New Research: Phishing Remains the Most Popular Technique for Bad Actors

contact form phishingA report from Trustwave notes that phishing remains one of the most popular and effective techniques for attackers to gain access to organizations.

“Trustwave SpiderLabs consistently finds that phishing is one of the most effective methods attackers use to gain an initial foothold in financial services organizations,” the researchers write.

“However, this method is highly dependent on the quality of the lure, the writing style, and the contextual and grammatical clues given in the phishing email. These issues have often been the weakness of phishing attacks, particularly as security awareness training has continually taught personnel what to look for.”

The researchers note that generative AI tools and large language models (LLMs) are allowing cybercriminals to easily craft convincing social engineering attacks. While legitimate AI tools like ChatGPT attempt to curb malicious use, criminals have created their own versions of these tools designed to create phishing lures and malware.

“The quick maturity and expanded use of LLM technology makes the crafting of phishing emails even easier, more compelling, highly personalized, and harder to detect. Our team regularly encounters and analyzes phishing emails with malicious attachments or links against our financial services clients. We see that as LLM technology progresses, creating these compelling phishing emails will likely be made easier and effective as an attack vector. We’re also seeing an increase in deepfakes as a result of more sophisticated technology.”

Trustwave adds that HTML attachments are the most common malicious attachments delivered via phishing emails, and most of these emails attempt to convey a sense of urgency.

“Our team noted the most common themes of the emails containing these malicious attachments are related to voicemail notifications, payment receipts, purchase orders, remittances, bank deposits, and quotation requests,” the researchers write.

“We have also observed that 24% of the emails with malicious attachments attempted to spoof American Express. DHL is next at 21% and Microsoft in third with 15%.”

KnowBe4 enables your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

Trustwave has the story.

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe To Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews