There is actually a variety of them. You have listed quite a few. The core is that we see a considerable number of phishing e-mails; we see malicious software on the clients' computer—that is one I would highlight as highly problematic—and we see clients providing their information to third parties and then see disclosures happening there. But I think each of these ebbs and flows.
If you were to ask me about phishing, I would tell you that the number of phishing incidents over the years has increased, but the number of clients who actually fall victim to them has declined over the years. When I first started doing this, I did a rough calculation which said that for every phish that went out, I would see 40 clients provide their information. Now I see one to about half a client, on average, who provides information to those sources.
You held up your mobile device. This is one of the challenges. People with a large screen can see the visual aspects that are saying something is wrong with this, but when you shrink it down to a mobile device, it becomes significantly more difficult to pick out those cues that might tell you that something is actually wrong with it.