Quote of the week:
“We have an advanced, persistent, and continuing phishing attack where government employees are receiving emails about government retirement programs. The emails have no links, and the language is natural language. The senders and the sender domains vary. The only catch is that the phone number to call within the emails is a phone number to the bad actors. Can you help with that?” - U.S. federal agency chief information officer
Social engineering continues to increase in sophistication and simplicity. In a world of LLMs, links and misspellings are no longer easy cues for users to detect phishing emails. During one of our customer meetings this week, a team of U.S. federal agency CIOs and CDOs met with a series of our companies. One CIO asked the above question. Although the phone number issue is at least partially addressable, we found it notable that the phishing attack was so natural and that the chief level officer team was keenly aware of it.
This highlights a critical evolution in the threat landscape for C-level security professionals, particularly in large organizations and government agencies. Social engineering attacks, such as phishing, are becoming increasingly sophisticated and subtle, leveraging advanced tools and techniques to exploit human trust rather than relying on obvious technical flaws.
Keep up on trends from c-level leaders by subscribing to the Wing Daily Briefing, a daily email digest with the day's most critical news and select insights from Wing's internal customer conversations.
A shift in phishing attacks
Traditional phishing attacks often relied on obvious red flags—such as suspicious links, poor grammar, or misspellings—that users could be trained to detect. However, attackers are now adopting more nuanced approaches. By removing links and crafting highly credible, natural-sounding content, they eliminate many of the traditional cues that organizations rely on to train employees to identify malicious emails. The use of a phone number as the attack vector is particularly insidious because it preys on trust and human interaction rather than technical vulnerabilities.
For C-level security professionals, this shift means that traditional training programs and detection mechanisms are often no longer sufficient. Organizations must adapt their strategies to address these more subtle forms of social engineering.
The role of LLMs
LLMs can generate text that mimics natural language with remarkable accuracy, making it nearly indistinguishable from legitimate content. This capability allows attackers to scale their operations while maintaining credibility.
For security leaders, this raises the stakes in terms of both detection and prevention. It emphasizes the need for advanced threat intelligence solutions that can analyze behavioral patterns or contextual anomalies rather than relying solely on content-based filters.
Humanity and trust exploitation
The attack described in the quote relies on exploiting human trust—a fundamental vulnerability that is difficult to mitigate with technology alone. By including a phone number instead of a link, attackers encourage direct interaction with their targets, bypassing many automated email security systems. This tactic also leverages the perception that phone calls are more secure than digital interactions.
Even seasoned professionals are grappling with these challenges; now more than ever, it’s critical that CIOs, CISOs (Chief Information Security Officers), and CDOs (Chief Data Officers) collaborate on security solutions.
Lessons for security strategy
Cyber threats are evolving faster than ever, and organizations need to be both vigilant and similarly adaptive to the changing landscape. For large organizations and government agencies with significant attack surfaces, staying ahead requires:
- A commitment to ongoing education at all levels of the organization.
- Investments in cutting-edge technologies like AI and machine learning for threat detection.
- Collaboration with industry peers and government agencies to share intelligence on emerging threats.
Keep up on trends from c-level leaders by subscribing to the Wing Daily Briefing, a daily email digest with the day's most critical news and select insights from Wing's internal customer conversations.
