One notable trend highlighted in the report is the proliferation of QR code payloads in phishing emails. While QR code payloads were relatively rare in previous years, they have seen a significant increase, accounting for 12.4% of attacks in 2023 and remaining at 10.8% in 2024. This shift underscores the adaptability of cybercriminals and their ability to leverage emerging technologies to perpetrate attacks.
In addition to QR code payloads, social engineering tactics have also become increasingly prevalent in phishing attacks. These tactics, which involve manipulating individuals into divulging sensitive information, now represent 19% of phishing attacks.
Moreover, phishing emails have become over three times longer since 2021, likely due to the use of generative AI to craft more convincing messages.
Multi-channel attacks have also emerged as a prominent threat, with platforms like Microsoft Teams and Slack being utilized as the second step in these attacks. Microsoft Teams, in particular, has experienced a significant increase in usage, with a 104.4% rise in 2024 compared to the previous year. This trend highlights the importance of securing not just email communications but also other communication channels within organizations.
Another concerning development is the use of deepfakes in phishing attacks. These AI-generated audio and video manipulations have become increasingly sophisticated and are being used to deceive victims into disclosing sensitive information. The report predicts that the use of deepfakes in cyberattacks will continue to rise in the coming years, posing a significant challenge for defenders.
Despite advancements in email security, many phishing attacks still successfully bypass Secure Email Gateways (SEGs). Obfuscation techniques, such as hijacking legitimate hyperlinks and masking phishing URLs within image attachments, are commonly used to evade detection. This highlights the need for organizations to implement robust security measures beyond traditional email filtering solutions.
Furthermore, the report identifies millennials as the top targets for phishing attacks, receiving 37.5% of phishing emails. Industries such as finance, legal, and healthcare are among the most targeted, with individuals in accounting and finance roles receiving the highest volume of phishing emails.
As cybercriminals continue to innovate and adapt their tactics, organizations must remain vigilant and proactive in their approach to cybersecurity.
This includes implementing comprehensive security awareness training programs, leveraging advanced threat detection technologies, and regularly updating security policies and procedures.
The Egress Phishing Threat Trends Report provides valuable insights into the evolving nature of phishing attacks and underscores the importance of a multi-layered approach to cybersecurity in today's threat landscape. By staying informed and proactive, organizations can better protect themselves against the growing threat of phishing attacks.
