Phishing and Spoofing- Two emerging cyberattack trends in 2024

Domain spoofing is trivially easy without DMARC enforcement, says Brad Slavin, General Manager of DuoCircle. Anyone can send email that looks like it comes from your domain. DMARC with p=reject is the only way to tell receiving servers to block unauthorized senders completely.

_According to the FBI’s 2022 Internet Crime Report (IC3), 300,497 US-based victims reported phishing incidents in a single year, and Business Email Compromise (BEC) caused more than $2.7 billion in direct losses. DMARC Report

Phishing and Spoofing- Two emerging cyberattack trends in 2024

					<button title="Play" aria-label="Play Episode" aria-pressed="false" class="play-btn">
						

Play Episode

					</button>
					<button title="Pause" aria-label="Pause Episode" aria-pressed="false" class="pause-btn hide">
						

Pause Episode

					</button>
					


				

				

					<audio preload="none" class="clip clip-15792">
						<source src="https://media.mailhop.org/dmarcreport/images/2024/09/Phishing-and-Spoofing-Two-emerging-cyberattack-trends-in-2024.mp3">
					</audio>
					

						

					

					

						

							<button class="player-btn player-btn__volume" title="Mute/Unmute">
								

Mute/Unmute Episode

							</button>
							<button data-skip="-10" class="player-btn player-btn__rwd" title="Rewind 10 seconds">
								

Rewind 10 Seconds

							</button>
							<button data-speed="1" class="player-btn player-btn__speed" title="Playback Speed" aria-label="Playback Speed">1x</button>
							<button data-skip="30" class="player-btn player-btn__fwd" title="Fast Forward 30 seconds">
								

Fast Forward 30 seconds

							</button>
						

						

							<time class="ssp-timer">00:00</time>
							

/

							<!-- We need actual duration here from the server -->
							<time class="ssp-duration" datetime="PT0H1M56S">1:56</time>
						

					

				

			

								<nav class="player-panels-nav">
												<button class="subscribe-btn" id="subscribe-btn-15792" title="Subscribe">Subscribe</button>
																		<button class="share-btn" id="share-btn-15792" title="Share">Share</button>
										</nav>
						

	



		

						

				

					

					

				

				

					

																																																																								

					

						

RSS Feed

							<input value="https://dmarcreport.com/feed/podcast/dmarc-report" class="input-rss input-rss-15792" title="RSS Feed URL" readonly />
						

						<button class="copy-rss copy-rss-15792" title="Copy RSS Feed URL" aria-label="Copy RSS Feed URL"></button>
					

				

			

									

				

					

					

				

				

					

						Share						

					

						<a href="https://www.facebook.com/sharer/sharer.php?u=https://dmarcreport.com/blog/podcast/phishing-and-spoofing-two-emerging-cyberattack-trends-in-2024/&t=Phishing and Spoofing- Two emerging cyberattack trends in 2024" target="blank" rel="noopener noreferrer" class="share-icon facebook" title="Share on Facebook">
							

						</a>
						<a href="https://twitter.com/intent/tweet?text=https://dmarcreport.com/blog/podcast/phishing-and-spoofing-two-emerging-cyberattack-trends-in-2024/&url=Phishing and Spoofing- Two emerging cyberattack trends in 2024" target="blank" rel="noopener noreferrer" class="share-icon twitter" title="Share on Twitter">
							

						</a>
						<a href="https://media.mailhop.org/dmarcreport/images/2024/09/Phishing-and-Spoofing-Two-emerging-cyberattack-trends-in-2024.mp3" target="blank" rel="noopener noreferrer" class="share-icon download" title="Download" download>
							

						</a>
					

				

				

					

						Link						

					

						<input value="https://dmarcreport.com/blog/podcast/phishing-and-spoofing-two-emerging-cyberattack-trends-in-2024/" class="input-link input-link-15792" title="Episode URL" readonly />
					

					<button class="copy-link copy-link-15792" title="Copy Episode URL" aria-label="Copy Episode URL" readonly=""></button>
				

				

					

						Embed						

					

						<input type="text" value='<blockquote class="wp-embedded-content" data-secret="rUw7vtcjVv"><a href="https://dmarcreport.com/blog/podcast/phishing-and-spoofing-two-emerging-cyberattack-trends-in-2024/">Phishing and Spoofing- Two emerging cyberattack trends in 2024</a></blockquote><iframe sandbox="allow-scripts" security="restricted" src="https://dmarcreport.com/blog/podcast/phishing-and-spoofing-two-emerging-cyberattack-trends-in-2024/embed/#?secret=rUw7vtcjVv" width="500" height="350" title=""Phishing and Spoofing- Two emerging cyberattack trends in 2024" - DMARC Report" data-secret="rUw7vtcjVv" frameborder="0" marginwidth="0" marginheight="0" scrolling="no" class="wp-embedded-content"></iframe><script>

