---
title: "When it Comes to Phishing Tactics, We Know What Hackers Prefer | DuoCircle"
description: "Here’s a quick, one-question quiz: If you got phished, you most likely: 1. Opened a malicious email attachment 2."
image: "https://www.duocircle.com/images/og-default.png"
canonical: "https://www.duocircle.com/blog/phishing-protection/when-it-comes-to-phishing-tactics-we-know-what-hackers-prefer/"
---

Quick Answer

Proofpoint's Q3 2019 Threat Report found 88% of successful phishing came from clicking malicious links, not opening attachments. Two payload categories drove the impact: Remote Access Trojans (RATs), which give attackers full control of the victim's machine for surveillance and credential theft, and Banking Trojans, which masquerade as legitimate apps to harvest banking credentials. Both doubled in volume from the previous quarter. The defensive implication: pre-delivery URL scanning catches static malicious links, but advanced campaigns use links that are clean at delivery and weaponized after. Real-time link click protection (URL rewriting plus click-time re-evaluation) is the control that addresses both the 88% link problem and the delayed-weaponization tactic.

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=undefined%2Fblog%2Fphishing-protection%2Fwhen-it-comes-to-phishing-tactics-we-know-what-hackers-prefer%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=When%20it%20Comes%20to%20Phishing%20Tactics%2C%20We%20Know%20What%20Hackers%20Prefer&url=undefined%2Fblog%2Fphishing-protection%2Fwhen-it-comes-to-phishing-tactics-we-know-what-hackers-prefer%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=undefined%2Fblog%2Fphishing-protection%2Fwhen-it-comes-to-phishing-tactics-we-know-what-hackers-prefer%2F "Share on Facebook") [ ](https://reddit.com/submit?url=undefined%2Fblog%2Fphishing-protection%2Fwhen-it-comes-to-phishing-tactics-we-know-what-hackers-prefer%2F&title=When%20it%20Comes%20to%20Phishing%20Tactics%2C%20We%20Know%20What%20Hackers%20Prefer "Share on Reddit") [ ](mailto:?subject=When%20it%20Comes%20to%20Phishing%20Tactics%2C%20We%20Know%20What%20Hackers%20Prefer&body=Check out this article: undefined%2Fblog%2Fphishing-protection%2Fwhen-it-comes-to-phishing-tactics-we-know-what-hackers-prefer%2F "Share via Email") 

![Phishing Tactics](https://media.mailhop.org/duocircle/images/2019/11/spf-permerror-8877.jpg) 

Here’s a quick, one-question quiz:

If you got phished, you most likely:

1. Opened a malicious email attachment
2. Clicked on a malicious link in an email

Well, according to Proofpoint’s Q3 2019 [Threat Report](https://www.proofpoint.com/us/threat-insight/post/proofpoint-q3-2019-threat-report-emotets-return-rats-reign-supreme-and-more), _if you got phished, there’s an 88% chance it’s because you clicked on a malicious link_. So, the correct answer is #1\. And that’s just one of the findings in the latest quarterly report.

Other key findings highlight the fact that the volume of [Remote Access Trojans](https://blog.malwarebytes.com/threats/remote-access-trojan-rat/) (RAT) and [Banking Trojans](https://www.maketecheasier.com/what-is-banking-trojan/) doubled from the previous quarter. “_Remote Access Trojans are programs that provide the capability to allow covert surveillance or the ability to gain unauthorized access to a victim PC_.” A Banking Trojan “_disguises itself as a genuine app or software that users download and install. Once installed, it then positions itself in a way to access your banking details_.”

When it comes to **phishing attacks**, RATs and Banking Trojans are about as dangerous as they come. They’re like giving a hacker the username and password to your banking account. And when it comes to phishing attacks, _the single biggest step you can take is to protect yourself from malicious embedded links in emails_.

There are two techniques to protect you from **malicious embedded link**s in emails. The first is to scan the email for malicious links BEFORE it hits your inbox and to block [threatening emails](https://kb.wisc.edu/education/89977). It’s pretty hard to click on a malicious link if the email never makes it into your inbox.

[![email threat](https://media.mailhop.org/duocircle/images/2019/11/spf-flattening-7852.jpg)](https://media.mailhop.org/duocircle/images/2019/11/spf-flattening-7852.jpg)

The other way is to scan the email for malicious links AFTER it hits your inbox. Some of the most advanced **phishing emails** today send emails with safe links which later turn malicious only after the email arrives in your inbox. So, the initial scan turns up negative and delivers the email to you. But, with “real-time” link protection, even if you click on a malicious link after the email arrives, you’re still protected, because it doesn’t let you get to the linked-to website if it’s malicious.

You know the problem. So, what’s the solution? [Phishing Protection](/email/phishing-protection) form DuoCircle. Phishing Protection from DuoCircle comes with true, _real-time link click protection_. So, you’re protected from malicious links in an email no matter what.

Phishing Protection from [DuoCircle](/) is **cloud-based**, which means there’s no hardware, software or maintenance AND you can be up and running in 10 minutes. _It costs pennies per email per month, comes with 24/7 live technical support and you can try it risk-free for 30 days_.

Don’t become a victim to a RAT or Banking Trojan. Protect yourself from the 88%. Get Phishing Protection from DuoCircle today.

![Brad Slavin](https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg) 

Brad Slavin 

General Manager

General Manager at DuoCircle. Product strategy and commercial lead across the email security portfolio.

## Secure your email infrastructure

Protect, authenticate, and deliver. Contact our team to find the right solution.

[Contact Sales](/contact/) [Explore Products](/products/) 

## Related Articles

[  Phishing 11m  AI-Generated Phishing Has Eliminated the Typo: Why Traditional Email Filters Are No Longer Enough  Apr 28, 2026 ](/blog/ai-generated-phishing-eliminates-typos-making-traditional-email-filters-ineffective/)[  Phishing 5m  10 Applications of ChatGPT that Hackers Are Already Exploiting  May 3, 2023 ](/blog/phishing-protection/10-applications-of-chatgpt-that-hackers-are-already-exploiting/)[  Phishing 4m  65% of Global Businesses Ill-Equipped to Defend Against Email-Based Cyber-Attacks  Mar 29, 2016 ](/blog/phishing-protection/65-global-businesses-ill-equipped-defend-email-based-cyber-attacks/)[  Phishing 9m  7 Ways to Protect Your Organization from Email-based Ransomware Attacks  Feb 11, 2018 ](/blog/phishing-protection/7-ways-protect-organization-email-based-ransomware-attacks/)

```json
{"@context":"https://schema.org","@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}],"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://www.g2.com/products/phish-protection-by-duocircle/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://support.duocircle.com"},"knowsAbout":["Email Security","Email Authentication","SPF","DKIM","DMARC","Phishing Protection","Spam Filtering","SMTP Relay","Email Deliverability","Email Forwarding"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"DuoCircle LLC","url":"https://www.duocircle.com","description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}
```

```json
[{"@context":"https://schema.org","@type":"BlogPosting","headline":"When it Comes to Phishing Tactics, We Know What Hackers Prefer","description":"Here’s a quick, one-question quiz: If you got phished, you most likely: 1. Opened a malicious email attachment 2.","url":"https://www.duocircle.com/blog/phishing-protection/when-it-comes-to-phishing-tactics-we-know-what-hackers-prefer/","datePublished":"2019-11-13T15:51:51.000Z","dateModified":"2025-05-23T17:25:34.000Z","dateCreated":"2019-11-13T15:51:51.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://www.duocircle.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin runs DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. His focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/phishing-protection/when-it-comes-to-phishing-tactics-we-know-what-hackers-prefer/"},"articleSection":"phishing-protection","keywords":"","wordCount":437,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/images/2019/11/spf-permerror-8877.jpg","caption":"Phishing Tactics","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}},{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":2,"name":"Phishing"},{"@type":"ListItem","position":3,"name":"When it Comes to Phishing Tactics, We Know What Hackers Prefer","item":"https://www.duocircle.com/blog/phishing-protection/when-it-comes-to-phishing-tactics-we-know-what-hackers-prefer/"}]}]
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://www.duocircle.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":3,"name":"Phishing","item":"https://www.duocircle.comundefined"},{"@type":"ListItem","position":4,"name":"When it Comes to Phishing Tactics, We Know What Hackers Prefer","item":"https://www.duocircle.com/blog/phishing-protection/when-it-comes-to-phishing-tactics-we-know-what-hackers-prefer/"}]}
```

```json
{"@context":"https://schema.org","@type":"BlogPosting","headline":"When it Comes to Phishing Tactics, We Know What Hackers Prefer","description":"Here’s a quick, one-question quiz: If you got phished, you most likely: 1. Opened a malicious email attachment 2.","url":"https://www.duocircle.com/blog/phishing-protection/when-it-comes-to-phishing-tactics-we-know-what-hackers-prefer/","datePublished":"2019-11-13T15:51:51.000Z","dateModified":"2025-05-23T17:25:34.000Z","dateCreated":"2019-11-13T15:51:51.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://www.duocircle.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin runs DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. His focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/phishing-protection/when-it-comes-to-phishing-tactics-we-know-what-hackers-prefer/"},"articleSection":"phishing-protection","keywords":"","wordCount":437,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/images/2019/11/spf-permerror-8877.jpg","caption":"Phishing Tactics","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}
```