AI-driven phishing attacks outpace legacy email security filters
A report published by Cofense examines the growth of artificial intelligence (AI) in phishing attacks and the resultant challenges for traditional email security.
According to the report, titled The Rise of AI – A New Era of Phishing Threats, the Cofense Phishing Defense Center tracked one malicious email bypassing traditional defences every 42 seconds in 2024. These emails were often linked to polymorphic phishing attacks, which change in real-time in an attempt to evade detection by standard filtering technology.
The research found significant changes in attacker tactics attributed to AI. Attackers have increasingly automated the development of malware, extended attacks across various industries, and generated more personalised phishing content. These adaptations have allowed threats to bypass standard email security tools and highlighted what the report describes as the insufficiency of perimeter-only defences.
Josh Bartolomie, Chief Security Officer at Cofense, said, "Phishing threats have reached a critical turning point, AI-driven attacks are now slipping past traditional perimeter defenses, exposing the limits of legacy email filters. Attackers are leveraging AI to generate realistic lures at scale, harvest public data to fine-tune their approach, and continuously evolve campaigns mid-stream. The speed and sophistication we're seeing demands a new mindset around email security—one that goes beyond filters to focus on visibility, validation, and rapid, human-informed response."
Polymorphic attacks, which adapt key details such as subject lines, sender identities, and content, are creating what analysts describe as an unprecedented challenge for defenders. Cofense notes that these tactics now require security teams to combine expert-supervised AI with behavioural context analysis, offering greater accuracy in identifying threats that evade legacy filters.
The report also identifies a notable rise in business email compromise (BEC). Attackers have begun using AI tools to impersonate executives, replicate authentic email threads, and reference genuine business processes such as payment approvals. These messages are often sent from domains that closely resemble legitimate addresses such as "@consultant.com". The use of AI also reduces common indicators of phishing, such as poor grammar or inconsistent formatting, complicating detection by human recipients.
The report highlights five principal trends shaping the current phishing landscape. Firstly, over 40% of malware detected in 2024 was newly identified, with nearly half classified as Remote Access Trojans (RATs). RATs provide persistent access for attackers and indicate a shift towards more sophisticated, multipurpose threats.
Secondly, attackers are now using AI to develop phishing messages that closely mimic internal company communications, demonstrating improved grammar and tone. Cofense's systems detected and grouped these emails using a combination of expert oversight and real-time input from users.
A third trend is the 70% year-over-year increase in email-based scams, associated with AI-driven automation of targeted lures, inbound message spoofing, and the use of subtle text variations to evade spam filters.
The fourth area of concern is the continued effectiveness of polymorphic campaigns. These campaigns continuously alter email elements to bypass perimeter security, prompting the report's recommendation for enhanced post-delivery monitoring and rapid incident response.
An expansion in attacker strategies comprises the fifth trend. Tax-related scams increased by 340%, and cases involving the misuse of legitimate files to deliver malware rose by 575%. Additionally, incidents of Microsoft-related email spoofing reported a 156% increase, indicating attackers' efforts to diversify their tactics and reduce the effectiveness of pattern-based blocking approaches.
The report is based on intelligence collected by the Cofense Phishing Defense Center during 2024 and incorporates data from millions of real-world phishing threats reported by over 35 million trained users worldwide.
