At The Identity Organisation, we're here to help!

Get in Touch With Us We work closely with our clients to understand their goals and then help them develop their plans in accordance with their core requirements. Our success is our clients success. Get in touch with us to uncover and deliver on opportunities that build lasting value. How to find us The Identity Organisation Ltd
Mercury House
19-21 Chapel Street, Marlow,
Bucks, SL7 2HN Contact Details +44 (0) 1628 308038
info@tidorg.com
Alternatively, fill in our contact form below and one of our consultants will be in touch.

    Or drop us a mail!

    Your privacy is important to us, and we want to communicate with you in a way which has your consent and which is in line with UK Law on data protection. As a result of a change in UK law on 25th May 2018, by providing us with your personal details you consent to us processing your data in line with current GDPR requirements.

    Here is where you can review our Privacy & GDPR Statement

    To remove consent at any time, please e-mail info@tidorg.com with the word "unsubscribe" as the subject.

    +44 (0) 1628 308038 info@tidorg.com

    Most Phishing Emails Rely Purely on Social Engineering

    99% of phishing emails that reached inboxes last year did not contain malware, according to a new report from Fortra.

    Attackers were much more successful using malicious links or purely response-based social engineering.

    Fortra explains, “Anti-malware scanning, sandboxing, and other pre-delivery security processes are increasingly common and make it more difficult for emails containing malware payloads to reach user inboxes. However, these methods are ineffective for detecting social engineering and credential theft attacks, which lack payloads.”

    The researchers also observed an increase in phishing messages that contained personal information about the targeted individual, making the attack much more persuasive.

    “Fortra observed a growing trend of phishing attacks that incorporate personal information about the targeted user,” the report says. “In these attacks, personal information pulled from public sources or leaked data is used to lend credibility to the scam. One example of this tactic is using a victim’s leaked home address from a data breach to include images of their home, sourced from services like Google Street View. This is done to create a sense of fear and make the scam feel more convincing, rather than relying on a generic email.”

    Fortra predicts that attackers will continue to improve these types of personalized phishing attacks, especially as AI tools help streamline the process.

    “The volume of personal information available on open sources and the dark web is immense, with more than 1 billion records breached in 2024 alone,” the researchers write. “Cybercriminal data brokers aggregate and organize stolen data into bulk packages to anyone willing to pay the price. Email addresses are associated with a wide range of stolen information such as government identification numbers, employers, and service providers.

    Fortra expects cybercriminals to use this data to personalize attacks even further, utilizing information about individuals, their families, their co-workers, etc. Cybercriminals who specialize in whaling will use the data to profile high value victims and find weaknesses to exploit. Email threats of all kinds will become more personalized, making them harder to ignore and more convincing.”

    KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

    Fortra has the story.

     

    Free Phishing Security Test

    Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

    Here’s how it works:

    • Immediately start your test for up to 100 users (no need to talk to anyone)
    • Select from 20+ languages and customize the phishing test template based on your environment
    • Choose the landing page your users see after they click
    • Show users which red flags they missed, or a 404 page
    • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
    • See how your organization compares to others in your industry
    Go Phishing Now!

    PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/phishing-security-test-partner?partnerid=001a000001lWEoJAAW

    Sign Up to the TIO Intel Alerts!

    Back To Top