An increase in the number of malicious emails being sent is resulting in more phishing attacks reaching inboxes. New data clarifies the factors that determine their malicious nature and identifies the most prevalent types of attacks. According to Vipre Security’s Q3 Email Threat Trends Report 2023, of approximately 2 billion emails scanned, 233.9 million of them – or about 11.6% – were malicious. That equates to about 1 out of every 8 emails.

Social engineering attacks have a very long history, though the Internet has made it easier to launch these attacks en masse, according to Sean McNee at DomainTools. McNee points to an advance-fee scam from 1924, in which a crook sent a letter pretending to be trapped in a Spanish debtors prison. The sender requested that the recipient send a check for $36,000 to pay off his debt. After the sender is freed, he promises to pay the recipient back, with an extra $12,000 for the trouble.

As the digital landscape continues to evolve, so do the tactics of cybercriminals. The Hoxhunt Challenge, a comprehensive study conducted across 38 organizations spanning nine industries and 125 countries, has uncovered a disconcerting trend in the world of QR code phishing attacks. The report reveals a startling 22% increase in the use of QR codes as a means to deliver malicious payloads in phishing attacks during the early weeks of October 2023.

October 18, 2023, the Cybersecurity Infrastructure and Security Agency (CISA), the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released a joint guide, Phishing Guidance: Stopping the Attack Cycle at Phase One.

Researchers at Fortra are tracking “Strox,” one of the most popular phishing operations of the past two years. Users of Strox phishing kits can easily create phishing campaigns by simply submitting a logo for the brand they want to impersonate. “Currently, twelve phishing kits are sold on Strox for $90 USD each.

A new report from Vade Secure has found that phishing attacks rose by 173% in the third quarter of 2023, while malware threats have increased by 110%. “While hackers were busy throughout Q3, they were most active in August, sending more than 207.3 million phishing emails, nearly double the amount from July,” the researchers write.

Cybercriminals never take a day off, and nor should your email protection. The online threat landscape is constantly evolving, and our Threat Intelligence team has unearthed some incredibly sophisticated threats over the last 10 months. To help equip you in the fight against phishing attacks, such as business email compromise, we published the Phishing Threat Trends Report, which outlines and explains the most common threats we’ve seen so far in 2023.

Phishing tests are the catalyst to achieve a sustainable security culture within your organization. They are actually the start of a virtuous cycle that helps you move up to the highest maturity level. The cycle initiates with Awareness. Phishing tests offer a real-time view into your employees' understanding of phishing threats. They expose your workforce to simulated phishing attempts, making the threat real to them. The immediate feedback from these tests highlights areas for improvement.

A threat actor dubbed “Void Rabisu” used social engineering to target attendees of the Women Political Leaders (WPL) Summit that was held in Brussels from June 7 to 8, 2023, Trend Micro has found. “Since many current and future political leaders had attended this conference, it presented an interesting target for espionage campaigns and served as a possible avenue for threat actors to gain an initial foothold in political organizations,” Trend Micro says.

The Wall Street Journal recently published an article about using highly-emotionally charged, “controversial”, subjects in simulated phishing tests. Controversial topic examples include fake pay raises, reward gift cards, and free Taylor Swift tickets. The younger half of our team is convinced the latter topic would have completely tricked them.