Analysis of phishing emails in the second quarter of this year paints a picture of what security teams and vigilant recipients should expect from modern phishing attacks.
In the 2024 Phishing Threat Trends report from Egress (a KnowBe4 company), we learn that phishing attacks have increased by 28% over a single quarter this year. So, this remains a key focus for security teams.
But we also get an update of what kinds of specific techniques are being used in phishing emails, laying out a roadmap for what security solutions and users should be watching out for:
- 44% of phishing emails were sent from a compromised account – remember, this likely means that the compromised account, too, was phished in a credential harvesting scam, only compounding the phishing problem
- Payloads vary – 45% of phishing emails contain a hyperlink-based payload, while 23% include malicious attachments, and 20% rely solely on social engineering
- In impersonation attacks, 36% of them used links, 45% used attachments, and 15% used social engineering only
- And the biggest red flag for me is the fact that employees only accurately report phishing emails 29% of the time
Threat actors continue to use a wide range of methods to trick users into engaging. But the one thread throughout is the use of social engineering, whether it’s impersonating someone the victim knows or using a compromised account. These are all methods to establish credibility to get the victim recipient to click, open, or respond to a phishing email, something we teach in our new-school security awareness training.
Phishing looks like it’s not going anywhere, so empowering your employees to stop attacks instead of aiding them can significantly reduce the risk of successful cyber attacks.
KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.