--- title: "Impersonation is the leading phishing strategy of 2024 | AutoSPF" description: "A famous software firm, Egress, published its Phishing Threat Trends Report in October 2024." image: "https://autospf.com/og/blog/impersonation-is-the-leading-phishing-strategy-of-2024.png" canonical: "https://autospf.com/blog/impersonation-is-the-leading-phishing-strategy-of-2024/" --- Quick Answer A famous software firm, Egress, published its Phishing Threat Trends Report in October 2024, highlighting how impersonation became the most prolific phishing tactic in 2024\. In the context of cybersecurity, impersonation is the act of a threat actor pretending to be a trusted individual, organization, or system. Share [ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fautospf.com%2Fblog%2Fimpersonation-is-the-leading-phishing-strategy-of-2024%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Impersonation%20is%20the%20leading%20phishing%20strategy%20of%202024&url=https%3A%2F%2Fautospf.com%2Fblog%2Fimpersonation-is-the-leading-phishing-strategy-of-2024%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fautospf.com%2Fblog%2Fimpersonation-is-the-leading-phishing-strategy-of-2024%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fautospf.com%2Fblog%2Fimpersonation-is-the-leading-phishing-strategy-of-2024%2F&title=Impersonation%20is%20the%20leading%20phishing%20strategy%20of%202024 "Share on Reddit") [ ](mailto:?subject=Impersonation%20is%20the%20leading%20phishing%20strategy%20of%202024&body=Check out this article: https%3A%2F%2Fautospf.com%2Fblog%2Fimpersonation-is-the-leading-phishing-strategy-of-2024%2F "Share via Email") ![leading phishing strategy](https://media.mailhop.org/autospf/images/2024/10/spf-validator-6.jpg) A famous software firm, Egress, published its [Phishing Threat Trends Report in October 2024](https://www.egress.com/media/kuvpjdjl/egress%5Fphishing%5Fthreat%5Ftrends%5Freport%5Foct%5F2024.pdf), highlighting how impersonation became the most prolific phishing tactic in 2024\. In the context of [cybersecurity](/10-reasons-for-regular-spf-record-checks-in-cybersecurity/), impersonation is the act of a [threat actor](https://thehackernews.com/2024/07/tag-100-new-threat-actor-uses-open.html) pretending to be a trusted individual, organization, or system. > “Domain spoofing is trivially easy without SPF,” says Brad Slavin, General Manager of DuoCircle. “Anyone can send email that looks like it comes from your domain. SPF is the first line of defense - it tells receiving servers which IPs are actually authorized to send on your behalf. Without it, you’re an open target.” _According to the [FBI’s 2022 Internet Crime Report (IC3)](https://www.ic3.gov/Media/PDF/AnnualReport/2022%5FIC3Report.pdf), 300,497 US-based victims reported phishing incidents in a single year, and Business Email Compromise (BEC) - a domain-spoofing attack that SPF, DKIM, and DMARC are specifically designed to prevent - caused more than $2.7 billion in direct losses._ By posing as a known and reliable entity, they gain unauthorized access to [sensitive information](https://www.techtarget.com/whatis/definition/sensitive-information) or deceive the victim. [Cybercriminals](https://www.voanews.com/a/alleged-leader-of-cybercriminals-extradited-to-us/7741605.html) usually masquerade as friends, colleagues, higher authorities of offices, banks, government agencies, etc., to manipulate recipients into sharing [login credentials](https://www.darkreading.com/endpoint-security/oauth-log-in-full-account-takeover-millions) and financial details or downloading malware-infected files. Impersonation undermines trust and can lead to serious [security breaches](https://www.infosecurity-magazine.com/opinions/security-breaches-inevitable-1/) and fraud. Let’s see what the Egress report unfolds about the state of impersonation in 2024\. ![phishing attacks](https://media.mailhop.org/autospf/images/2024/10/spf-record-tester-4825.jpg) ## Highlights of the Phishing Threat Trends Report - In 2024, the highest number of [phishing attacks](https://www.cnbc.com/2023/01/07/phishing-attacks-are-increasing-and-getting-more-sophisticated.html) occurred on June 10th. - 12:37 PM was the most common time recipients received phishing emails. - There was a 28% increase in phishing emails in the second quarter compared to the first quarter. During the second quarter, 44% of phishing emails were sent from already compromised accounts, which helped them bypass [security protocols](https://www.pcmag.com/encyclopedia/term/security-protocol). - 23% of phishing emails were embedded with phishing attachments. - 20% of phishing