Phishing remains a top risk: New deception methods in email inboxes

Current threat analyses show that phishing continues to evolve - with targeted attacks, manipulative techniques and new formats.

Phishing: the perennial cyber threat

According to the latest _Sophos Threat Report 2025_, phishing continues to be one of the most effective methods of attack against companies, authorities and other organizations. Cyber criminals are increasingly using new tactics, such as manipulated SVG graphic files or deceptively real social engineering messages. The goal remains the same: stealing access data, infiltrating malware or tapping into internal information.

AI makes phishing more sophisticated - and more dangerous

According to Sophos, AI-supported phishing campaigns pose a growing risk. Attackers use large language models (LLMs) to generate deceptively genuine emails in perfect German or English - including correct grammar, contextual reference and emotional appeal. As a result, the typical recognition of phishing through linguistic errors is becoming increasingly obsolete. In combination with publicly accessible information from social networks, highly personalized attacks ("spear phishing") are being created that can deceive even experienced users.

Especially in the context of CEO fraud, supply chain attacks and password phishing, AI represents a new level of escalation that challenges technical protection systems and human attention in equal measure.

File-based phishing techniques require new protection strategies

A few months ago, Sophos also registered a noticeable increase in phishing campaigns in which SVG files (Scalable Vector Graphics) were used to bypass conventional email filters. The seemingly harmless graphics often contain hidden malicious code or embedded redirects and are not reliably detected by many gateways. Sophos has now specifically expanded its protection mechanisms: modern email security solutions now rely on heuristic analyses, in-depth code inspection and AI-supported behavioral evaluation to identify and block these technically sophisticated attack methods at an early stage.

Prevention through awareness: training as the first line of defense

Technical protective measures are essential - but they alone are not enough. Well-founded sensitization of the workforce is one of the most effective protective mechanisms against phishing today.

Sophos Phish Threat is a powerful awareness tool that enables realistic phishing simulations. Companies and organizations can thus sustainably strengthen the risk competence of their employees - measurably and audit-proof.

Understand phishing, recognize risks, avoid incidents

What happens during a phishing attack? What types of phishing are there and how does AI make them even more dangerous? What measures help against phishing? The comprehensive phishing guide for companies (https://firewalls24.de/blog/phishing-leitfaden-n61) provides answers to these questions. In addition, the phishing FAQ (https://firewalls24.de/blog/phishing-faq-n131) supplements typical practical questions from everyday working life - prepared in an understandable way for IT managers, management and anyone who wants to avoid phishing incidents.

Aphos Gesellschaft f?r IT-Sicherheit mbH
Mergenthalerallee 73-75
Eschborn 65760
Germany

https://firewalls24.de/

Herr Lennart Wyrwa
061965820160

marketing@aphos.de

Aphos Gesellschaft f?r IT-Sicherheit mbH is a specialized IT security provider with a focus on tailor-made cybersecurity solutions for companies, authorities and public institutions. As a technically fully accredited Sophos Platinum Partner, the company offers first-class consulting, comprehensive support and a broad portfolio of IT security solutions.

With Firewalls24.de, the store for IT security solutions from Sophos, Aphos GmbH enables fast and uncomplicated procurement of Sophos firewalls, switches, access points and Sophos Central licenses.

The combination of technical expertise, personal advice and great prices makes Aphos the ideal partner for companies of all sizes that rely on the highest security standards.

This release was published on openPR.