Cofense has indicated that it will remain focused on providing defences that go beyond filtering, blending AI oversight, human intelligence, and post-delivery detection measures to support organisations in countering these threats.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Daily Mirror
22 minutes ago
- Daily Mirror
Popular fashion chain to open 10 new stores and upgrade 30 more branches
The fashion and homeware retailer has not published a full list of new locations, but revealed it wants to expand its footprint in London, Essex, Hampshire and Northern Ireland Matalan has announced plans to open ten new and relocated stores this year as part of a £25million investment. The fashion and homeware retailer has not published a full list of new locations, but revealed it wants to expand its footprint in London, Essex, Hampshire and Northern Ireland. Matalan will also upgrade 30 existing stores, including improving layouts and store designs, for example by relocating services such as fitting rooms and tills, plus easier-to-use self-service checkouts in larger checkout areas. Some of its recently refurbished stores include Croydon, Linwood, Bristol Filton, and Dumfries. It marks the first phase of a long-term plan to modernise its store estate over the next three to five years, and comes after the retailer secured £25million of additional funding from investors last month. Matalan will also use the new funding to invest in the launch of a new app. Matalan has around 230 stores across the UK and 50 international branches. James Dorling, Matalan's Property Director, said: 'Matalan storefronts have been a fixture of UK communities for 40 years, so it is only right that bricks-and-mortar retail remains at the centre of our transformation programme. 'With ten exciting new store openings and extensive refurbishments across our estate, this investment marks a step-change in our strategy – creating a better, more seamless shopping experience for our loyal existing customers, while also introducing the Matalan brand to new consumers.' But in less good news, Matalan recently recalled three children's clothes products over fears tots could end up getting strangled. The retailer pulled its blue shark rash vest and shorts, its seersucker swimshorts in blue and boys tie dye swimshorts. If you've purchased one of these products, you should return it to your nearest Matalan for a full refund. You won't need your receipt to get your money back. These items were on sale from January 12, 2025 until March 17, 2025. In a recall notice published by Matalan, the retailer said: 'It has come to our attention that the above Boy's swim shorts do not meet our usual high standards for quality and safety, as there is high possibility of Entrapment and Strangulation with the draw cord. 'As customer safety is our highest priority, we are immediately recalling these swim shorts. If you've bought any of the swim shorts shown above, please do not use the product and return it at your earliest convenience to your nearest Matalan store where our staff will be happy to give you a full refund. 'You will not need to produce a receipt to claim a refund. If you have bought the above for someone else or know someone who has one then please let them know immediately about this notice.'
Yahoo
22 minutes ago
- Yahoo
John Lewis to slim down staff committee to accelerate decisions
John Lewis is preparing to radically slim down an influential staff committee in a bid to accelerate decision-making. The retail giant will cut the size of its partnership council by a quarter from this autumn, meaning the number of staff sitting on the committee will fall from 57 to 43. It forms part of an attempt to bolster turnaround efforts at John Lewis, as bosses scramble to improve productivity. The partnership council is John Lewis's most senior staff committee and forms a crucial pillar of its democratic structure. Staff elected to the council can steer how the partnership is run, including holding regular votes on strategy and having the ability to change its constitution. They are also consulted on issues such as staff bonuses and have a small portion of the total budget to invest in wellbeing benefits. In extreme circumstances, they also have the power to dismiss the chairman. John Lewis is understood to have told staff the planned shake-up has been driven by the fact that its current structure 'relies too heavily on hierarchy and escalation'. Under the planned staff rethink, the partnership will also bring back local forums, which will allow staff across its Waitrose supermarkets and department stores to put forward their views. The changes will come into force from October. It comes as John Lewis kicks ahead with a turnaround push to return the business to 'sustainable' profits, after years of losing ground to rivals. The partnership lost money for three years in a row before returning to profit in 2023. In its most recent accounts for the year to the end of January, profits before tax and exceptional items jumped from £42m to £126m, while sales rose by 3pc to £12.8bn. Jason Tarry, who replaced Dame Sharon White as chairman last year, said John Lewis needed to focus on 'considerable catch-up investment in our stores and supply chain'. John Lewis said it reviewed its democratic model every three years when the council term concluded. A spokesman said: 'This will see a stronger focus on local forums to raise local partner opinion alongside a tighter partnership council to support faster decision making. 'The updates have been made in close consultation with our partners – and the power of our council, and the vital role it plays in governing our business remains unchanged.' Recently, the partnership has been facing mounting pressure to restore its staff bonus, which it axed to focus on improving stores and boosting pay rates. Last year marked the third consecutive year that staff did not receive their partnership bonus, and only the fourth time since 1953. In recent weeks, a petition on the campaign website Organise gained more than 4,000 signatures from workers past and present demanding the bonus be reinstated. A spokesman for John Lewis said: 'Our partners understand that we're focused on improving their base pay and investing to create a sustainable business. 'Our bonus remains an important feature of our employee-owned model, and we confirmed in March that we're determined to reinstate it as quickly as possible. We're proud of our unique benefits package and we want to do even to recognise our brilliant partners.' Broaden your horizons with award-winning British journalism. Try The Telegraph free for 1 month with unlimited access to our award-winning website, exclusive app, money-saving offers and more. Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Evening Standard
23 minutes ago
- Evening Standard
Alphawave agrees £1.8bn takeover by America's Qualcomm
Outrage as boy, 8, turned away from treatment at London NHS clinic 'because he attends private school' Outrage as boy, 8, refused NHS treatment 'for going to private school'
