Generative AI has empowered phishing and improved the quality of scam attempts in Finnish. But what are the most common phishing trends in Finland right now?
According to Slashnext, the use of generative AI has increased the volume of phishing attacks by 4,151% since ChatGPT was launched for general use. By now, phishing has become a fully global playground for organised crime, which small language areas like Finland can no longer escape.
”The phishing trends we see in Finland are the same as elsewhere in the world. AI makes it easy for criminals to create credible phishing attempts in fluent Finnish, even if they don’t know any Finnish at all. With AI, attackers can easily design scam attempts that target various countries at the same time,” describes Noora Ahmed-Moshe, VP of Strategy and Operations for the cybersecurity company Hoxhunt.
Hoxhunt’s annual report on phishing trends reveals that 65% of all phishing is targeted at organisations. In an organisation with 1,000 people, as many as 2,330 scam messages can bypass technical email filters and reach employees.
Trends in Phishing: CEO Fraud, QR Code Phishing, and Voice Phishing
“In addition to traditional credential phishing, the trending ways of phishing include CEO fraud, voice phishing (vishing) and QR code phishing (quishing). The volume of quishing, which combines the physical and digital worlds, has increased by 25% each year,” Ahmed-Moshe states.
With the help of AI, attackers have been able to produce more and more credible CEO fraud scams.
”Using AI, criminals can exploit CEOs’ LinkedIn posts to imitate their tone, and this way, create very credible contexts for scamming. They can then further boost the phishing attempts with deepfake technology and combine them with fake voice messages or calls,” Ahmed-Moshe illustrates.
Employees: Force to Improve Cybersecurity
But what are the best ways to protect your organisation against the raised threat of phishing? Afterall, criminals take advantage of human psychology by creating feelings of fear, hurry, and curiosity.
”Organisations can enhance their ability to resist phishing attempts by combining training, detection, and rapid response. Employees that are trained to recognize phishing attempts can report the threats that they observe, which then allows the organisation’s cybersecurity unit to react in time,” responds Ilari Karinen, Director of Strategic Initiatives for Elisa.
Karinen emphasizes the role of people in improving cybersecurity.
“Each employee’s role as an active cybersecurity censor and threat reporter is an essential part of defense capacity. When you learn to detect threats, you become paranoid in a positive way. You can then react to and report incidents instantly,” Karinen explains.
This approach can be seen in Elisa’s own operations. Elisa has used Hoxhunt’s security training services since 2018, which has led to impressive results.
How Hoxhunt’s Training Works and Changes Employee Behaviour
“At Hoxhunt, we analyze millions of real phishing messages and use them as the basis of AI-generated training messages, which are credible regarding each employee’s role. The employees then need to detect and report them. We have gamified continuous training, so that everyone can see their own points and success within the organisation”, Noora Ahmed-Moshe explains.
Hoxhunt’s gamified approach to training has led to proven results and changed employee behaviour.
“Employees that have participated in the training are 6 times more likely to recognize and report scam attempts, and they report actual threats 5 to 10 times more often. We have observed that our training reduces phishing incidents in organisations by 86%,” Ahmed-Moshe declares.
Reporting Real Threats Requires Ability to Respond Rapidly
As employees start to report real threats more and more often, the organisation must be able to react. In order to achieve this, Hoxhunt and Elisa collaborate closely to offer comprehensive cybersecurity solutions to their customers.
“Hoxhunt is a true Finnish success story. They have an effective approach to training employees, turning them into vigilant cybersecurity investigators who can identify and report security anomalies. To complement Hoxhunt’s training solutions, Elisa can offer 24/7 cybersecurity services, where professionals respond to reported incidents around the clock and investigate their impact on the organisation’s business,” Karinen describes.
”In collaboration with Elisa, we can offer world-class security services for our customers. We work together closely, learn from each other, and continuously strive to improve our services,” Ahmed-Moshe concludes.
Article in Finnish: Tietojenkalastelun trendit 2025 – miten uhkilta voi suojautua?
