The State of Phishing in 2024

Phishing 2024

I wish we didn’t have to write this article every year (or multiple times a year), but phishing is not only not going away… it’s getting more sophisticated and pernicious every year. With that sad fact in mind, we’ve put together an updated list of industry themes and findings for 2024 to keep you (hopefully) one step ahead of the phishers this year and beyond.

Phishing is Still a Leading Cyber Threat

  • Phishing continues to be a predominant cybersecurity threat, responsible for 90% of data breaches worldwide. This method is especially effective due to its reliance on social engineering and human error​.
  • According to Proofpoint’s “State of the Phish 2024” report, phishing attempts have targeted over 700 brands globally, with a particular emphasis on technology and finance sectors​.
  • Verizon’s 2024 Data Breach Investigations Report (DBIR) notes that 68% of breaches involved human error, emphasizing the critical role of phishing in exploiting this vulnerability. In fact, users typically fall for phishing attempts quickly, often within seconds of receiving a malicious email.

Phishing More Sophisticated Every Year

The sophistication of phishing attacks has increased year over year, with attackers using advanced social engineering tactics to target individuals and organizations.

Pretexting

  • Verizon’s DBIR specifically mentioned the rise of pretexting, a sophisticated form of phishing where attackers impersonate trusted entities to extract sensitive information or convince victims to perform harmful actions. This approach accounts for 25% of financially motivated attacks.

Rise of Social Media-Based Phishing

AI and Machine Learning in Phishing Attacks

  • Attackers increasingly use AI and machine learning to craft more personalized and convincing phishing messages. This technology allows them to analyze vast data sets and tailor attacks to specific individuals or organizations​.
  • AI-driven attacks have made traditional detection methods less effective, necessitating advanced AI-based security solutions​.

Deepfake Technology in Phishing

  • Phishers are increasingly utilizing deepfake technology to create convincing fake audio and video, impersonating trusted individuals. This approach has led to significant financial losses and a general erosion of trust in digital communications.

Other Phishing Trends to Watch

Phishing as a Ransomware Delivery Method

  • Phishing has become a primary vector for deploying ransomware, with attackers using deceptive emails to trick individuals into downloading malicious content​.
  • Ransomware attacks originating from phishing have increased in sophistication, with significant financial and reputational consequences for affected organizations​.

Focus on Small Businesses

  • Small businesses, often with limited cybersecurity resources, have become prime targets for phishing attacks. This trend underscores the need for these businesses to prioritize cybersecurity training and infrastructure​.

Government-Backed Phishing Operations

  • The rise of state-sponsored phishing for espionage and cyber warfare marks a significant escalation in global cyber threats. These sophisticated campaigns target sensitive data and infrastructure, making your defense posture that much more .

So… yeah. There’s a lot to unpack there, obviously. Phishing is ubiquitous, pernicious and intensifying every year. It’s responsible for some of the most devastating attacks we learn about (and far more we don’t even hear about because the scale is smaller). It’s more important than ever to train your staff (and yourselves) to remain vigilant in the face of more cunning phishing attempts that are coming more and more often. Hopefully, this run down lets you know what to watch out for, what’s happening more generally, and where you may need to shore up your defenses (to that end, if you need help with that, drop us a line — we’d love to assist).