How have phishing attacks evolved in 2023?

9th October 2023BlogRob Batters

Are you ready to get in touch?

Request a Call back

Learn the top phishing threat trends in email security

Phishing attacks have evolved into sophisticated and pervasive threats that can bypass traditional security measures.

As a cyber security leader committed to protecting your organisation, it is crucial to stay informed about the latest phishing threat trends. Here is the link to the Egress Phishing Threat Trends Report 2023.

Download the Phishing Threat Trends Report 2023

Key phishing threat stats for 2023

The report highlights:

72% of organisations are concerned about chatbots enabling more convincing phishing attacks that trick users through automated conversations.

55% of phishing emails now use obfuscation techniques like HTML encoding and text randomisation to disguise malicious content and bypass email security systems.

71% of phishing emails generated by AI manage to get through and evade detection. AI can effectively mimic writing styles and patterns.

The use of compromised accounts is increasing. The report found an 11% rise in phishing attacks originating from compromised email and social media accounts.

Alarmingly, 48% of attacks missed by Microsoft came from compromised accounts that appeared legitimate.

 

Phishing Threat Trend Report

The evolution of phishing attacks

Chatbot use in phishing attacks:
Phishing attacks have taken advantage of the widespread adoption of chatbots in various industries. These automated conversational agents have become a popular platform for cybercriminals to launch their deceptive campaigns. Organisations must recognise the potential risks associated with chatbots and implement robust security measures to mitigate these risks. Educating employees about the dangers of interacting with suspicious chatbot messages and implementing stringent authentication protocols can help prevent successful phishing attacks.

Obfuscation techniques in phishing emails:
Obfuscation involves the deliberate manipulation of email content, making it challenging for traditional perimeter detection systems to identify malicious intent.

Cybercriminals use techniques such as HTML encoding, randomising text, and embedding malicious links within seemingly innocuous content to trick users into divulging sensitive information. To counter these techniques, organisations need to invest in advanced email security solutions that employ machine-learning algorithms to detect and block obfuscated phishing emails.

AI-generated phishing attacks:
As AI technology continues to advance, cybercriminals have started leveraging its capabilities to create sophisticated and convincing phishing attacks. The Phishing Threat Trends Report highlights that 71% of AI-generated email attacks go undetected, making them a significant concern for organisations.

AI-powered phishing attacks can mimic the writing style, tone, and even email habits of legitimate users, making them incredibly challenging to identify. Organisations must deploy advanced AI-driven email security solutions capable of detecting and neutralising these AI-generated phishing attacks effectively.

The rise of compromised accounts:
Another concerning trend identified in the report is the increase in phishing attacks sent from compromised accounts. Research shows that there has been an 11% increase in phishing attacks originating from compromised accounts in 2023. Shockingly, 48% of the phishing attacks that Microsoft’s detection missed were sent from compromised accounts.

The use of compromised accounts adds an additional layer of complexity to phishing attacks, as they appear legitimate and bypass traditional perimeter detection systems. Organisations must prioritise the implementation of multi-factor authentication, robust password policies, and regular security awareness training to mitigate the risks associated with compromised accounts.

Graymail and its impact on cyber security:
Graymail, categorised as bulk but solicited emails such as notifications, updates, and promotional messages, poses a unique challenge to email security. On average, one-third (34%) of mail flow consists of graymail, making it an attractive target for cybercriminals seeking to disguise phishing emails within busy mailboxes.

Impersonation attacks mimicking graymail messages, such as SharePoint and social media notifications, have seen a significant increase in recent years. These attacks prey on users’ trust in legitimate notifications, increasing the likelihood of successful phishing attempts. Organisations must implement robust email filtering solutions capable of detecting and blocking these impersonation attacks effectively.

Security recommendations for enhancing email security

Based on the findings of the Phishing Threat Trends Report, it is clear that organisations need to take proactive steps to enhance their email security defences. Here are some key recommendations:

Invest in advanced email security solutions:
Traditional perimeter-based email security solutions are no longer sufficient to combat evolving phishing attacks. Organisations must invest in advanced solutions that leverage technologies such as machine learning, AI, and behavioural analysis to detect and block sophisticated phishing emails.

Implement multi-factor authentication:
Compromised accounts pose a significant risk to organisations. Implementing multi-factor authentication adds an extra layer of security, making it harder for attackers to gain unauthorised access to user accounts.

Educate employees:
Human error remains one of the leading causes of successful phishing attacks. Regular security awareness training programs can help employees recognise and report phishing attempts, reducing the risk of falling victim to such attacks.

Stay informed:
Phishing threats are continuously evolving. Staying informed about the latest trends, techniques, and attack vectors is crucial for organisations to adapt their security strategies accordingly. Regularly reviewing industry reports and engaging with trusted cyber security partners can provide valuable insights.

To access the full report and gain a more comprehensive understanding of the latest phishing threat trends, download the report from the link below:

Phishing Threat Trends PDF

Contact Northdoor today to learn more about our industry-leading cyber security solutions and how we can help safeguard your organisation’s sensitive data and reputation.

Interested in finding out more about email security solutions?

Request a demo or contact sales on: 0207 448 8500

Request a demo

Our Awards & Accreditations