Polymorphic Phishing Attacks: 5 Insights to Help Stop Them

One study pegs polymorphic attacks at over 40 percent1 of all campaigns.

What exactly makes a phishing attack polymorphic? In these campaigns, attackers make slight changes to the same email—to the subject line or sender name, for instance—as they probe security systems to see what might get through.

Polymorphic attacks normally begin with a targeted campaign, designed to grab user credentials. When the first few users take the bait, the attacker uses their credentials to target other users. Again, the dynamic change in the attack prevents automated controls—normally, secure email gateways (SEGs)—from screening out the messages.

Why are polymorphic attacks more successful? A campaign that lacks uniformity doesn’t look like a campaign and makes it difficult for security operators to keep rules up to date at the gateway. For many cybersecurity teams who lack bandwidth, finding the full scope of a polymorphic attack to quarantine is challenging and time consuming.

Even worse, polymorphic attacks are not only effective, they are very easy to launch thanks to automated and inexpensive kits sold on the black market.

Register for It’s Always a Phish. Combat the Latest Threats With the 2022 Annual State of Phishing Report and receive a copy of the New 2022 Report on March 30th. Listen in as Cofense CTO & Co-Founder, Aaron Higbee & Senior Strategic Security Advisor, Tonia Dudley share the best and worst of 2021 and what we learned about credential theft, business email compromise, ransomware, and more. Register now