Cyber-thieves are sticking to email as their preferred way to trick victims into falling for scams, suggests a report.
The online crime groups were shunning mobiles and newer technologies in favour of phishing campaigns, said the report from Verizon.
The annual analysis catalogues more than 100,000 security incidents that hit thousands of companies in 2015.
Almost 90% of the incidents involved attempts to steal cash, it said.
The gangs were sticking to booby-trapped emails because they were proving increasingly effective, said Marc Spitler, lead author on the report.
And, so far, there was little evidence novel technologies involving net-connected gadgets or smartphones were becoming a popular attack route.
About 30% of phishing emails had been opened by people in targeted organisations in 2015, said the report, up from 23% in 2014.
And, of the scam emails opened, about 13% had been able to launch malware because staff had run the attachments they had carried.
This meant, said Mr Spitler, it often took just minutes for criminals to compromise the network of a targeted company.
“If an attack works, then it works very quickly,” he said.
“The phishing email typically leads to the installation of malware or the compromise of a user’s PC by some sort of malicious code that can establish control or persistence on a network,” said Mr Spitler.
Unfortunately, he added, although companies fell victim quickly, they could take far longer to notice they had been breached.
Statistics gathered for the Verizon report suggest 84% of the organisations questioned took weeks to spot that criminals had won access to internal systems.