A new report published by the software company Egress this month, Phishing Threat Trends Report, is a must-read. It outlines the proliferation of phishing toolkits on the dark web (that basically allows any Tom, Dick, and Harry Hacker) to launch successful phishing campaigns, how “commodity phishing attacks are overwhelming security teams,” the anatomy of advanced persistent threats, the most prolific phishing tactic in 2024, and how AI-assisted attacks are becoming more challenging to detect.

Presently, I would like to focus on one piece of the Egress report that is near and dear to me:, the latest phishing tactics. Phishing continues to be one of the most prevalent causes of security incidents and data breaches. There are some fascinating statistics in the report for all of us to process and internalize. First, the “most phished day of the year so far” was June 10th, 2024, and the most common time to receive a phishing email is at 12:37 p.m. This means that we should all be hyper vigilant while we are checking our emails during the lunch hour. Second, there was a 28% increase in phishing emails in the second quarter of 2024 than the first quarter. During that time frame, 44% of phishing emails were sent from already compromised accounts, which allowed threat actors to bypass authentication protocols; 23% of phishing emails included malicious attachments; 20% relied solely on social engineering; and 12% contained a QR code. Oh, those QR codes—please educate yourself and your users on not clicking on QR codes received in an email. We predict QRishing will continue to rise.

The top five words used in phishing attacks are “urgent,” “sign,” “password,” “document,” and “delivery.” This is helpful as well, as users’ antennae can go up at the mention of these words in emails. The most impersonated brands are Adobe, Microsoft, Chase, and Meta. Finally, employees are only “accurately reporting” 29% of phishing emails received.

There’s a lot packed into the Egress report, and it is full of useful information. What I want to focus on here is the most prolific phishing tactic in 2024: impersonation.

According to the report, between January 1st and August 31st, 2024, 26% of phishing emails detected appeared “to be sent from brands that are not connected to the recipient via an established business relationship.” This means we should be wary of any emails we receive from a business with whom we have no relationship. Next, 16% of phishing attacks include phishing emails that impersonate the company the recipient works for. “HR was the most impersonated department in these types of attacks, with cybercriminals taking advantage of employees being quick to click on fake benefit packages or similar bait.” This means we should be wary of emails coming from HR and take measures to authenticate that the email was actually from your HR department. One big clue is whether the banner alerting users that the email is external is present on the email. If an email purports to come from your HR department, but an external alert banner is present, it’s a sure sign that it is a malicious phishing email.

The next most common impersonation is your employer’s IT and Finance departments. This makes sense since these departments often ask people to respond with information or to fill out surveys. The report emphasizes that “two of the most impersonated internal systems were e-signatures and employee feedback surveys, and the Microsoft logo appeared in more impersonation attacks than any other (again tied to system use and credential theft, and hijacking legitimate SharePoint links as an obfuscation technique to get through reputation-based detection).”

Hackers are also singling out those who are new to the organization. Egress found that employees in their initial 2-7 weeks on the job were the most targeted. The phishing emails to this group impersonated VIPs like the CEO, CFO, and chief people officer. This reinforces the importance of implementing phishing training into a company’s new employee orientation and includes statistics like the above to emphasize the threat.

Finally, hackers are impersonating celebrities. Although I would love to get an email from Taylor Swift, I think that if I get one, it’s probably not real. Why on earth do people fall for these? It’s called “authority bias,” where people act more quickly and don’t follow instructions (like the voice in their brain that says, “Really, Taylor Swift is not and would NEVER email me. Perhaps this is a phishing email?”) According to Egress, the four celebrities most frequently impersonated include Jeff Bezos, Elon Musk, Warren Buffet, and Mackenzie Scott. Really, folks, none of those individuals are emailing you either, so don’t fall for it. The Egress report is a great tool to update you on the most recent phishing tactics, and if you are a security professional, is great material to incorporate into your next cybersecurity training for employees.