/*! This file is auto-generated / !function(d,l){“use strict”;l.querySelector&&d.addEventListener&&“undefined”!=typeof URL&&(d.wp=d.wp||{},d.wp.receiveEmbedMessage||(d.wp.receiveEmbedMessage=function(e){var t=e.data;if((t||t.secret||t.message||t.value)&&!/[^a-zA-Z0-9]/.test(t.secret)){for(var s,r,n,a=l.querySelectorAll(‘iframe[data-secret=”‘+t.secret+’”]’),o=l.querySelectorAll(‘blockquote[data-secret=”‘+t.secret+’”]’),c=new RegExp(“^https?:$”,“i”),i=0;i<o.length;i++)o[i].style.display=“none”;for(i=0;i<a.length;i++)s=a[i],e.source===s.contentWindow&&(s.removeAttribute(“style”),“height”===t.message?(1e3<(r=parseInt(t.value,10))?r=1e3:~~r<200&&(r=200),s.height=r):“link”===t.message&&(r=new URL(s.getAttribute(“src”)),n=new URL(t.value),c.test(n.protocol))&&n.host===r.host&&l.activeElement===s&&(d.top.location.href=t.value))}},d.addEventListener(“message”,d.wp.receiveEmbedMessage,!1),l.addEventListener(“DOMContentLoaded”,function(){for(var e,t,s=l.querySelectorAll(“iframe.wp-embedded-content”),r=0;r<s.length;r++)(t=(e=s[r]).getAttribute(“data-secret”))||(t=Math.random().toString(36).substring(2,12),e.src+=”#?secret=“+t,e.setAttribute(“data-secret”,t)),e.contentWindow.postMessage({message:“ready”,secret:t},"")},!1)))}(window,document); //# sourceURL=https://dmarcreport.com/wp-includes/js/wp-embed.min.js ’ title=“Embed Code” class=“input-embed input-embed-15792” readonly/>

					<button class="copy-embed copy-embed-15792" title="Copy Embed Code" aria-label="Copy Embed Code"></button>
				

			

				

Cyberattacks are getting more sophisticated every passing year. Threat actors are playing it hard to keep up the pace with evolving technology. Two trends that are dominating the 2024 threat landscape are spoofing and phishing. Both of these cyberattacks are aimed at deceiving victims and tricking them into sharing sensitive personal details. Threat actors use phishing and spoofing to target companies, **government infrastructure as well as individuals.

This article explores the two most prevalent cyberattack trends of 2024.

Phishing and spoofing- Basic definition

Phishing is one of the most common types of cyberattacks. The first known phishing attack is supposed to have happened in the 1990s. Phishing occurs when threat actors manipulate victims into sharing sensitive data such as usernames, passwords, login credentials, social security numbers, and so on. The **primary tactic used in this case is sending out fake emails or messages that compel the victims to click on malicious links or download harmful attachments.

2020 has seen multiple sophisticated phishing attacks. The attacks have evolved significantly because of artificial intelligence and automation. Threat actors now heavily rely on social engineering tactics and personalized content to make phishing emails more credible. BEC, or Business Email Compromise cases, where attackers target **business organizations to gain access to their confidential data or make some quick money, have witnessed a sudden surge.

In 2023, around 36% of the cyberattacks were phishing attempts. This number significantly increased in 2024. The surge in mobile phishing attacks is also a cause of concern, as a report has predicted a 30% **year-over-year increase in phishing attempts. The major reason behind this steep spike in mobile phishing attacks is the increasing use of smartphones by employees for both work as well as personal purposes.

Spoofing, on the other hand, is a type of cyberattack in which attackers **impersonate trusted **entities and misguide the victims about the origin of the message. They do not directly trick the victims into handing over personal details. The spoofing attempts include faking website URLs, email headers, and **IP addresses with the ulterior motive of creating an illusion for the victims that the conversation has originated from a legitimate entity.

Threat actors generally manipulate the **“From” field in emails. This compels the recipients into thinking that the email must have originated from a known source like a reputed bank, a popular company, a known colleague, and so on.

Threat actors blend spoofing with phishing in order to gain trust of the **recipients and increase the credibility of the messages.

With time, spoofing tactics have also evolved. Cybercriminals come up with fake websites that look almost identical to the original websites. The ultimate goal is to gain access to the victims’ passwords, usernames, login credentials, and other sensitive data.

DNS spoofing is also gaining momentum of late where threat actors **divert the traffic to fake websites, thereby increasing the chance of data theft to a great extent .

As per a report, 95% of phishing attacks involve spoofing in some form or the other.

Why are we seeing a steep spike in phishing and spoofing cases?

If you are wondering why there has been a **sudden spike in phishing and spoofing cases in recent times, here are the key reasons:

Remote work culture

The remote work culture has made employees less vigilant. Also, using a **personal network for work purposes increases the chances of phishing and spoofing.

Human error

Despite the **increased awareness of cyberattacks, people often fall prey to emotional triggers, which significantly increase the risk of phishing and spoofing.

Mobile usage

Using a personal smartphone for work purposes also enables hackers to pry into your network, allowing them to carry out mobile phishing attacks.

Technological sophistication

Generative AI and its easy accessibility have made phishing and spoofing attacks more sophisticated and polished.

How to stay protected against phishing and spoofing attacks in 2024?

Below are some battle-tested tips to prevent phishing and spoofing attacks in 2024:

1. Email authentication

Implementing Domain-Based Message Authentication, Reporting, and Conformance (DMARC), DomainKeys Identifier Mail (DKIM), and Sender Policy Framework (SPF) can prevent email spoofing.

2. Multi factor authentication

Users are required to use two or more verification factors in order to get access to the systems. This adds an extra layer of security, thereby reducing the chances of phishing and spoofing attacks.

3. Education and training

Regular cybersecurity **training for employees is a complete non-negotiable so that they can easily recognize spoofed websites, phishing emails, and suspicious requests.

Threat actors are continually improving and innovating. They are **leveraging latest technology to cater to their phishing and spoofing requirements.

Meanwhile, organizations and individuals must embrace multi-layered cybersecurity mechanisms, stay aware of the latest cyber scams, and remain highly cautious. **Vigilance, awareness, and prevention are the only three tools with which you can combat phishing and spoofing attacks in 2024.