Evolving Email Threats: 5 Attacks to Watch For in 2024

A new year means a new set of challenges across the email threat landscape. While traditional attack vectors are continuing to trend upward, there are also a number of novel attack types emerging. Threat actors have learned to bypass traditional email security platforms despite the increase in security tool spending and in security awareness training efforts, and users still fall victim to well-crafted, socially-engineered emails.

So, what types of attacks should you expect to target your organization more frequently in 2024? We’ve gathered a few real-world email attacks sent to Abnormal customers in 2023, which showcase our predictions of how the threat landscape will evolve in the coming year. These attacks are growing in both frequency and sophistication, and we expect to see them take off in 2024.

We’ve outlined them below, but check out our new report for the full details—including real-world examples that illustrate each attack.

Credential phishing attacks are far from a novelty. In fact, they are the number one email attack by volume, responsible for 76% of all advanced attacks received by Abnormal customers. However, internal systems impersonations as a tactic for credential phishing are becoming increasingly popular among threat actors.

These attacks often impersonate IT systems, HR systems, or other internal technologies to trick employees into clicking on phishing links. The subsequent fraudulent phishing sites are often crafted to look identical to real sign-in pages, making it nearly impossible for employees to discern a malicious page from a real one.

Another attack type gaining momentum over the past year is payloadless malware, also known as fileless or non-malware. Unlike traditional malware attacks sent via email, payloadless attacks operate without the need for a malicious executable file—making them stealthier and harder to detect by traditional email security tools. In most of these attacks, the email itself contains no links or attachments but instead provides a fake payment receipt or upcoming payment request and tells the recipient to call the number provided to reverse or stop the transaction. When they do so, they are connected to a call center where they are given a downloadable file to cancel the transaction. That file, of course, contains the malware itself.

In 2023, Abnormal data found that 17% of phishing attacks bypassing native spam filters were utilizing QR codes. Unfortunately, we expect this trend to continue in 2024 —particularly with the widespread use of QR codes in everything from marketing campaigns to restaurant menus and beyond.

Detecting QR code phishing attacks can be challenging due to the limited text content and heavy reliance on images—which are not often parsed by traditional security tools. When paired with social engineering tactics, the lack of traditional indicators of compromise makes it difficult for legacy email security solutions to identify and enable them to lead victims to a phishing page.

Vendor email compromise attacks have also seen an increase in frequency over the past year. Abnormal data reports 48% of organizations received a VEC attack in the first half of 2023 alone—a substantial number given that these attacks require an initial compromise of a vendor attack.

These attacks are successful in part because they use real email accounts with previously established relationships to take advantage of expected financial transactions. For example, in order to get information or steal money from a large multinational corporation, they may simply compromise the account of the local janitorial service and use the control of that account to gain access to their larger target.

And finally, one of the most notable email threat trends over the past year has been the emergence of attacks generated by artificial intelligence (AI). Technology like ChatGPT has enabled cybercriminals to generate unique content rapidly—elevating the sophistication of social engineering attacks and email threats. To make matters worse, threat actors have started creating their own malicious forms of generative AI (like WormGPT and FraudGPT, among others) to deploy advanced attacks. We’ve already started to see cybercriminals take advantage of this technology, and advancements in artificial intelligence are expected to increase in 2024, making these attacks a growing security risk.

In the ever-evolving cyber threat landscape, the potential risks associated with email attacks in 2024 are diverse and formidable. The dynamic nature of these threats demands continuous improvement and the adoption of cutting-edge AI-powered technologies to stay one step ahead. Organizations must stay informed, remain vigilant, and implement proactive measures to safeguard their data and prevent increasingly sophisticated attacks from entering their environments in 2024 and beyond.

Abnormal’s behavioral AI solution stays one step ahead of these advanced attacks by leveraging machine learning to analyze the identity and contextualize the risk of every cloud email event. By understanding the identity of the people within an organization and baselining their normal behavior, the context of the communications, and the content of the email, Abnormal can detect and stop attacks that bypass legacy solutions. That’s how we’ve stopped these attacks in the past and why we’re prepared to stop the emerging attacks of the future—no matter what types of attacks come in 2024.

To discover more, including how Abnormal stopped each of these attack types, download the white paper: 5 Emerging Email Attacks to Watch For in 2024.