emails used [social engineering](https://www.computerweekly.com/news/366580938/More-social-engineering-attacks-on-open-source-projects-observed). - 12% of phishing emails contained a QR code, leading to [quishing](https://dmarcreport.com/blog/qr-code-phishing-quishing-is-on-the-rise-prevent-it/). - _The most used words were ‘Urgent,’ ‘Sign,’ ‘Password,’ ‘Document,’ and ‘Delivery. ‘_ Be wary of these words in incoming emails; they are [red flags](https://securityboulevard.com/2023/09/5-red-flags-to-spot-phishing-emails-immediately/), so be cautious while replying, clicking, or downloading anything. - _Adobe, Microsoft, Chase, and Meta were the most impersonated brands._ - Only 29% of phishing emails were reported correctly by employees. - Between January 1st and August 31st, 2024, 26% of detected [phishing emails](https://www.bleepingcomputer.com/news/security/proofpoint-settings-exploited-to-send-millions-of-phishing-emails-daily/) seemed to come from brands with which the recipient had no business relationship. So, be careful with unsolicited emails, especially if the sender asks to share personal details, make financial transactions, visit a link, or download something. - 16% of these phishing emails were sent by impersonating the employees of the company the recipient works for. HR is the most impersonated department. _This is because employees are more likely to fall for the bait of better salary packages, approved leaves, incomplete onboarding process, etc_. Sometimes, a [banner](https://www.adobe.com/express/create/banner) is shown on the top of the email, alerting you of [external emails](https://pitstop.manageengine.com/portal/en/community/topic/external-email). It’s good to consider its importance and double-check the sender’s details before you proceed with anything. - The IT and [finance team](https://www.grantthornton.com.au/insights/blogs/the-evolving-role-of-finance-teams-in-todays-business-landscape/) employees are the next most impersonated people. These departments usually send out surveys to fill out so recipients don’t get suspicious. - The report highlights that e-signatures and [employee feedback surveys](https://www.thrivesparrow.com/blog/employee-feedback-survey) were the two most impersonated internal systems, with the Microsoft logo used in more attacks than any other, often to steal credentials or bypass detection by using legitimate [SharePoint links](https://www.process.st/how-to/create-a-sharepoint-link/). ![email security](https://media.mailhop.org/autospf/images/2024/10/spf-validator-6386.jpg) - New employees in their first 2-7 weeks were the most targeted by phishing emails, often impersonating top executives like the [CEO and CFO](https://www.bizjournals.com/bizwomen/news/latest-news/2024/06/former-cfo-returns-to-razor-as-ceo-after-stint-at.html). This highlights the need for phishing training during new employee orientation, backed by these statistics to show the risk. In 2024, impersonation remains the leading phishing strategy, driving organizations to strengthen [email security](/) with [SPF](/blog/what-is-spf-email-a-guide-to-sender-validation-technology/), [DKIM](/10-reasons-for-regular-spf-record-checks-in-cybersecurity/dkim-record-check/), and [DMARC](/10-reasons-for-regular-spf-record-checks-in-cybersecurity/dmarc-record-check/) protocols to prevent spoofing and protect against fraudulent messages. ## Topics [ DKIM ](/tags/dkim/)[ DMARC ](/tags/dmarc/)[ email security ](/tags/email-security/)[ SPF ](/tags/spf/) ![Vasile Diaconu](https://media.mailhop.org/autospf/images/authors/vasile-diaconu.jpg) [ Vasile Diaconu ](/authors/vasile-diaconu/) Operations Lead Operations Lead at DuoCircle. Runs project management, developer coordination, and technical support execution for AutoSPF. [LinkedIn Profile →](https://www.linkedin.com/in/vasile-diaconu/) ## Ready to get started? Try AutoSPF free — no credit card required. [ Book a Demo ](/book-a-demo/) ## Related Articles [ Advanced 6m 8 cybersecurity trends that will redefine the digital landscape in 2024 Sep 20, 2024 ](/blog/8-cybersecurity-trends-that-will-redefine-the-digital-landscape-in-2024/)[ Advanced 17m AI-Powered Phishing in 2026: How Generative AI Changed the Attacker Economics of Email Why Email Authentication Is the Last Reliable Defense Signal in the Age of AI May 4, 2026 ](/blog/ai-powered-phishing-2026-email-authentication-last-ai-defense-signal/)[ Advanced 10m AutoSPF’s Guide to Configuring SPF & DKIM for Avanan: A Detailed Walk-through Nov 26, 2025 ](/blog/autospf-guide-configuring-spf-dkim-for-avanan-detailed-setup-walkthrough/)[ Advanced 8m AutoSPF’s In-Depth