- Right now you can save up to $400 on the OnePlus Open smartphone (but you'll want to hurry)
- New tweak to Linux kernel could cut data center power usage by up to 30%
- The best Linux laptops of 2025: Expert tested and reviewed
- This Ring model is the only indoor security camera you'll ever need
- Is DeepSeek's new image model another win for cheaper AI?
The Rise in Phishing Scams
As cybersecurity platforms have become more effective, cyber attackers have shifted their strategy. Rather than challenging defense applications to identify weaknesses, they are now increasingly focused on exploiting human behavior. Their primary method for enacting this updated strategy is phishing.
Phishing attacks have increased at an alarming rate in recent years, with reports showing a 58 percent increase in global phishing attacks from 2022 to 2023. The most probable reason for the increase is that phishing remains remarkably effective. Nine out of ten organizations report that they fell prey to phishing attacks in 2023, with nearly seven out of ten employees saying they contributed to the attacks’ success by knowingly taking risky actions such as handing over credentials to untrustworthy sources.
Why does phishing continue to work?
One of the main reasons phishing continues to be effective is its focus on deep-rooted human emotions. Rather than seeking to overcome cyber defenses with computing power or zero-day exploits, it overcomes them by exploiting fear, greed, and empathy.
For example, due to security upgrades such as password generation and multi-factor authentication, breaking passwords has become much more difficult for cybercriminals. With phishing, however, cybercriminals can leverage fear to gain access to passwords. Falsified messages informing employees that their corporate expense account has been compromised and requesting login credentials to fix the problem count on those employees being afraid that the alleged breach will result in greater losses.
Greed is another powerful tool cybercriminals use to empower phishing attacks. A text or email promising access to an exclusive deal, for instance, can quickly prompt a greedy person to hand over sensitive information. According to Verizon’s 2024 Data Breach Investigations Report, the median time it takes for someone to fall victim to a phishing attack — from receiving a phishing email to taking the requested action — is 60 seconds.
Phishing also continues to be effective because we are doing more online than ever before. When remote work skyrocketed in the wake of the COVID-19 pandemic, phishing attacks leveled at remote workers increased by 600 percent. As workplaces became distributed, it became more time-consuming and inconvenient to confirm that a text or email message actually came from a manager, opening the door for cybercriminals to exploit the new normal.
The rise of AI is yet another reason for the increased use of phishing attacks. Generative AI makes it much easier for cyber attackers to develop phishing campaigns. The power AI provides to create deepfakes also empowers new variations of phishing, such as vishing attacks that use AI to generate voice calls mimicking a boss or other person in authority.
How can organizations better repel phishing attacks?
Providing effective training is the most important step organizations can take to better repel phishing attacks. The training should provide a general understanding of how phishing works, how to identify it, and how to report it when it is suspected. It should also be updated regularly to include the most recent phishing strategies.
Every stakeholder in an organization should receive training on phishing. Because phishing is focused on exploiting an organization’s employees rather than its security framework, it can be leveled against any employee — from the CEO to the newest entry-level hire — so excluding anyone from training creates a dangerous vulnerability.
Organizations that want to better repel phishing attacks should also help employees to prioritize cybersecurity. Cyber attackers often rely on victims overlooking telltale signs of a phishing attack because they are too busy or weary from an overwhelming workload. If employees don’t feel empowered to take appropriate steps to detect and repel phishing, even when it compromises their productivity, the organization will suffer.
An effective cybersecurity strategy must address the ongoing threat posed by phishing attacks. An organization’s best defense will be employees who understand the threat and know how to repel it. Organizations that fail to empower employees create a vulnerability that cybercriminals will be quick to exploit.
About the Author
Marcelo Barros, Global Markets Leader of Hacker Rangers. He is an IT veteran who has played an instrumental role in delivering cutting-edge cybersecurity solutions and services to clients around the world. His passion for cybersecurity led him to join the team at Hacker Rangers, a leading gamification company that makes cyber awareness fun and engaging for organizations worldwide.
Marcelo can be reached online on LinkedIn at https://www.linkedin.com/in/marcelonunesbarros/ and at his company’s website https://hackerrangers.com/.
