Broker Check

The Latest Trends in Phishing

July 07, 2023

Phishing continues to evolve, and Lane Spitzner of SANS Security Awareness explains the changes in a post on the Cyber Security Intelligence website ( Here are the trends:

  1. Phishing is not just through emails but can be through texts or any messaging technology.

     2.The goals have changed. Instead of installing malware phishing tries to

  • Steal passwords.
  • Get people to call a number used by scammers. (Suggestion: don't call phone numbers you don't recognize.)
  • Business email compromise or CEO fraud attacks. (Verify any requests to be sure they are legitimate.)

69% of phishing emails attempt to take a user to a website, primarily for password harvesting but sometimes for "surveys" ( don't participate unless you know the sponsor). 14% are imposter scams. 8% are telephone oriented attack delivery (TOAD). Only 9% are attempts to install malware.

While attacks continue to evolve, the most  common indicators of phishing remain:

  • Urgency.
  • Pressure to ignore or bypass procedures.
  • Curiosity about an offer (if it's too good to be true, it probably is).
  • Tone doesn't seem right.
  • Generic salutation. 
  • Personal rather than organization email address.