Phishing continues to be one of the primary methods of attacks used by cyber criminals. Proofpoint’s latest “State of the Phish” report found that 84% of organizations around the world experienced at least one successful phishing attack in 2022. More than half (54%) of organizations reported facing three or more of these attacks.
Since phishing remains a relatively cost-free method of attack, threat actors continue to evolve their methods by inventing new techniques to bypass security controls. Some evolving phishing tactics include multi-factor authentication (MFA) phishing, telephone-oriented attack delivery (aka callback phishing), and generative AI (chatbot) phishing. Regarding generative AI, threat actors could use an AI-powered chatbots to improve the credibility and the quality of their phishing emails. Furthermore, since people are the primary target of these evolving phishing attacks, organizations should ensure their employees understand the threat landscape by conducting regular security awareness training. Proofpoint has compiled a quick tip list of Do’s and don’ts for employees to detect and avoid phishing emails.
Do:
- Report anything suspicious
- Validate the sender’s email address
- Beware of urgent language
- Confirm the request via another channel
- Open a new window to access the official website
Don’t:
- Be so quick to reply
- Trust the display name
- Give up personal or company information
- Click on unexpected URLs or attachments
- Believe everything you see