A famous software firm, Egress, published its Phishing Threat Trends Report in October 2024, highlighting how impersonation became the most prolific phishing tactic in 2024. In the context of cybersecurity, impersonation is the act of a threat actor pretending to be a trusted individual, organization, or system.
By posing as a known and reliable entity, they gain unauthorized access to sensitive information or deceive the victim. Cybercriminals usually masquerade as friends, colleagues, higher authorities of offices, banks, government agencies, etc., to manipulate recipients into sharing login credentials and financial details or downloading malware-infected files. Impersonation undermines trust and can lead to serious security breaches and fraud.
Let’s see what the Egress report unfolds about the state of impersonation in 2024.

Highlights of the Phishing Threat Trends Report
- In 2024, the highest number of phishing attacks occurred on June 10th.
- 12:37 PM was the most common time recipients received phishing emails.
- There was a 28% increase in phishing emails in the second quarter compared to the first quarter. During the second quarter, 44% of phishing emails were sent from already compromised accounts, which helped them bypass security protocols.
- 23% of phishing emails were embedded with phishing attachments.
- 20% of phishing emails used social engineering.
- 12% of phishing emails contained a QR code, leading to quishing.
- The most used words were ‘Urgent,’ ‘Sign,’ ‘Password,’ ‘Document,’ and ‘Delivery. ‘ Be wary of these words in incoming emails; they are red flags, so be cautious while replying, clicking, or downloading anything.

- Adobe, Microsoft, Chase, and Meta were the most impersonated brands.
- Only 29% of phishing emails were reported correctly by employees.
- Between January 1st and August 31st, 2024, 26% of detected phishing emails seemed to come from brands with which the recipient had no business relationship. So, be careful with unsolicited emails, especially if the sender asks to share personal details, make financial transactions, visit a link, or download something.
- 16% of these phishing emails were sent by impersonating the employees of the company the recipient works for. HR is the most impersonated department. This is because employees are more likely to fall for the bait of better salary packages, approved leaves, incomplete onboarding process, etc. Sometimes, a banner is shown on the top of the email, alerting you of external emails. It’s good to consider its importance and double-check the sender’s details before you proceed with anything.

- The IT and finance team employees are the next most impersonated people. These departments usually send out surveys to fill out so recipients don’t get suspicious.
- The report highlights that e-signatures and employee feedback surveys were the two most impersonated internal systems, with the Microsoft logo used in more attacks than any other, often to steal credentials or bypass detection by using legitimate SharePoint links.
- New employees in their first 2-7 weeks were the most targeted by phishing emails, often impersonating top executives like the CEO and CFO. This highlights the need for phishing training during new employee orientation, backed by these statistics to show the risk.

In 2024, impersonation remains the leading phishing strategy, driving organizations to strengthen email security with SPF, DKIM, and DMARC protocols to prevent spoofing and protect against fraudulent messages.