In today’s digital landscape, cybercrime continues to pose a significant threat to organisations. Phishing attacks, in particular, have evolved into sophisticated and pervasive threats that can bypass traditional security measures.
As a cyber security leader committed to protecting your organisation, it is crucial to stay informed about the latest phishing threat trends. In this article, we delve into the key findings of the Phishing Threat Trends Report 2023, a comprehensive analysis conducted by Egress, a trusted source in the cyber security industry.
Key phishing threat stats for 2023
The report highlights:
72% of organisations are concerned about chatbots enabling more convincing phishing attacks that trick users through automated conversations.
55% of phishing emails now use obfuscation techniques like HTML encoding and text randomisation to disguise malicious content and bypass email security systems.
71% of phishing emails generated by AI manage to get through and evade detection, according to the report. AI can effectively mimic writing styles and patterns.
The use of compromised accounts is increasing. The report found an 11% rise in phishing attacks originating from compromised email and social media accounts.
Alarmingly, 48% of attacks missed by Microsoft came from compromised accounts that appeared legitimate.
The evolution of phishing attacks
Chatbot use in phishing attacks
Phishing attacks have taken advantage of the widespread adoption of chatbots in various industries. These automated conversational agents have become a popular platform for cybercriminals to launch their deceptive campaigns. Organisations must recognise the potential risks associated with chatbots and implement robust security measures to mitigate these risks. Educating employees about the dangers of interacting with suspicious chatbot messages and implementing stringent authentication protocols can help prevent successful phishing attacks.
Obfuscation techniques in phishing emails
Obfuscation involves the deliberate manipulation of email content, making it challenging for traditional perimeter detection systems to identify malicious intent.
Cybercriminals use techniques such as HTML encoding, randomising text, and embedding malicious links within seemingly innocuous content to trick users into divulging sensitive information. To counter these techniques, organisations need to invest in advanced email security solutions that employ machine-learning algorithms to detect and block obfuscated phishing emails.
AI-generated phishing attacks
As AI technology continues to advance, cybercriminals have started leveraging its capabilities to create sophisticated and convincing phishing attacks. The Phishing Threat Trends Report highlights that 71% of AI-generated email attacks go undetected, making them a significant concern for organisations.
AI-powered phishing attacks can mimic the writing style, tone, and even email habits of legitimate users, making them incredibly challenging to identify. Organisations must deploy advanced AI-driven email security solutions capable of detecting and neutralising these AI-generated phishing attacks effectively.
The rise of compromised accounts
Another concerning trend identified in the report is the increase in phishing attacks sent from compromised accounts. Research shows that there has been an 11% increase in phishing attacks originating from compromised accounts in 2023. Shockingly, 48% of the phishing attacks that Microsoft’s detection missed were sent from compromised accounts.
The use of compromised accounts adds an additional layer of complexity to phishing attacks, as they appear legitimate and bypass traditional perimeter detection systems. Organisations must prioritise the implementation of multi-factor authentication, robust password policies, and regular security awareness training to mitigate the risks associated with compromised accounts.
Graymail and its impact on cyber security
Graymail, categorised as bulk but solicited emails such as notifications, updates, and promotional messages, poses a unique challenge to email security. On average, one-third (34%) of mail flow consists of graymail, making it an attractive target for cybercriminals seeking to disguise phishing emails within busy mailboxes.
Impersonation attacks mimicking graymail messages, such as SharePoint and social media notifications, have seen a significant increase in recent years. These attacks prey on users’ trust in legitimate notifications, increasing the likelihood of successful phishing attempts. Organisations must implement robust email filtering solutions capable of detecting and blocking these impersonation attacks effectively.
Security recommendations for enhancing email security
Based on the findings of the Phishing Threat Trends Report, it is clear that organisations need to take proactive steps to enhance their email security defences. Here are some key recommendations:
Invest in advanced email security solutions:
Traditional perimeter-based email security solutions are no longer sufficient to combat evolving phishing attacks. Organisations must invest in advanced solutions that leverage technologies such as machine learning, AI, and behavioural analysis to detect and block sophisticated phishing emails.
Implement multi-factor authentication:
Compromised accounts pose a significant risk to organisations. Implementing multi-factor authentication adds an extra layer of security, making it harder for attackers to gain unauthorised access to user accounts.
Human error remains one of the leading causes of successful phishing attacks. Regular security awareness training programs can help employees recognise and report phishing attempts, reducing the risk of falling victim to such attacks.
Phishing threats are continuously evolving. Staying informed about the latest trends, techniques, and attack vectors is crucial for organisations to adapt their security strategies accordingly. Regularly reviewing industry reports and engaging with trusted cyber security partners can provide valuable insights.
To access the full report and gain a more comprehensive understanding of the latest phishing threat trends, download the report from the link below:
Contact Northdoor today to learn more about our industry-leading cyber security solutions and how we can help safeguard your organisation’s sensitive data and reputation.
Latest Blog Articles
The rising threat of supply chain vulnerabilities
Discover the impact of growing supply chain threats on organizations. Explore recent high-profile hacks and the need to be proactive.
Strengthening DORA Compliance with IBM Solutions
Discover how IBM’s Solutions empower organisations to achieve DORA compliance effortlessly. Find out about the DORA Assessment workshop.
8 steps to achieve cyber security compliance
Master cyber security compliance in eight crucial steps to put your organisation on the right path with Northdoor.
Subscribe to our newsletter
Subscribe to our newsletter to get the very latest insights and updates in the world of enterprise IT and data security: