The Benefits of
Multi-Channel Phishing Attacks -
An Interview with our CEO Julius Muth

Q: Julius, cybercriminals are becoming more sophisticated, leveraging multiple communication channels in their attacks. Can you explain why multi-channel phishing is such an effective tactic?

Julius: Absolutely. Multi-channel phishing attacks exploit the fact that modern organizations rely on various communication tools - not only email but also SMS, phone calls, video conferencing, Teams, Whatsapp and more. Attackers take advantage of this by combining different channels to create highly convincing scams. For instance, an attacker might send a fraudulent email with a link to a faked website, follow up with a deepfake voice call, and even manipulate a video conference. This layered approach increases credibility and makes it harder for employees to detect deception.

Q: What are some real-world examples where multi-channel phishing attacks have been successful?

Julius: We’ve seen several high-profile cases recently. In 2024, ARUP lost $25 million due to a deepfake video call in which attackers impersonated the CFO. Another alarming case involved a helpdesk scam where attackers, posing as IT support, used a combination of phishing emails, phone calls, and fake chat support portals to trick employees into granting remote access to internal systems. By first sending an email alerting users of an "urgent IT issue," then following up with a phone call, and directing victims to a fraudulent web portal that mimicked the company’s real IT helpdesk, they successfully bypassed security measures and gained control over critical systems. These incidents show that cybercriminals are no longer relying on just email scams; they’re orchestrating complex, multi-faceted attacks that exploit human trust.

Q: How does Company Shield help organizations defend against such sophisticated threats?

Julius: At Company Shield, we recognize that traditional security awareness training isn’t enough. That’s why we’ve developed an AI-powered simulation platform that replicates real-world attacks across multiple channels. Our approach includes:

• AI-Powered Attack Simulations: We generate realistic phishing and social engineering scenarios in different combinations, using the same techniques hackers employ, including voice cloning and deepfake video.

• OSINT Risk Profiling: We analyze publicly available information about an organization and its employees to simulate how attackers might target them.

• Live Threat Intelligence: We continuously update our training scenarios based on the latest real-world cyber threats.

• Gamified Learning: Employees receive hyper-personalized training simulations tailored to their roles and risk levels, increasing engagement and retention.
  

Q: How effective is this type of training?

Julius: Incredibly effective. Our customers have seen a reduction in phishing click rates, an increase in attack reporting, and a boost in training completion rates. One of our clients even described our training as a "personal Spotify playlist of cyberattacks" (Dr. Peter Dornheim, Stihl AG) - each employee receives the most relevant simulations based on their unique risk profile and individual training performance.

Q: Looking ahead, how do you see multi-channel phishing threats evolving, and how should businesses prepare?

Julius: Attackers will continue to refine their methods, incorporating AI-generated content and automation to scale their scams. Businesses must move beyond outdated, generic security training and adopt dynamic, intelligence-driven simulations that evolve with the threat landscape. Organizations that fail to adapt risk falling victim to these increasingly sophisticated attacks. The best defense is a proactive one - constantly testing and strengthening the human firewall.

Q: Thank you, Julius. Any final advice for companies looking to bolster their cybersecurity defenses?

Julius: Yes - don’t wait until it’s too late. Cybersecurity isn’t just about technology; it’s about people. Train your employees using realistic, up-to-date simulations, and make security awareness an integral part of your company culture. If you’d like to see how Company Shield can help, request a personal attack simulation today!