At The Identity Organisation, we're here to help!

    Or drop us a mail!

    Your privacy is important to us, and we want to communicate with you in a way which has your consent and which is in line with UK Law on data protection. As a result of a change in UK law on 25th May 2018, by providing us with your personal details you consent to us processing your data in line with current GDPR requirements.

    Here is where you can review our Privacy & GDPR Statement

    To remove consent at any time, please e-mail info@tidorg.com with the word "unsubscribe" as the subject.

    +44 (0) 1628 308038 info@tidorg.com

    4 out of 10 Phishing Emails Are Sent From a Compromised Email Account

    Analysis of phishing emails in the second quarter of this year paints a picture of what security teams and vigilant recipients should expect from modern phishing attacks.

    In the 2024 Phishing Threat Trends report from Egress (a KnowBe4 company), we learn that phishing attacks have increased by 28% over a single quarter this year. So, this remains a key focus for security teams. 

    But we also get an update of what kinds of specific techniques are being used in phishing emails, laying out a roadmap for what security solutions and users should be watching out for:

    • 44% of phishing emails were sent from a compromised account – remember, this likely means that the compromised account, too, was phished in a credential harvesting scam, only compounding the phishing problem
    • Payloads vary – 45% of phishing emails contain a hyperlink-based payload, while 23% include malicious attachments, and 20% rely solely on social engineering
    • In impersonation attacks, 36% of them used links, 45% used attachments, and 15% used social engineering only
    • And the biggest red flag for me is the fact that employees only accurately report phishing emails 29% of the time

    Threat actors continue to use a wide range of methods to trick users into engaging. But the one thread throughout is the use of social engineering, whether it’s impersonating someone the victim knows or using a compromised account. These are all methods to establish credibility to get the victim recipient to click, open, or respond to a phishing email, something we teach in our new-school security awareness training.

    Phishing looks like it’s not going anywhere, so empowering your employees to stop attacks instead of aiding them can significantly reduce the risk of successful cyber attacks.

    KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

    Will your users respond to phishing emails?

    KnowBe4’s Phishing Reply Test (PRT) is a complimentary IT security tool that makes it easy for you to check to see if key users in your organization will reply to a highly targeted phishing attack without clicking on a link. PRT will give you quick insights into how many users will take the bait so you can take action to train your users and better protect your organization from these fraudulent attacks!

    Here’s how it works:

    • Immediately start your test with your choice of three phishing email reply scenarios
    • Spoof a Sender’s name and email address your users know and trust
    • Phishes for user replies and returns the results to you within minutes
    • Get a PDF emailed to you within 24 hours with the percentage of users that replied

    Go Phishing Now!

    PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/phishing-security-test-partner?partnerid=001a000001lWEoJAAW

    Sign Up to the TIO Intel Alerts!

    Back To Top