Impersonation is the leading phishing strategy of 2024

A famous software firm, Egress, published its Phishing Threat Trends Report in October 2024, highlighting how impersonation became the most prolific phishing tactic in 2024. In the context of cybersecurity, impersonation is the act of a threat actor pretending to be a trusted individual, organization, or system.

“Domain spoofing is trivially easy without SPF,” says Brad Slavin, CEO of DuoCircle. “Anyone can send email that looks like it comes from your domain. SPF is the first line of defense — it tells receiving servers which IPs are actually authorized to send on your behalf. Without it, you’re an open target.”

According to the FBI’s 2022 Internet Crime Report (IC3), 300,497 US-based victims reported phishing incidents in a single year, and Business Email Compromise (BEC) — a domain-spoofing attack that SPF, DKIM, and DMARC are specifically designed to prevent — caused more than $2.7 billion in direct losses.

By posing as a known and reliable entity, they gain unauthorized access to sensitive information or deceive the victim. Cybercriminals usually masquerade as friends, colleagues, higher authorities of offices, banks, government agencies, etc., to manipulate recipients into sharing login credentials and financial details or downloading malware-infected files. Impersonation undermines trust and can lead to serious security breaches and fraud. 

Let’s see what the Egress report unfolds about the state of impersonation in 2024. 

Highlights of the Phishing Threat Trends Report

• In 2024, the highest number of phishing attacks occurred on June 10th. 

• 12:37 PM was the most common time recipients received phishing emails. 

• There was a 28% increase in phishing emails in the second quarter compared to the first quarter. During the second quarter, 44% of phishing emails were sent from already compromised accounts, which helped them bypass security protocols.  

• 23% of phishing emails were embedded with phishing attachments.

• 20% of phishing emails used social engineering.

• 12% of phishing emails contained a QR code, leading to quishing. 

• The most used words were ‘Urgent,’ ‘Sign,’ ‘Password,’ ‘Document,’ and ‘Delivery. ‘ Be wary of these words in incoming emails; they are red flags, so be cautious while replying, clicking, or downloading anything.

• Adobe, Microsoft, Chase, and Meta were the most impersonated brands. 

• Only 29% of phishing emails were reported correctly by employees.

• Between January 1st and August 31st, 2024, 26% of detected phishing emails seemed to come from brands with which the recipient had no business relationship. So, be careful with unsolicited emails, especially if the sender asks to share personal details, make financial transactions, visit a link, or download something.

• 16% of these phishing emails were sent by impersonating the employees of the company the recipient works for. HR is the most impersonated department. This is because employees are more likely to fall for the bait of better salary packages, approved leaves, incomplete onboarding process, etc. Sometimes, a banner is shown on the top of the email, alerting you of external emails. It’s good to consider its importance and double-check the sender’s details before you proceed with anything.

• The IT and finance team employees are the next most impersonated people. These departments usually send out surveys to fill out so recipients don’t get suspicious. 

• The report highlights that e-signatures and employee feedback surveys were the two most impersonated internal systems, with the Microsoft logo used in more attacks than any other, often to steal credentials or bypass detection by using legitimate SharePoint links.

• New employees in their first 2-7 weeks were the most targeted by phishing emails, often impersonating top executives like the CEO and CFO. This highlights the need for phishing training during new employee orientation, backed by these statistics to show the risk.

In 2024, impersonation remains the leading phishing strategy, driving organizations to strengthen email security with SPF, DKIM, and DMARC protocols to prevent spoofing and protect against fraudulent messages.