Phishing links are scarier than malicious email attachments

The support tickets we get after a spoofing incident all start the same way: ‘we didn’t know someone was sending email from our domain,’ says Vasile Diaconu, Operations Lead at DuoCircle. DMARC reporting would have caught it weeks earlier. The cost of monitoring is nothing compared to the cost of a successful impersonation attack.

_According to the FBI’s 2022 Internet Crime Report (IC3), 300,497 US-based victims reported phishing incidents in a single year, and Business Email Compromise (BEC) caused more than $2.7 billion in direct losses. DMARC Report

Phishing links are scarier than malicious email attachments

					<button title="Play" aria-label="Play Episode" aria-pressed="false" class="play-btn">
						

Play Episode

					</button>
					<button title="Pause" aria-label="Pause Episode" aria-pressed="false" class="pause-btn hide">
						

Pause Episode

					</button>
					


				

				

					<audio preload="none" class="clip clip-23354">
						<source src="https://media.mailhop.org/dmarcreport/images/2025/04/Phishing-links-are-scarier-than-malicious-email-attachments.mp3">
					</audio>
					

						

					

					

						

							<button class="player-btn player-btn__volume" title="Mute/Unmute">
								

Mute/Unmute Episode

							</button>
							<button data-skip="-10" class="player-btn player-btn__rwd" title="Rewind 10 seconds">
								

Rewind 10 Seconds

							</button>
							<button data-speed="1" class="player-btn player-btn__speed" title="Playback Speed" aria-label="Playback Speed">1x</button>
							<button data-skip="30" class="player-btn player-btn__fwd" title="Fast Forward 30 seconds">
								

Fast Forward 30 seconds

							</button>
						

						

							<time class="ssp-timer">00:00</time>
							

/

							<!-- We need actual duration here from the server -->
							<time class="ssp-duration" datetime="PT0H2M6S">2:06</time>
						

					

				

			

								<nav class="player-panels-nav">
												<button class="subscribe-btn" id="subscribe-btn-23354" title="Subscribe">Subscribe</button>
																		<button class="share-btn" id="share-btn-23354" title="Share">Share</button>
										</nav>
						

	



		

						

				

					

					

				

				

					

																																																																								

					

						

RSS Feed

							<input value="https://dmarcreport.com/feed/podcast/dmarc-report" class="input-rss input-rss-23354" title="RSS Feed URL" readonly />
						

						<button class="copy-rss copy-rss-23354" title="Copy RSS Feed URL" aria-label="Copy RSS Feed URL"></button>
					

				

			

									

				

					

					

				

				

					

						Share						

					

						<a href="https://www.facebook.com/sharer/sharer.php?u=https://dmarcreport.com/blog/podcast/phishing-links-are-scarier-than-malicious-email-attachments/&t=Phishing links are scarier than malicious email attachments" target="blank" rel="noopener noreferrer" class="share-icon facebook" title="Share on Facebook">
							

						</a>
						<a href="https://twitter.com/intent/tweet?text=https://dmarcreport.com/blog/podcast/phishing-links-are-scarier-than-malicious-email-attachments/&url=Phishing links are scarier than malicious email attachments" target="blank" rel="noopener noreferrer" class="share-icon twitter" title="Share on Twitter">
							

						</a>
						<a href="https://media.mailhop.org/dmarcreport/images/2025/04/Phishing-links-are-scarier-than-malicious-email-attachments.mp3" target="blank" rel="noopener noreferrer" class="share-icon download" title="Download" download>
							

						</a>
					

				

				

					

						Link						

					

						<input value="https://dmarcreport.com/blog/podcast/phishing-links-are-scarier-than-malicious-email-attachments/" class="input-link input-link-23354" title="Episode URL" readonly />
					

					<button class="copy-link copy-link-23354" title="Copy Episode URL" aria-label="Copy Episode URL" readonly=""></button>
				

				

					

						Embed						

					

						<input type="text" value='<blockquote class="wp-embedded-content" data-secret="smFmYla0cB"><a href="https://dmarcreport.com/blog/podcast/phishing-links-are-scarier-than-malicious-email-attachments/">Phishing links are scarier than malicious email attachments</a></blockquote><iframe sandbox="allow-scripts" security="restricted" src="https://dmarcreport.com/blog/podcast/phishing-links-are-scarier-than-malicious-email-attachments/embed/#?secret=smFmYla0cB" width="500" height="350" title=""Phishing links are scarier than malicious email attachments" - DMARC Report" data-secret="smFmYla0cB" frameborder="0" marginwidth="0" marginheight="0" scrolling="no" class="wp-embedded-content"></iframe><script>

