In recent years, cyberattacks targeting companies have continued to increase, and among them, “phishing emails” have become especially sophisticated and advanced. In the past, many could be identified by broken language or poor design, but today’s phishing emails feature correct language, precise brand imitation, and convincing layouts—so polished that they are nearly indistinguishable from genuine emails.
In this column, we introduce recent examples of advanced phishing emails and explain how the threat structure cannot be fully prevented by conventional “user education” alone. We also discuss the importance of technical signals that IT departments should focus on, such as “email routing.”