Recent Trends in Phishing Attacks

Phishing has been a continuous and increasing burden on individuals and companies for years. As the amount of Phishing messages has increased, the number of automated tools to aid attackers develop new Phishing trends and campaigns has also increased.

The development of AI has also added another tool to the arsenal for Phishing attacks.

Phishing has expanded into almost all forms of messaging and platforms with some examples including:

Phishing, email messages
Vishing, voice calls
Smishing, SMS messages
Quishing, QR Code messages
Spear Phishing, messages targeting specific individuals
Whaling, messages targeting company owners or senior executives
Social Media messages, Linkedin, Instagram, Facebook and other platforms
Messaging Apps, Whatsapp, Signal, Telegram, and many other messaging apps
Comment Sections, impersonating individuals, or leaving links within comment sections

Attitudes Towards Security

A common trend in attitudes to security, determined by surveys conducted across Europe from the Proofpoint State of the Phish 2024 report, is that many users knowingly take risky actions, but do so because it is often quicker and easier, especially when they are facing their own deadlines, this acts as a further incentive to ignore any security principles which may be in place.

Additionally, around half of employees are unsure if security is actually their responsibility, and are unsure whether they participate at all in the process, or if it is all managed by IT and other departments.

One of the biggest incentives that has been identified to improve security is to make the process more streamlined and easier for employees to follow.

Security training is also identified as one of the key areas that is often lacking and leads to security issues, with only around 20-30% of companies covering some of the core concepts of security, such as Password Security, Social Engineering, and Internet Security best practices.

Clone Phishing Techniques

Clone Phishing has been increasing over the years as it often has a higher success rate than other Phishing methods.

Clone Phishing involves an almost exact duplication of a legitimate email that you may receive from a company such as Microsoft.

However, the links with the email will likely be altered to an attacker-controlled location. The language of the email may also be altered slightly to add more urgency to its request.

This can be done by stating that you must act urgently to follow the provided links, reset credentials, or follow another request that aims to compromise your accounts or devices.

Impersonating Microsoft is one of the most common forms of attack with Clone Phishing, with around 68 million messages sent out which are associated with the Microsoft brand and its products, according to the 2024 State of the Phish report by ProofPoint.

Linkedin Phishing Campaigns

LinkedIn accounts are also a common target for attackers aiming to conduct Phishing attacks.

As LinkedIn can list employees of a company as well as their role within the company, attackers can automatically collect lists of individuals to target for attack, based on role, department, or region.

Often new employees will announce their new role within a company, and this is also utilized by attackers. As new starters may not be familiar with processes, and procedures or have undergone security training, they present an opportunity for attackers to target them for Phishing.

This type of attack can often involve impersonating an authority figure within the company, which can add increased pressure on a new starter who is aiming to make a good first impression and quickly respond to tasks or requests that their senior may ask of them.

Developments In Phishing Using AI

As AI has developed, it has quickly become a useful tool for many businesses, but has also become a tool for many Phishing attacks.

AI and Large Language Models (LLM) have the amazing ability to quickly write paragraphs, emails, letters, or entire essays in different languages, tones, and with varying content and instructions.

This tool can then be used to create convincing emails which target a broad range of audiences, working in different countries and different industries.

Phishing is often a numbers game, and given a large number of emails sent out, a percentage is likely to be responded to, and a percentage of this is likely to result in compromise.

Therefore, the larger the target audience can be the more effective the Phishing campaign will ultimately become.

AI can greatly increase the number of emails that can be targeted, with messages more tailored to individual requirements, which can in turn increase the success rate of these attacks.

MFA Bypass Frameworks Used In Phishing

An increasingly common attack strategy is to use MFA-Bypass frameworks to compromise user accounts. As MFA has become more prevalent, attackers have pivoted their attack strategies to account for these increases in account security measures.

An MFA bypass aims to follow a standard account compromise technique, which involves prompting a user for login information:

When you receive a Phishing email with a link to follow, you will receive a prompt to enter your credentials.
The link you followed isn’t actually the legitimate site but does have the same appearance as the legitimate site, as it will have been copied by the attacker.
As you enter your credentials the attacker will make a copy of what they are, but will also send your entered credentials, to the legitimate login portal.
The legitimate login portal will then prompt the attacker for an MFA code, which will typically be sent to your email address, texted, or generated on your phone.
As you enter your credentials into the attackers, login portal, they will also prompt you for an MFA code, and so when you receive your code, this can be entered into the attackers, login portal.
The attacker will then copy, this code, and also send it on to the legitimate login portal, to successfully authenticate.

The entire process of copying and forwarding login information is all automated by tools that are already developed and available online for anyone to use.

As MFA codes are typically valid for 30-60 seconds, and the entire process is automated, it provides an easy opportunity for attackers to compromise accounts even when MFA is enabled.

Phishing with TOAD Attacks

Millions of Phishing attempts are made each month, using a combination of preliminary phone calls to establish the purpose of a follow-up email, known as Telephone-Oriented Attack Delivery (TOAD).

This initial call is often conducted as a pretext to establish the reason for a follow-up email, which then requests further information or contains a Phishing link within the email.

The calls can often take on the facade of a coworker, authority figure, or someone else within the organization or working for the company, to add pressure on the victim to respond to the email.

Ongoing Phishing Protection

With millions of Phishing attacks conducted every day, the prevalence of this type of attack shows no signs of slowing down. The number of Phishing attacks has actually increased by around 150% since 2019, according to reports from APWG.

Although there are a number of technologies available to monitor inbound emails and to identify potential Phishing emails, as Phishing techniques continue to develop there is no guarantee that these tools will be able to detect and block 100% of all phishing emails which are received.

One of the most impactful security strategies that companies can implement is to ensure regular and effective security training measures are put in place, covering a range of topics and also technical security measures, as highlighted within the following guide.

This can highlight the importance of each user’s role in the ongoing security of a company and help employees to understand both the core concepts of cybersecurity and also the current trends in cybersecurity attacks that target your industry.

Author Profile

Christy Bella: Blogger by Passion | Contributor to many Business Blogs in the United Kingdom | Fascinated to Write Blogs in Business & Startup Niches |