Phishing attacks are incredibly effective at stealing useful credentials from users. Researchers from Google, the University of California, Berkely and the International Computer Science institute looked at billions of stolen credentials to understand how they were taken. The researchers suggest that the most productive credential safety efforts would be those that target phishing attacks. The authors suggest a move to some sort of multi-factor authentication, though they admit that there are advanved methods for spoofing many of those. An educated user is the most important defense mechanism is an educated user.”]
Source: https://www.darkreading.com/abtv/new-research-phishing-is-worse-than-you-thought/a/d-id/738125