (20%).

A closer look at the report, however, reveals phishing played a much larger role than the official ranking suggests. The DBIR authors acknowledge that there is a hidden element of phishing that may not be reflected in the numbers, and here we seek to gauge the probable extent of phishing’s impact based on its frequent connection to other vectors.

Verizon attributes 60% of breaches to the “human element.”

Of those:

• 32% involved credential abuse
• 23% involved social actions like phishing and pretexting
• 7% involved malware interaction

Credential abuse is frequently the downstream result of phishing or phishing-delivered infostealers. Malware interaction typically involves tricking a user into clicking or installing something—another hallmark of phishing.

If we consider credential abuse (32%) and malware execution (7%) as likely stemming from phishing or phishing-related activity, and add those to the 23% involving social engineering, phishing or phishing-delivered malware probably played a role in as many as 62% of human-element breaches.

Since human-element breaches made up 60% of all breaches in the DBIR dataset, we calculate that phishing was likely the initial source of compromise in as many as 37% of all breaches—more than any other single access vector.

While phishing may not top the chart at first glance, the essential part it plays in infostealer/malware deployment, credential harvesting, and initial access makes it the most consequential vector in the threat landscape.

Read our full article on this: Phishing’s Role in Breaches: Behind the Numbers of Verizon’s 2025 DBIR – Optery

ODSF: The World’s First OSINT Defense Framework

New framework turns digital exposure into a concrete and manageable security surface

Reconnaissance is the first step in any sophisticated attack. Adversaries use OSINT (open-source intelligence) to map a company’s people, infrastructure, and vulnerabilities—often long before any malicious action begins. Until now, however, there’s been no formal controls-based framework for managing OSINT exposure.

That’s changed with the launch of the Open-Source Intelligence Defense & Security Framework (ODSF), created by cybersecurity veteran Ray Heffer.

ODSF is the first comprehensive model designed to help organizations mitigate OSINT-driven threats. It offers 159 measurable controls across five domains:

• Digital Footprint Reduction
• Social Engineering Defense
• Technology Exposure Management
• Executive Protection
• Continuous Monitoring & Response

Aligned with standards like NIST CSF, ISO 27001, MITRE ATT&CK, and Zero Trust, the framework fills a critical gap by treating OSINT exposure as a primary attack vector.

ODSF gives security teams a structured way to move from reactive defense to proactive risk reduction—starting at the very beginning of the cyber kill chain. It’s licensed under CC BY-SA 4.0 and built for collaboration and adaptation.

The ODSF is by far the most comprehensive and actionable resource we’ve seen to help security teams recognize, quantify, and reduce OSINT-based risk.

Learn more at PsySecure: PsySecure – OSINT Defense & Security Framework | Worlds First OSINT Risk Management Framework

Read our Spotlight on Ray Heffer: Privacy Protectors Spotlight: Ray Heffer – Optery

Suspect in Minnesota Shootings Reportedly Used Data Broker Sites to Find Targets

Data broker exposure leveraged in preparation for attacks against public officials

Suspect Vance Boelter, 57, is accused of fatally shooting Minnesota Representative Melissa Hortman and her husband, Mark Hortman, in their home on June 14, and of shooting State Senator John Hoffman and his wife, Yvette Hoffman, earlier that evening.

According to an FBI affidavit, Boelter used data broker and people-search sites to gather personal information in preparation for the attacks. Police recovered notebooks listing:

• Names of over 45 Minnesota state and federal public officials
• 11 data broker platforms used to find personal details like home addresses, phone numbers, and relatives.

This tragedy is a stark reminder of the physical dangers posed by data broker exposure, especially for high-profile and high-risk individuals, and why the U.S. needs stronger laws and enforcement to keep sensitive personal data out of the wrong hands.

Our mission at Optery is to protect individuals from the harms of data exploitation. We send legal demands for opt out and data removal, backed by privacy laws, to hundreds of data brokers, including each of those listed in Boelter’s notebooks (Intelius, BeenVerified, Ownerly, US Search, NeighborWho, PeopleFinders, PeopleLooker, Spokeo, TruePeopleSearch, Pipl, Addresses[.]com, Yellow Pages Directory).

Below are some resources Optery provides to help people gain visibility of their exposure and take back control of their privacy and security.

• Sign up for Exposure Report (free)
• List of Sites Optery covers
• Data Broker Directory
• Self-service Opt Out Guides

Read more: Minnesota Shooting Suspect Allegedly Used Data Broker Sites to Find Targets’ Addresses | WIRED

Suspect in Minnesota Shootings Used Data Broker Sites to Find Targets – Optery