The Evolution of Phishing Attacks and How to Combat Them

Phishing attacks have evolved significantly over the years, becoming more sophisticated and harder to detect. As cybercriminals continue to refine their tactics, organizations must stay vigilant and adapt their defenses to protect sensitive information. In this blog post, SafetyDetectives explore the evolution of phishing attacks and gather insights from leading experts in the field on how to combat these threats effectively.

Understanding the Evolution of Phishing Attacks

Phishing attacks have come a long way from the simple, poorly written emails of the past. Today, attackers use advanced techniques, including AI-generated messages, deepfake impersonations, and Phishing-as-a-Service (PhaaS) platforms, to craft convincing scams. These sophisticated methods make it increasingly challenging for individuals and organizations to identify and thwart phishing attempts.

Expert Insights on Combating Phishing Attacks

To gain a deeper understanding of how to combat these evolving threats, Safety Detectives reached out to several experts in the field. Read more insights from experts like Terminal B’s Operations Director, Alan Stephenson:

Alan Stephenson, Operations Director, Terminal B

Alan Stephenson, with a background in network administration and IT management, leads Terminal B’s operations with a focus on blending technology and user education to enhance email security. His experience in managing IT for diverse clients informs his comprehensive approach to combating phishing.

With phishing attacks becoming increasingly sophisticated, how can organizations stay ahead of these evolving threats? Are there any key strategies or innovations that you recommend for enhancing email security in this dynamic threat landscape?

“Terminal B’s Proactive Email Security Playbook
At Terminal B, we believe that effective email security means blending cutting-edge technology with empowered, educated users. Our approach is designed to not only protect your inbox but also to build a culture of vigilance.

Advanced Email Filtering
We deploy machine learning-driven filters that analyze language patterns, attachments, and URLs to identify phishing attempts before they ever reach your team. This real-time scanning minimizes risk and keeps threats at bay.

User Education & Awareness
An informed team is your best defense. We conduct regular phishing simulations and in-depth training sessions that go beyond “don’t click on suspicious links.” Our goal is to ensure that every employee is equipped to recognize and neutralize threats as they occur.

Multi-Factor Authentication (MFA)
Layering your security is essential. Terminal B recommends adaptive MFA that considers user behavior, device data, and location. By implementing GEO fencing, you restrict access to trusted regions, thereby reducing the risk of unauthorized sign-ins even if credentials are compromised.

Email Authentication Protocols
We enforce robust email authentication by implementing DMARC, SPF, and DKIM. These protocols verify the legitimacy of incoming emails and thwart domain spoofing. Continuous monitoring and regular updates keep these defenses aligned with evolving phishing techniques.

Behavioral Analytics & Incident Response
Real-time analytics help us spot deviations from normal user behavior—like unusual file access or large data transfers—triggering automated responses such as quarantining suspicious emails. Our comprehensive incident response plan, regularly tested and refined, ensures rapid recovery with minimal disruption.

At Terminal B, our integrated, layered approach to email security empowers your organization to stay ahead of emerging threats and maintain a secure digital environment.”

---

Roger Grimes, Data-Driven Defense Evangelist for KnowBe4

With over 35 years in computer security, KnowBe4’s Roger Grimes is a seasoned expert known for his data-driven approach to defense and his contrarian, fact-filled viewpoints. As an author of 14 books and a consultant to major companies and militaries, he brings a wealth of knowledge to the fight against phishing.

What technologies are available to help detect and prevent phishing attacks?

“With any defense, you try to put together the best defense-in-depth combination of education and technical tools. In the case of social engineering, technical tools try to prevent social engineering and phishing from getting to the end user. Technical defenses include anti-spam filters, anti-phishing filters, content filters, anti malware detectors, and file attachment blocking.

But since social engineering is involved in 70% – 90% of successful attacks, we know that technical defenses alone don’t work. Education then becomes key. You want to educate users to be able to recognize the signs of social engineering and teach them how to mitigate it (usually ignore or delete) and how to appropriately report it if recommended or required. The single best recommendation I could give to educate users is to evaluate every new message, no matter how it is sent (e.g., email, web, social media, SMS, WhatsApp, telephone call, in-person, etc.), for these two traits. If the message is unexpected (i.e., you were not expecting it) and it’s asking you to do something new that you’ve never done before…at least for that requestor, research it further using tools outside the message (i.e., don’t use the links or phone numbers listed in the message) before performing the requested action. If users could be taught to look out for these two traits, they could defeat a lot of social engineering.”

---

Dr. Kiri Addison, Senior Manager of Product Management, Mimecast

Dr. Kiri Addison leads Mimecast’s efforts in adapting security products to counter new threats, drawing on her experience in data science and threat intelligence. Her work focuses on leveraging AI and machine learning to enhance email security against sophisticated phishing attacks.

With phishing attacks becoming increasingly sophisticated, how can organizations stay ahead of these evolving threats? What key strategies or innovations do you recommend for enhancing email security in this dynamic threat landscape?

“As phishing attacks grow more sophisticated, organizations must adopt a multi-layered approach to email security. AI-generated phishing emails now mimic trusted communications, with attackers using advanced language models to craft highly convincing messages. Tactics like device code phishing and deepfake impersonations are also on the rise, making it even harder to detect scams and phishing attempts.

