We may think of crime syndicates from Eastern Europe when we think of hacking, or maybe dark rooms of cyber spies in China and Russia, but many of these attacks are actually launched from servers from within your neighborhood. Discussed in our latest report, The Unlikely Origins of Cyber Attacks, cyber assaults take months of planning and require a string of servers, most of them unsuspecting victims.

And when it comes to phishing, by far the biggest threat for companies trying to protect themselves, emails claiming to be from big, recognized brands are the most common bait, Area 1 Security’s report shows.

Bait: Attractive lures (usually consumer brands) that disguise themselves as legitimate emails and are the source of most cybersecurity breaches.

Area 1 researchers analyzed millions of phishing sites in the first part of 2016 and the results prove that companies need to be vigilant in all directions, even from places they trust.

“Focusing on the who and the what of these attacks remains a constant challenge because the attackers keep changing, but it’s much harder to change the attack infrastructure,” Shalabh Mohan, VP of product and marketing for Area 1 Security said. “Watching the infrastructure helps us counter them in the early stages.”

While attackers may actually be hunched over a screen in another country when they pull off their heists, cyber criminals use long, complicated chains of compromised servers, foreign and domestic, to advance their attacks. The computer running a public school’s library, or your best customer’s welding shop can unwittingly end up as the source of an operation to steal your intellectual property or financial information.

Fortunately, companies don’t have to be blind. Even the best hacker leaves bread crumbs about their true location, and web traffic can signal a cyber assault before it happens. Area 1 makes a business of watching attackers, deploying sensors, crawling the web, and tracking the earliest bits traveling between targets and cyber criminals.

The report also highlights more granular details from phishing attacks, showing the servers most likely to be used and the biggest target cities.

Download the full report here.

Read the article by Robert Hackett of Fortune summarizing the report here.