Right? What’a the other 50% MFA attacks? I work in IT and in business and really the only type of phishing we see is looking for credential/MFA. Occasionally we see people phishing for credit cards but usually it’s a user who use their work email for personal use. Personal phishing attacks are much more likely to try and get Cc numbers.