To stay ahead of these evolving threats, organizations should implement AI-driven threat detection, behavioral analysis and real-time threat intelligence to identify and neutralize attacks before they reach users. Leveraging email authentication protocols such as Domain-based Message Authentication, Reporting, and Conformance (DMARC), Sender Policy Framework (SPF), and DomainKeys Identified Mail (DKIM) helps prevent domain spoofing, while end-to-end encryption and zero trust frameworks provide additional layers of security.

Beyond technology, cultivating a strong security culture is crucial. Attackers often exploit human vulnerabilities, so ongoing employee training is essential. This should include education on AI-generated phishing, deepfake fraud and other advanced email phishing tactics.

As the threat landscape evolves, organizations must embrace a proactive security posture. This includes combining advanced technology, continuous education and intelligence sharing to outpace cybercriminals.”

---

Olesia Klevchuk, Director, Product Marketing at Barracuda

Olesia Klevchuk specializes in email protection at Barracuda Networks, focusing on defending against advanced threats like spear phishing and account takeover. Her expertise in email security and brand protection guides Barracuda’s strategies against emerging phishing tactics.

With the anticipated rise of Phishing-as-a-Service (PhaaS) and the increasing sophistication of phishing techniques, such as the use of ASCII-based QR codes and AI-generated personalized attacks, how is Barracuda adapting its security solutions to effectively detect and mitigate these emerging threats? Additionally, what strategies do you recommend for organizations to stay ahead of these evolving phishing tactics in 2025?

“The use of PhaaS means the growing volume of sophisticated threats. It removes the barrier to entry for less technically savvy cybercriminals to launch attacks. The use of Gen AI increased the volume of the attacks but has not necessarily created any new types of threats. The use of novel techniques like ASCII-based QR codes helps cybercriminals avoid detection by OCR engines. Organizations need to be more vigilant than ever; advanced intelligent security tools are no longer a luxury but a must-have. Barracuda leverages an AI engine that looks at multiple indicators to detect phishing attacks, including the use of NLP, behavioral analysis, and social graph analysis to identify anomalies.

Given the increasing abuse of legitimate URL protection services and the shift towards hosting phishing content on content creation and digital publishing platforms, how does Barracuda’s threat detection technology address these challenges? What role does machine learning play in identifying and neutralizing such sophisticated phishing attempts?

We utilize LinkProtect to wrap links and track URLs to identify intent. New sandboxing capabilities block malicious links by detecting server-side redirection and analyzing content for suspicious indicators. The Content Inspector within LinkProtect mimics user interactions, capturing screenshots and content for analysis. Additionally, it detects file downloads and inspects URLs for embedded email addresses and external scripts for categorization. Organizations should also invest in security awareness training that includes real-world phishing simulations and just-in-time user training, ensuring ongoing education to mitigate human risk.”

---

David Richardson, VP of Endpoint and Threat Intelligence, Lookout

David Richardson, with over a decade of experience in mobile security, leads Lookout’s efforts in securing mobile devices against phishing threats. His work focuses on leveraging AI-driven detections to protect against the modern kill chain in mobile-to-cloud pathways.

Given the increasing sophistication of mobile-focused phishing attacks, how does Lookout’s Phishing and Content Protection (PCP) leverage AI-driven detections to identify and block zero-day phishing threats across various mobile applications? Additionally, how does the integration with SIEM, SOAR, and XDR enhance the overall security posture of organizations in combating these threats?

“Mobile devices have become the gateway for threat actors to infiltrate the corporate cloud, often through phishing attacks to steal credentials and made more sophisticated with AI-driven techniques. We call this mobile-to-cloud pathway the modern kill chain.

To protect against the modern kill chain, Lookout Phishing & Content Protection (PCP) uses AI-driven detections to identify and block zero-day phishing attacks across any app or channel, such as email, SMS, browsers and messaging apps. All outbound connections made by a mobile device or app are scanned. Additionally, Lookout proactively scans messages from unknown senders to block phishing and executive impersonation attempts, such as somebody impersonating your CEO with an urgent request. Lookout uses AI and computer vision analysis of sites and messages to automatically block malicious content.

Organizations can spot targeted attacks against their organization, such as a number of devices receiving a similar set of SMS messages all at the same time or a cluster of users attempting to visit the same phishing site designed to steal corporate credentials. This information flows via our Mobile Intelligence APIs into a customer’s SIEM, SOAR or XDR solution in real time. In turn, this helps improve security posture and protect sensitive corporate data.”

Conclusion

As phishing attacks continue to evolve, organizations must adopt a proactive and multi-layered approach to security. By leveraging advanced technologies, fostering a strong security culture, and staying informed about emerging threats, organizations can effectively combat phishing attacks and protect their sensitive information. The insights shared by our experts provide valuable guidance for enhancing email security and staying ahead of cybercriminals in this dynamic threat landscape.

Take Your Business Further with Terminal B

Operational maturity isn’t just a goal — it’s a necessity for businesses striving to stay competitive. Terminal B helps you achieve it with strategic IT support, advanced cybersecurity, and tailored solutions that evolve as your business grows. By streamlining processes, mitigating risks, and enhancing system reliability, Terminal B empowers you to reach new levels of efficiency and resilience.

Don’t wait for disruptions to force change — take control of your operational maturity today.