4 Key Trends from the Cloudflare 2023 Phishing Threats Report


In 2023, email remains one of the most popular channels for business communications. Unfortunately, cybercriminals and cyberterrorists are aware of this fact, which is why they continue to exploit email applications. In fact, according to the Cloudflare 2023 Phishing Threats Report, email is the most exploited business application and also the primary attack vector for cybersecurity incidents and data breaches.

This report explained why this is so by identifying key phishing trends. In this blog we will highlight these trends and provide some recommendations that can help organizations keep phishing threats and attackers at bay. 

Trend #1: Cyberattackers Use Deceptive Links as the Top Phishing Tactic

The Cloudflare report found that a majority of cyber actors leveraged deceptive links as a phishing tactic in 2023, which explains why these links comprised 35.6% of threats.

Deceptive links masquerade as legitimate links and are included in the body of phishing messages. Their goal is to fool the victim into assuming that the email is from a trusted entity and get them to take some action that will benefit the attacker, such as sharing sensitive information. 

Deceptive links are a popular and effective phishing tactic because it allows attackers to take advantage of a common human weakness: the desire to interact with a link from a known and/or trusted entity. In addition, adversaries often encode or “obfuscate” the malicious links so they can evade security filters and phishing scanners and successfully reach a user’s inbox.

At this point, the user is likely to click on the link. Once they do, they will be redirected to an attacker-controlled malicious website, application, or database for nefarious purposes like credential harvesting, malware installation, or network compromise. 

Trend #2: Identity Deception Phishing Threats are Increasing

Per the Cloudflare report, identity deception threats increased from 10.3% to 14.2% YoY (May 2022 to May 2023) of the total number of threat indicators tracked. These tactics were the third-most popular attack vector in phishing attacks. 

Phishing attacks are almost always about deceiving a target about the sender’s identity and then garnering their trust using this fake identity. Often, attackers claim to be someone else by registering domains that look like legitimate domains and send emails from this fake domain. This tactic is known as domain impersonation or spoofing. 

Other common identity deception tricks used by malicious adversaries include: 

  • Sending emails using domain fronting: A method that mirrors legitimate traffic to hide the attacker’s identity. 
  • Leveraging display name spoofing: A method in which the email’s display name is changed to appear as if it comes from a trusted domain and sender. 
  • Brand impersonation: A tactic in which attackers pose as legitimate, well-known brands to get sensitive information from victims. 
  • Business email compromise (BEC): A phishing tactic aimed at deceiving targets into parting with money or sensitive information. Per the Cloudflare report, global losses from BEC attacks total over $50 billion from October 2013 to December 2022. 

Since identity deception can take on many different forms, organizations often struggle to keep up with these attacks. Also, attackers often impersonate known or well-known senders so victims tend to trust the messages and fall for their tricks. 

Trend #3: Email Authentication Cannot Stop a Majority of Phishing Threats

SPF, DKIM, and DMARC are three common email authentication methods aimed at minimizing email security risks and preventing phishing attacks. However, the Cloudflare report found that these methods cannot stop a majority (89%) of phishing threats like brand impersonation, look-alike emails, domain spoofing, and display name spoofing. 

Additionally, DKIM cannot protect organizations against replay attacks. In these attacks, malicious actors eavesdrop on secure network communications, and intercept and record an email that was signed using DKIM. They then send the recorded email (“replay”) to a target.

The target is often fooled into thinking that the message is trustworthy and therefore do what the attacker wants. Often, this involves sending a large sum of money to the attacker’s bank account. 

Trend #4: A Majority of Security Decision-Makers are Concerned About Multi-Channel Phishing Threats

The Cloudflare report found that 89% of security decision-makers around the world are concerned about multi-channel phishing attacks. In these attacks, adversaries leverage multiple methods such as email-based phishing, social engineering, vishing, and smishing in a single campaign. They often take advantage of productivity and communication tools to author and launch such attacks since these tools are often less protected. 

Multi-channel attacks are particularly dangerous because they can bypass many phishing detection tools and also because they often start with a benign link. In either case, they increase the risk of data compromise and exfiltration. 

Strategies to Minimize Phishing Risks

The statistics highlighted in the Cloudflare report paint a grim picture. Fortunately, organizations can mitigate their phishing risks by strengthening their cyber defenses. These three strategies are particularly useful:

1. Adopt a zero-trust approach to secure email

Zero-trust security means not trusting any device or user by default. If anything, it means the opposite – trust no one and verify everyone (and everything). Extending the model to email makes it harder for attackers to exploit user’s trust in order to author phishing attacks.

By implementing a zero-trust-based cloud email security solution, organizations can reliably stop phishing threats before they have a chance to materialize in a user’s inbox.

2. Implement multi-layered anti-phishing threat security

A multi-layered defense infrastructure is the best way to stop phishing attacks. This infrastructure should include tools that can: 

  • Analyze various parts of email messages and determine whether they contain phishing threats
  • Prevent domain fraud and minimize damage following a successful phishing attempt
  • Identify phishing attacks through multiple channels
  • Track phishing attack chains 
  • Automatically respond with appropriate countermeasures 
  • Block, flag, or add banners to potentially suspicious emails to minimize the probability of users opening the message or clicking on its links 

A platform like Bolster.ai is an ideal addition to a multi-layered anti-phishing ecosystem. Powered by deep learning, Bolster provides comprehensive protection from phishing, brand infringement, and typosquat attacks.

With AI-based detection, automated domain monitoring, and automated remediation, Boster acts as a powerful bulwark against phishing and helps to protect brands and their integrity.

3. Adopt phishing-resistant multi-factor authentication (MFA)

Phishing-resistant MFA methods like FIDO2 authenticators provide a very effective way to protect organizations from phishing attacks. These authenticators require users to prove their identity and confirm their authentication intent via a deliberate action.

Thus, even if an attacker gains access to a user’s credentials, they won’t be able to access the account since it is protected by phishing-resistant MFA. 

Conclusion – Protecting Your Business From Phishing Threats

The findings from the Cloudflare report show that all kinds of organizations are vulnerable to phishing attacks. However, tools are available that can safeguard companies and protect their systems, people, and data. One such powerful tool is Bolster.ai. 

Through the power of AI and deep learning, Bolster automatically detects, prevents, and remediates phishing attacks. It also continuously monitors the open web, social media sites, app stores, and even the dark web to identify and mitigate many other types of threats like data leaks, compromised domains, and ATOs.

This single platform provides complete visibility from detection to takedown and ensures reliable brand protection in an expanding threat landscape. 

Know more about Bolster’s industry-leading anti-phishing capabilities with a free demo. Click here to get started.