This article includes excerpts from various reports that offer statistics and insights into the current phishing landscape.
AI-driven phishing attacks deceive even the most aware users
Zscaler | Zscaler ThreatLabz 2024 Phishing Report | May 2024
- In 2023, the United States (55.9%), United Kingdom (5.6%) and India (3.9%) emerged as the top countries targeted by phishing scams.
- The finance and insurance sector experienced the highest number of overall phishing attempts, amounting to a 393% increase of attacks from the previous year.
AI set to play key role in future phishing attacks
Egress | 2024 Phishing Threat Trends Report | April 2024
- Millennials are the top targets for phishing attacks, receiving 37.5% of phishing emails.
- Unsurprisingly, the most targeted job role is the CEO and 13.4% of phishing attacks impersonated someone the victim knew such as CEOs and senior leadership.
Image-based phishing tactics evolve
IRONSCALES and Osterman Research | Fortifying the Organization Against Image-Based and QR Code Attacks | March 2024
- While 70% of organizations feel their current security stacks are effective against image-based and QR code phishing attacks, 76% were still compromised in the last 12 months.
- 93% of IT and security professionals are aware of image-based phishing attacks targeting their organizations, and 79% say the same about QR code attacks.
95% believe LLMs making phishing detection more challenging
LastPass | Combatting Social Engineering in 2024 | March 2024
- More than 95% of respondents believe dynamic content through Large Language Models (LLMs) makes detecting phishing attempts more challenging.
- While 88% of respondents feel confident in their phishing testing programs, only 16% of users identify 75-100% of suspicious activity within these phishing testing programs.
Vishing, smishing, and phishing attacks skyrocket 1,265% post-ChatGPT
Enea | Mobile network security: Bridging the gap between enterprise needs and CSP capabilities | February 2024
- Since the launch of ChatGPT in November 2022, vishing, smishing, and phishing attacks have increased by a staggering 1,265%.
Understanding employees’ motivations behind risky actions
Proofpoint | 2024 State of the Phish | February 2024
- And while the incidence of successful phishing attacks has slightly declined (71% of surveyed organizations experienced at least one successful attack in 2023 versus 84% the previous year), the negative consequences have soared: a 144% increase in reports of financial penalties, such as regulatory fines, and a 50% increase in reports of reputational damage.
Secure email gateways struggle to keep pace with sophisticated phishing campaigns
Cofense | 2024 Annual State of Email Security Report | February 2024
- Email remains the primary attack vector for cybercrime, with 90% of data breaches originating from phishing attacks aimed at employees.
- Credential phishing, the preferred method of threat actors, also saw a staggering 67% increase in volume compared to the previous year.
Clean links and sophisticated scams mark new era in email attacks
VIPRE Security | Email Security in 2024: An Expert Look at Email-Based Threats | February 2024
- When it comes to phishing, 71% of emails are still using links as their primary bait.
- Financial services (22%) was the most targeted sector by phishing and malspam emails, followed by information technology (14%), healthcare (14%), education (10%), and government (8%).
Organizations need to switch gears in their approach to email security
Egress | 2024 Email Security Risk Report | February 2024
- Leaders are taking a tough stance with employees caught by phishing attacks with negative outcomes for the people involved happening in 74% of companies.
- Additionally, 51% of organizations fell victim to phishing attacks sent from compromised accounts within their supply chain in the last 12 months.