1、THE PHISHING&IMPERSONATIONMarch 2025Protection HandbookPhishing&Impersonation Protection 2 34712141719202225Introductory CommentsWhy do threat actors undertake phishing attacks?Impersonation Attack#1:Phishing SitesImpersonation Attack#2:Fraudulent Social Media ProfilesImpersonation Attack#3:Maliciou

2、s Applications&Browser ExtensionsImpersonation Attack#4:Executive ImpersonationPhishing StatisticsPHaaSPhishing Attack Risk Mitigation StrategiesContact UsTABLE OF CONTENTSINTRODUCTORY COMMENTSYou might think that businesses would be pretty good at protecting against phishing attacks by now.After al

3、l,this type of cyber risk has been around for decades,and phishing is not a particularly sophisticated type of attack in a technical sense.It doesnt require threat actors to hack complex systems or write their own software.They mostly just need to master social engineering techniques,such as executi

4、ve impersonation.Yet,despite this,phishing attacks remain as prevalent as ever and are actually getting worse.The frequency of phishing incidents surged by 1,265 percent in 2023,due especiallyto the advent of generative AI technology which can“facilitate phishing and social engineering,which enables

5、 better intrusion,increased credibility and more damaging attacks,”as Gartner notes.In a sense,its understandable why companies continue to exhibit such a poor track record of defending against phishing attacks.Humans are a social species,and most of us are naturally inclined to want to trust others

6、.We want to respond and engage with people and brands when they ask for help.By exploiting that tendency via social engineering,threat actors can trick well-meaning people into becoming the weakest link in cyber defenses.Indeed,even after completing anti-phishing training,the percentage of targets w