Guide to Setting Up DMARC, SPF & DKIM on HostGator Dec 9, 2025 ](/blog/autospf-guide-setting-up-dmarc-spf-dkim-on-hostgator/) ```json {"@context":"https://schema.org","@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com","logo":{"@type":"ImageObject","url":"https://autospf.com/images/autospf-logo.png"},"description":"Automatic SPF flattening and email authentication management. Resolve SPF lookup limits, flatten SPF records, and maintain email deliverability across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138897474","https://www.linkedin.com/company/autospf","https://x.com/autospf01","https://www.g2.com/products/autospf/reviews"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://autospf.com/contact-us/"},"knowsAbout":["SPF Record Flattening","Sender Policy Framework","Email Authentication","DNS Management","DMARC","DKIM"]} ``` ```json {"@context":"https://schema.org","@type":"WebSite","name":"AutoSPF","url":"https://autospf.com","description":"Automatic SPF flattening and email authentication management. Resolve SPF lookup limits, flatten SPF records, and maintain email deliverability across all your domains.","publisher":{"@type":"Organization","name":"AutoSPF","url":"https://autospf.com","logo":{"@type":"ImageObject","url":"https://autospf.com/images/autospf-logo.png"},"description":"Automatic SPF flattening and email authentication management. Resolve SPF lookup limits, flatten SPF records, and maintain email deliverability across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}} ``` ```json {"@context":"https://schema.org","@type":"BlogPosting","headline":"Impersonation is the leading phishing strategy of 2024","description":"A famous software firm, Egress, published its Phishing Threat Trends Report in October 2024.","url":"https://autospf.com/blog/impersonation-is-the-leading-phishing-strategy-of-2024/","datePublished":"2024-10-16T18:18:46.000Z","dateModified":"2026-04-18T02:36:41.000Z","dateCreated":"2024-10-16T18:18:46.000Z","author":{"@type":"Person","@id":"https://autospf.com/authors/vasile-diaconu/#person","name":"Vasile Diaconu","url":"https://autospf.com/authors/vasile-diaconu/","jobTitle":"Operations Lead","description":"Vasile Diaconu is the Operations Lead at DuoCircle, the company behind AutoSPF. He coordinates between engineering, product, and technical support - running project management, interfacing with developers on customer-reported issues, and making sure work that comes in through the support channel actually gets closed out. Vasile sits at the intersection of customer feedback and engineering execution, which gives him a direct view of which SPF problems customers hit most often in production and how they get resolved operationally.","image":"https://media.mailhop.org/autospf/images/authors/vasile-diaconu.jpg","knowsAbout":["SaaS Operations","Technical Support Coordination","Customer Issue Resolution","Engineering Program Management","Deployment Operations"],"worksFor":{"@type":"Organization","name":"AutoSPF","url":"https://autospf.com"},"sameAs":["https://www.linkedin.com/in/vasile-diaconu/"]},"publisher":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com","logo":{"@type":"ImageObject","url":"https://autospf.com/images/autospf-logo.png"},"description":"Automatic SPF flattening and email authentication management. Resolve SPF lookup limits, flatten SPF records, and maintain email deliverability across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138897474","https://www.linkedin.com/company/autospf","https://x.com/autospf01","https://www.g2.com/products/autospf/reviews"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://autospf.com/contact-us/"},"knowsAbout":["SPF Record Flattening","Sender Policy Framework","Email Authentication","DNS Management","DMARC","DKIM"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://autospf.com/blog/impersonation-is-the-leading-phishing-strategy-of-2024/"},"articleSection":"advanced","keywords":"DKIM, DMARC, email security, SPF","wordCount":529,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/autospf/images/2024/10/spf-validator-6.jpg","caption":"leading phishing strategy","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}} ``` ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://autospf.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://autospf.com/blog/"},{"@type":"ListItem","position":3,"name":"Advanced","item":"https://autospf.com/advanced/"},{"@type":"ListItem","position":4,"name":"Impersonation is the leading phishing strategy of 2024","item":"https://autospf.com/blog/impersonation-is-the-leading-phishing-strategy-of-2024/"}]} ```