/*! This file is auto-generated / !function(d,l){“use strict”;l.querySelector&&d.addEventListener&&“undefined”!=typeof URL&&(d.wp=d.wp||{},d.wp.receiveEmbedMessage||(d.wp.receiveEmbedMessage=function(e){var t=e.data;if((t||t.secret||t.message||t.value)&&!/[^a-zA-Z0-9]/.test(t.secret)){for(var s,r,n,a=l.querySelectorAll(‘iframe[data-secret=”‘+t.secret+’”]’),o=l.querySelectorAll(‘blockquote[data-secret=”‘+t.secret+’”]’),c=new RegExp(“^https?:$”,“i”),i=0;i<o.length;i++)o[i].style.display=“none”;for(i=0;i<a.length;i++)s=a[i],e.source===s.contentWindow&&(s.removeAttribute(“style”),“height”===t.message?(1e3<(r=parseInt(t.value,10))?r=1e3:~~r<200&&(r=200),s.height=r):“link”===t.message&&(r=new URL(s.getAttribute(“src”)),n=new URL(t.value),c.test(n.protocol))&&n.host===r.host&&l.activeElement===s&&(d.top.location.href=t.value))}},d.addEventListener(“message”,d.wp.receiveEmbedMessage,!1),l.addEventListener(“DOMContentLoaded”,function(){for(var e,t,s=l.querySelectorAll(“iframe.wp-embedded-content”),r=0;r<s.length;r++)(t=(e=s[r]).getAttribute(“data-secret”))||(t=Math.random().toString(36).substring(2,12),e.src+=”#?secret=“+t,e.setAttribute(“data-secret”,t)),e.contentWindow.postMessage({message:“ready”,secret:t},"")},!1)))}(window,document); //# sourceURL=https://dmarcreport.com/wp-includes/js/wp-embed.min.js ’ title=“Embed Code” class=“input-embed input-embed-23354” readonly/>

					<button class="copy-embed copy-embed-23354" title="Copy Embed Code" aria-label="Copy Embed Code"></button>
				

			

				

It’s often propagated that attachments should not be downloaded from unsolicited and unrecognized emails. While unexpected email attachments still pose risks, phishing links seem to be wreaking more havoc. **Experts and researchers are concerned about this new cyber threat looming over email landscapes. They have observed a significant uptick in email messages infested with links to legitimate cloud-based file sharing services, like Google Drive or SharePoint. In 2023, there was a 144% surge in the use of malicious web links in emails, rising from 12.5% of all email threats in 2022 to 30.5% in 2023.

Contemporary cyber actors are using more layers of links and making victims go through extra steps, like CAPTCHAs or fake MFA challenges , to hide their activities and avoid detection. As more such scenarios surface, it’s becoming more critical and challenging for companies to monitor and modulate emails.

Companies often use collaboration tools to improve efficiency but do little to evaluate their impact on cybersecurity. Such tools are unsafe, and things can get worse if they are used under shadow IT. On the other hand, a reliable document management system facilitates collaboration without compromising security. If your employees are using these tools under shadow IT, the official blue team will not add them to the attack surface.

AI is as much of a bane as it’s a boon!

There is no doubt that AI-powered email security solutions are cyber experts’ best mates when it comes to analyzing vast datasets and detecting anomalies and patterns that indicate phishing attempts. However, AI is also helping cybercriminals craft convincing, sophisticated, and hyper-personalized messages that look no different than genuine ones. Unlike traditional malicious attachments, which rely on users downloading harmful files, AI-powered phishing attacks manipulate human psychology more effectively. Attackers use AI to generate personalized emails that mimic real conversations, making them harder to detect.

With generative AI tools , threat actors are becoming more abled than ever. They are creating messages that have flawless grammar and natural-sounding language, eliminating common red flags that earlier helped recipients filter out potential phishing emails.

Cyber experts leverage AI-powered email security solutions alongside DMARC, DKIM, and SPF protocols to combat AI-driven phishing, spoofing, and email-based deception,** ensuring enhanced protection against evolving threats

AI also allows attackers to automate spear-phishing campaigns, targeting individuals based on publicly available data. This means phishing emails can now address recipients by name , reference recent transactions, or even mimic the writing style of trusted colleagues.

The decline of malicious attachments

The conventional email security defense systems were built focusing on blocking malicious attachments. However, with modern email gateways and sandboxing technologies, it becomes difficult for these malware-infected attachments to bypass security filters. This has driven attackers to shift to AI-driven phishing tactics that mostly rely on social engineering rather than malware.

Nowadays, cybercriminals are not sending infected files; instead, they are embedding deceptive links in the email body that lead the recipient to convincing counterfeit login pages. With the help of AI, they easily bypass security checks by dynamically altering URLs and content. These websites look so similar to the official ones that recipients don’t gain any suspicion at all.

Moreover, some phishing campaigns now include interactive elements like CAPTCHAs or fake multi-factor authentication (MFA) requests, adding layers of legitimacy to their deception.

Final words

AI is a **double-edged sword in the world of email security. On the one hand, it helps blue teams detect and prevent cyberattacks. On the other hand, it helps attackers make phishing more deceptive, convincing, and widespread. As phishing emails grow more sophisticated, organizations must invest in advanced AI-driven defenses and **user awareness training to stay ahead of cybercriminals.