- Phishing attacks are becoming more complex and harder to detect
- Attackers are using new techniques such as QR codes and deepfakes
- Some businesses are receiving 36 phishing emails per day
Phishing attacks are consistently on the rise and becoming more sophisticated, as cybercriminals no longer rely solely on basic email schemes, instead incorporating new tactics such as QR code phishing (quishing), AI-powered attacks, and multi-channel phishing to enhance their effectiveness.
A new Egress report has revealed phishing attacks spiked in the second quarter of 2024, with a 28% rise in the number of phishing emails compared to the first quarter.
Phishing attacks are also becoming more sophisticated. Cybercriminals now use a variety of new tactics to bypass secure email gateways (SEGs) and native defenses like Microsoft 365โs security features. In Q2 2024 alone, there was a 52.2% increase in phishing attacks that successfully bypassed SEG detection.
Commodity attacks – a mass-produced threat
One type of phishing that has seen a notable increase in 2024 is commodity attacks. These are mass-produced, malicious campaigns that impersonate well-known brands on a large scale to trick users into clicking on fake promotions, images, or hyperlinks.
The report reveals that during these attacks, organizations experience a staggering 2,700% increase in phishing attempts, with organizations over the 2,000 employee mark would have to deal with over 1,128 phishing emails over 31 days, which is about 36 phishing emails per day. The sheer volume of these attacks can overwhelm many companies’ security systems, making it increasingly difficult to prevent every malicious email from reaching an employee’s inbox.
One of the methods used to bypass SEG is HTML smuggling, where attackers hide malicious scripts inside HTML attachments. Once opened by the user, the script assembles itself on the victimโs device, bypassing traditional signature-based detection. Another tactic involves embedding phishing links within seemingly legitimate documents or exploiting vulnerabilities in trusted websites to host malware.
Businesses must now implement advanced security measures and foster a culture of awareness to better protect themselves against the growing threat of phishing.
Phishing attacks are increasingly using AI-powered tools to scale their operations. AI allows cybercriminals to automate and personalize phishing campaigns, making them more convincing and harder to detect. Deepfakes and AI-generated chatbots are now major tools of choice for cybercriminals.
These technologies allow attackers to impersonate trusted individuals or organizations, further increasing the likelihood of success. This year, there has been a significant rise in “payloadless” attacks which rely solely on social engineering rather than traditional malicious attachments or links, accounting for nearly 19% of phishing attempts in 2024, up from 5.4% in 2021.
Cybercriminals are also using multi-channel phishing tactics, allowing hackers to target victims across multiple platforms such as email, SMS, and even collaboration platforms like Microsoft Teams. This multi-channel approach has become more common in 2024, exploiting the relative lack of security on non-email platforms.