Phishing attacks will increase in 2024 as cybercriminals adopt AI tools and multi-channel tactics
- Phishing attacks are becoming increasingly complex and difficult to detect
- Attackers use new techniques such as QR codes and deepfakes
- Some companies receive 36 phishing emails per day
Phishing attacks are steadily increasing and becoming more sophisticated as cybercriminals no longer rely solely on simple email programs, but instead integrate new tactics such as QR code phishing (quishing), AI-powered attacks and multi-channel phishing to increase their effectiveness. .
A new Egress report shows that phishing attacks spiked in the second quarter of 2024, with a 28% increase in phishing emails compared to the first quarter.
Phishing attacks are also becoming more sophisticated. Cybercriminals are now using a variety of new tactics to bypass secure email gateways (SEGs) and proprietary defenses such as Microsoft 365 security features. In the second quarter of 2024 alone, there was a 52.2% increase in phishing attacks that successfully bypassed SEG detection.
Commodity attacks – a mass production threat
One form of phishing that has seen a notable increase in 2024 is commodity attacks. These are mass-produced, malicious campaigns that widely mimic well-known brands to trick users into clicking on fake promotions, images, or hyperlinks.
The report shows that organizations experience a staggering 2,700% increase in phishing attempts during these attacks, with organizations above 2,000 employees experiencing more than 1,128 phishing emails over 31 days, equating to approximately 36 phishing emails emails per day. The sheer volume of these attacks can overwhelm many companies’ security systems, making it increasingly difficult to prevent every malicious email from reaching an employee’s inbox.
One of the methods used to bypass SEG is HTML trafficking, where attackers hide malicious scripts in HTML attachments. Once opened by the user, the script assembles itself on the victim’s device, bypassing traditional signature-based detection. Another tactic involves embedding phishing links in apparently legitimate documents or exploiting vulnerabilities in trusted websites to host malware.
Businesses must now implement advanced security measures and foster a culture of awareness to better protect themselves against the growing threat of phishing.
Phishing attacks are increasingly using AI-powered tools to scale their operations. AI allows cybercriminals to automate and personalize phishing campaigns, making them more convincing and harder to detect. Deepfakes and AI-generated chatbots are now the main tools of choice for cybercriminals.
These technologies allow attackers to impersonate trusted individuals or organizations, further increasing the likelihood of success. This year has seen a significant increase in ‘payloadless’ attacks that rely solely on social engineering rather than traditional malicious attachments or links, accounting for almost 19% of phishing attempts in 2024, up from 5.4% in 2021 .
Cybercriminals also use multi-channel phishing tactics, allowing hackers to target their victims across multiple platforms, such as email, SMS, and even collaboration platforms like Microsoft Teams. This multi-channel approach has become increasingly common in 2024, taking advantage of the relative lack of security on non-email platforms.