Phishing has long been a popular vector for cybercriminals to obtain valuable information from victims, and 2023 was no different.
A new report from email security company Codefense has delved into the most common themes in email phishing attacks last year. The topics you assigned were based on content, such as the email body, subject line, attachments, etc.
Codefense says that assigning precise topics to phishing emails is important as it “allows for a more focused response” and “helps businesses better select relevant phishing simulations to use.”
major, moderate, minor
The company divided fraudulent emails into three main categories, based on volume: major, moderate, and minor.
Of the top topics (the highest volume phishing emails), finance was the most popular, at 54%. These emails related to topics such as invoices and payments. Phishing notification emails, which are those related to password expiration, reminders, appointments, required actions, and the like, came in second at 35%.
Sending phishing emails came in third at 7%. Response mode scams came in fourth place at 3%. These emails are intended to obtain a response to queries; These queries can be fabricated by threat actors or sometimes use legitimate emails as a result of hijacked email accounts.
Interestingly, these phishing emails peaked in the second quarter of 2023, with May being 25% higher than any other month. Codefense suggests this could be due to the increase in QakBot campaigns that month, which used reply topics and hijacked email threads.
When it came to moderate topics (those seen regularly but often pertaining to more specific and complex campaigns), document and voicemail scams were popular, at 38% and 25% respectively. Travel assistance was close behind at 24%, and fax and legal email scams were far behind at 8% and 6% respectively.
Minor themes are those that occur less frequently and are generally related to certain times of the year. Phishing emails with benefits (37%) and tax (32%) topics made up the majority in this category, followed by job applications (21%) and property closings (10%).
It appears that phishing emails are becoming more sophisticated and are still a serious problem for businesses as they can be one of the leading causes of compromise. With the rise of artificial intelligence tools, it will be even easier for cybercriminals to craft convincing scams.
