A recent report highlights the increasing use of sophisticated tactics by hackers to bypass cybersecurity defenses and send phishing emails.


The report reveals a significant 24.4% rise in the use of obfuscation techniques, particularly HTML smuggling, to avoid detection. Hackers are also combining multiple obfuscation methods to enhance the effectiveness of their campaigns. Additionally, the report warns of the emerging threat of AI-generated phishing emails, which pose a challenge in determining if they were written by a chatbot. Existing AI-generated phishing email detection tools are unreliable or ineffective in 71.4% of cases [2].

The prevalence of malware-laden links in phishing emails is also emphasized [2], with 45% of analyzed messages containing such links [2]. Furthermore, the report identifies a correlation between the volume of solicited bulk emails (graymail) received by a user and the number of incoming phishing emails [2].

Missed voice messages are the most common topic for phishing attacks [1], accounting for 18% of attacks [1]. Phishing links to websites are the most common type of payload [1], increasing from 35% in 2022 [1]. Obfuscation techniques [1] [2], particularly HTML smuggling, are used in over half (55%) of phishing emails [1]. Graymail [1] [2], which accounts for one-third (34%) of mail flow [1], is directly correlated with the number of phishing emails received [1]. Traditional perimeter detection is ineffective in detecting phishing emails [1], as attacks are increasingly sent from compromised accounts [1].


The report highlights the increasing sophistication of hackers in bypassing cybersecurity defenses and sending phishing emails. It emphasizes the rise in the use of obfuscation techniques and the emerging threat of AI-generated phishing emails. The prevalence of malware-laden links in phishing emails and the correlation between graymail and phishing emails are also significant findings. The report suggests the use of dynamic banners in the inbox to educate users and enhance resilience against phishing attacks [1].


[1] https://www.investorsobserver.com/news/qm-pr/4864406237843249
[2] https://siliconangle.com/2023/10/02/report-half-phishing-emails-now-use-obfuscation-tactics-avoid-detection/