Top 10 Phishing Attack Trends in 2024
In just the first quarter of this year, close to 964,000 phishing attacks were reported, with a noticeable rise in voice phishing, or “vishing.” Social media platforms, however, were hit hardest, accounting for more than one-third of all phishing attempts. This article explores the most prominent phishing trends of 2024, highlighting the tactics attackers use and providing insights on how to protect yourself and your organization from these evolving threats.
Phishing websites remain a significant tool for cybercriminals in 2024, often serving as gateways for more advanced attacks. During the first quarter of this year, APWG recorded 963,994 unique phishing websites. Although this figure decreased to 877,536 in the second quarter, the persistence of phishing remains evident.
In fact, despite this reduction, global phishing attacks have seen a slight year-over-year increase, rising by 50,000 to almost 1.9 million between May 2023 and April 2024, according to Interisle Consulting.
Moreover, the decline in phishing websites may suggest a shift toward more sophisticated, targeted methods. Some phishing sites even deploy stealer malware to capture sensitive user data, which is later shared on the Dark Web for other malicious actors to exploit.
Phishing websites frequently mimic legitimate brands, complicating detection. The challenge becomes even more significant as URL-based fraud rose by 10% in Q2 compared to Q1 2024. Despite the apparent drop in phishing website numbers, the threat they pose remains high.
SOCRadar LABS offers free tools like Phishing Radar, powered by AI, that quickly scan and detect phishing domains, helping organizations respond rapidly to potential threats.
Which Sectors and Countries Are Targeted Most by Phishing Attacks in 2024?
Phishing attackers are continually refining their strategies to focus on specific sectors and regions. According to APWG’s Q1 and Q2 reports, social media platforms remained the primary target, accounting for 37.6% of phishing attacks in Q1 and 32.9% in Q2.
Other frequently targeted sectors include Software-as-a-Service (SaaS) and webmail services, making up 21% of attacks in Q1 and increasing to 25.6% in Q2. Financial institutions and payment services were also hit hard, representing more than 17% of phishing attacks in the first half of 2024.
Globally, the United States leads in phishing attack targets, followed by countries like the UK, Brazil, Turkey, and Russia. SOCRadar’s Phishing Radar provides a detailed analysis of these regional phishing threats, offering organizations critical insights into the most vulnerable areas.
For more detailed insights, access SOCRadar LABS’ free Industry and Country Threat Landscape Reports, which deliver instant updates on phishing trends across different sectors and regions.
What’s the Trend in Phishing Email Campaigns in 2024?
The number of phishing email campaigns has fluctuated dramatically throughout the first half of 2024. In January alone, 50,837 unique phishing email campaigns were detected. However, this number dropped significantly to 24,086 in February before rebounding to 41,550 in March. By May, the number reached its peak at 33,874 campaigns.
Phishers are employing more sophisticated techniques, continuously altering the content and subject lines of their emails to evade detection. The volatility in the number of campaigns indicates how adaptable these criminals are, constantly changing tactics to stay ahead of defense mechanisms.
Organizations need to adopt advanced phishing detection tools to effectively combat the growing frequency and complexity of these campaigns. To stay informed on the latest phishing trends, explore the SOCRadar Campaigns page, which provides detailed insights into phishing and other cyberattack schemes.
Which Companies Were Most Impersonated in Phishing Attacks in 2024?
In 2024, impersonating trusted brands remains a common phishing tactic. Attackers exploit the familiarity and trust these brands have earned to lure unsuspecting users into falling for scams.
Data from Statista shows that the number of companies affected by phishing attacks decreased in March 2024 after a peak period. This drop may indicate that companies are implementing stronger security measures, though the threat is far from over.
A report from Zscaler revealed that Microsoft was the most impersonated brand, making up 43.1% of phishing attempts. OneDrive followed with 11.6%, and other brands like Okta, Adobe, and SharePoint rounded out the top five.
Attackers leverage the trust placed in these brands to deceive users into providing sensitive information, making it essential for companies to monitor for brand impersonation.
Why Are Business Email Compromise (BEC) Attacks a Persistent Threat?
Business Email Compromise (BEC) attacks remain a significant threat within the phishing landscape. These attacks exploit trust within organizations, often involving cybercriminals impersonating senior executives to request fraudulent wire transfers or gift card purchases.
In Q1 2024, the average amount requested in BEC wire transfer attacks was $84,059, increasing to $89,520 by Q2. While the number of attacks slightly decreased, their financial impact has grown.
To help businesses combat these sophisticated schemes, SOCRadar’s Brand Protection module offers comprehensive monitoring tools to identify and respond to potential impersonation threats, from spoofed domains to fake social media accounts.
Published initially on SOCRadar, September 11, 2024
https://socradar.io/top-10-trends-in-phishing-attacks-2024/