Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    New Research: Phishing Remains the Most Popular Technique for Bad Actors

    Stu Sjouwerman | Oct 12, 2023

    contact form phishingA report from Trustwave notes that phishing remains one of the most popular and effective techniques for attackers to gain access to organizations.

    “Trustwave SpiderLabs consistently finds that phishing is one of the most effective methods attackers use to gain an initial foothold in financial services organizations,” the researchers write.

    “However, this method is highly dependent on the quality of the lure, the writing style, and the contextual and grammatical clues given in the phishing email. These issues have often been the weakness of phishing attacks, particularly as security awareness training has continually taught personnel what to look for.”

    The researchers note that generative AI tools and large language models (LLMs) are allowing cybercriminals to easily craft convincing social engineering attacks. While legitimate AI tools like ChatGPT attempt to curb malicious use, criminals have created their own versions of these tools designed to create phishing lures and malware.

    “The quick maturity and expanded use of LLM technology makes the crafting of phishing emails even easier, more compelling, highly personalized, and harder to detect. Our team regularly encounters and analyzes phishing emails with malicious attachments or links against our financial services clients. We see that as LLM technology progresses, creating these compelling phishing emails will likely be made easier and effective as an attack vector. We’re also seeing an increase in deepfakes as a result of more sophisticated technology.”

    Trustwave adds that HTML attachments are the most common malicious attachments delivered via phishing emails, and most of these emails attempt to convey a sense of urgency.

    “Our team noted the most common themes of the emails containing these malicious attachments are related to voicemail notifications, payment receipts, purchase orders, remittances, bank deposits, and quotation requests,” the researchers write.

    “We have also observed that 24% of the emails with malicious attachments attempted to spoof American Express. DHL is next at 21% and Microsoft in third with 15%.”

    KnowBe4 enables your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

    Trustwave has the story.

    Topics: Social Engineering Phishing Security Awareness Training Security Culture

    Discover Your Organization’s Phish-prone™ Percentage

    Ninety-one percent of data breaches begin with spear phishing. Launch our Free Phishing Security Test for up to 100 users to uncover your team's vulnerability and see how your security posture stacks up against industry benchmarks.

    Get Your Free Phishing Security Test

    Secure the Digital Workforce: Human + AI

    KnowBe4 empowers the modern workforce to make smarter security decisions every day. Trusted by more than 70,000 organizations worldwide, KnowBe4 is the pioneer of digital workforce security, securing both AI agents and humans. The KnowBe4 Platform provides attack simulation and training, collaboration security, and agent security powered by AIDA (Artificial Intelligence Defense Agents) and a proprietary Risk Score. The platform leverages 15 years of behavioral data to combat advanced threats including social engineering, prompt injection, and shadow AI. By securing humans and agents, KnowBe4 leads the industry in workforce trust and defense.

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the Founder and Executive Chairman of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog

    Posts By Topic

    View All