These were the most common phishing emails of 2023 – make sure you don’t get caught either
Phishing has long been a popular vector for cybercriminals to extract valuable information from their victims – and 2023 was no different.
A new report from email security company Codefense last year delved into the most common themes in email phishing attacks. The assigned themes were based on the content, such as the email body, subject line, attachments, and so on.
Codefense says that assigning precise themes to phishing emails is important because it “enables a more targeted response” and “helps companies better select relevant phishing simulations to use.”
Large, medium, small
The company split the scam emails into three main categories based on volume: large, medium and small.
Of the top themes – the highest volume phishing emails – finance was the most popular, accounting for 54%. These emails covered topics such as invoices and payments. Phishing notification emails, which cover password expirations, reminders, appointments, required actions and the like, came in second at 35%.
Phishing emails via dispatch ranked third at 7%. Response mode scams came in fourth at 3%. These emails are intended to elicit a response to questions; These queries can be fabricated by the threat actors, or sometimes they use legitimate emails due to hijacked email accounts.
Interestingly, these phishing emails peaked in the second quarter of 2023, with May being 25% higher than any other month. Codefense suggests this could be due to the increase in QakBot campaigns that month, using reply themes and hijacking email threads.
When it came to moderate themes (those that occur regularly but often relate to more specific and complex campaigns), document and voicemail scams proved popular, at 38% and 25% respectively. Travel assistance followed closely behind at 24%, and fax and legal email scams lagged far behind at 8% and 6% respectively.
Minor themes are those that occur least often and are usually related to certain times of the year. Phishing emails focusing on benefits (37%) and taxes (32%) made up the majority in this category, followed by job applications (21%) and property closings (10%).
It seems that phishing emails are becoming more and more sophisticated and continue to pose a serious problem for businesses as they can be one of the main causes of compromise. With the rise of AI tools, it will become even easier for cybercriminals to create convincing scams.