Understanding the surge in impersonation phishing
The 2024 Egress Phishing Threat Trends Report highlights phishing as a primary tactic for cybercriminals to infiltrate organisations. Commodity attacks, advanced persistent threats (APTs), and impersonation scams are growing rapidly, posing severe risks to data security.
Phishing attacks are evolving, with cybercriminals using AI-powered toolkits to bypass Microsoft and Secure Email Gateway (SEG) defences. The sheer volume of commodity phishing attacks is straining security teams, who struggle to keep pace.
Leading impersonation phishing attack tactics
Impersonation scams are now the most common phishing technique. Cybercriminals target employees as they perceive them as vulnerable entry points to company networks. By impersonating trusted brands or individuals, attackers are creating deceptive and effective phishing campaigns.
A surge in phishing emails: key statistics
In early 2024, phishing activity spiked significantly. Here’s a closer look at the numbers:
- From April to June 2024, phishing emails increased by 28% compared to the first three months of the year.
- 44% of phishing emails were sent from compromised accounts, allowing attackers to bypass many security protocols.
- 8% of phishing emails originated from within the supply chain, a trend that’s increasingly used to evade detection.
- Attackers often leverage legitimate platforms like Microsoft, Mailchimp, and Salesforce to make phishing attempts appear credible.
Even with training, only 29% of employees correctly identified phishing emails. The result? Employees are increasingly at risk, and so are the organisations that rely on them to spot malicious communications.
Phishing toolkits: a growing business model
Phishing is no longer just a crime; it’s a business model. Cybercriminals create and sell phishing toolkits on the dark web, which are available for subscription rates ranging from $30 to $600 per month. These toolkits include:
- Templated credential-harvesting attacks
- Brand impersonation tools
- Deliverability guarantees against Microsoft and SEG defences
- Obfuscation techniques
- Polymorphic payloads that constantly adapt to bypass detection
- Generative AI subscriptions that create realistic phishing content
By making these tools accessible to less-skilled attackers, the cybercriminal industry has effectively commoditised phishing.
The rise of commodity phishing attacks: massed produce and dangerous
Commodity attacks may look unsophisticated, but they are highly dangerous. These mass-produced, image-based campaigns impersonate well-known brands at a high volume, making them difficult to detect.
According to the report, a company with 2,000 employees can receive an average of 7,382 phishing emails over a 31-day period—that’s 238 phishing emails per day. This volume creates “white noise,” making it difficult for security teams to detect more targeted and dangerous attacks.
Advanced Persistent Threats: Long-term and highly targeted
Advanced persistent threats (APTs) target specific organisations with sustained, sophisticated campaigns. These attacks aim to exfiltrate data, commit espionage, or extort money. They are often funded by state-backed groups or large criminal organisations, enabling prolonged, multi-step infiltration.
- In 2024, 52.2% of the APTs tracked were zero-day attacks, meaning they used previously unknown vulnerabilities.
- Another 35.4% contained recognised payloads, making them detectable by updated defences.
These attacks often target large organisations, but smaller companies within their supply chain are also at risk.
Impersonation phishing: the most common tactic of 2024
In 2024, impersonation phishing attacks emerged as the most widespread tactic. This form of attack involves mimicking brands or employees, increasing the likelihood that the target will trust the email content. Key findings on impersonation phishing include:
- 26% of phishing emails impersonated unrelated brands, targeting recipients with no existing business relationship.
- 9.7% of emails impersonated phone or video conferencing providers, often with “missed voicemail” messages.
- 5.3% of phishing emails impersonated mail carriers like UPS or DPD with “missed delivery” messages.
- An additional 16% of impersonation attacks posed as internal communications from the employee’s own organisation, with HR being the most impersonated department.
The most commonly used tactics in impersonation phishing were:
- Hyperlink payloads (36.4%)
- Malware attachments (28.9%)
- Fraudulent invoices (16.6%)
- Social engineering prompts (14.9%)
- QR codes (3.3%)
Impersonation attacks rely on familiar brands and internal department names to lower an employee’s guard.
How to defend against impersonation phishing attacks
With impersonation phishing on the rise, AI-based detection is more essential than ever. Advanced tools help detect social engineering language, assess sender domains, and monitor for unusual activity patterns. Defensive tactics should include:
- Natural Language Processing (NLP) and Natural Language Understanding (NLU) to detect suspicious linguistic patterns and context.
- Sender domain and display name analysis to verify email authenticity.
- AI-powered brand behavioural analytics to understand employee email usage patterns and catch unusual activity.
The Northdoor approach to proactive phishing defence
AJ Thompson, Chief Commercial Officer at Northdoor plc, outlines the importance of AI in addressing today’s phishing threats:
“As cybercriminals continue to embrace AI, organisations must adopt equally advanced, AI-driven defences that can automate detection and response across various phishing tactics.
“Working with third-party IT consultants offers companies a holistic security view. These consultants can provide real-time insights into vulnerabilities, enabling swift action before attackers exploit these weaknesses.
“Phishing remains one of the most profitable cybercrimes, and it’s not going away anytime soon. By implementing AI, automation, and threat intelligence solutions, organisations can better predict and prevent future attacks. With the right tools, companies can empower security teams to defend proactively, rather than reactively.”
To find out the latest phishing insights, read the full report.
Click here to download the Phishing Threat Trends Oct 2024 Report