Phishing remains one of the most popular and effective tactics in the cyber criminal toolkit, largely due to its simplicity and success rate. Despite advancements in technology and security measures, phishing attacks have continued to grow in both volume and sophistication. Recent research indicates a 58% rise in phishing attacks over the past year alone, highlighting how serious this threat has become for businesses of all sizes.
But why exactly is phishing so effective? The answer lies not just in the technical aspects of these attacks, but in their ability to exploit human behaviour. Unlike software or hardware, people cannot be fully “secured.” Our natural instincts—whether it’s curiosity, urgency, or fear—can make us vulnerable to manipulation. It only takes one person, in one moment of poor judgment, to fall for a phishing scam, potentially opening the door to significant breaches, data theft, or financial loss for the entire organisation.
While classic email-based phishing remains a staple, modern phishing attacks have diversified. Attackers are not just sending emails anymore; they’ve moved into newer channels, including SMS (Smishing) and phone calls (Vishing). Vishing is particularly effective because it involves direct voice communication, which often gives the victim a false sense of trust. It plays on the assumption that speaking to a person over the phone is more legitimate than interacting with an email or a text message. In the last year alone, Vishing incidents have risen by 30%, resulting in nearly $40 billion in losses globally.
However, the most significant development in phishing tactics has been driven by AI. The rise of AI-powered tools like ChatGPT has made it easier than ever for attackers to generate highly convincing phishing messages. These tools can craft personalised, realistic phishing emails at scale, responding to user interactions dynamically. This advancement has fuelled a 1,265% increase in phishing emails since the release of ChatGPT in 2022, creating a daunting challenge for businesses trying to keep up.
The battle against phishing may feel like an uphill struggle, but there are several steps both individuals and businesses can take to protect themselves. From straightforward actions to comprehensive security measures, every effort counts.
For individuals, a simple but effective first step is limiting the visibility of social media profiles. Social platforms are often goldmines for cyber criminals seeking personal information to tailor phishing attacks. Another critical measure is using strong, unique passwords for every account, regularly rotating them, especially if you’ve been a victim of a data breach before.
For businesses, the two most important components of phishing protection are awareness and digital risk protection. Using Human Risk Management services to educate employees about phishing tactics, common red flags, and how to respond when faced with a suspicious message can drastically reduce the chances of an attack succeeding. Many phishing attempts succeed simply because employees are not aware of what to look for.
On a broader scale, implementing a Digital Risk Protection (DRP) service can give businesses valuable insights into their digital footprint from an attacker’s perspective. DRP solutions can monitor external threats, gather threat intelligence on the latest phishing tactics, and provide early warnings, allowing businesses to strengthen their defences proactively.
Phishing is a persistent and evolving threat that continues to target the weakest link in the security chain: people. As attackers leverage more advanced techniques and AI-powered tools, it’s crucial for both individuals and businesses to stay vigilant. By promoting awareness, maintaining strong security practices, and investing in digital risk protection, businesses can significantly reduce the risks posed by phishing attacks, keeping their data and operations safe.
Matthew Johnson is a Threat Intelligence Analyst at NormCyber, specialising in identifying and mitigating cyber threats for businesses across various industries.
