Key findings from the Egress 2024 Phishing Threat Trends report
There has been a 36.6% increase in phishing emails in the first three months of 2024.
The 2024 Phishing Threat Trends Report provides valuable insights into the evolving landscape of phishing attacks so far in 2024. From the rise of ‘quishing’ and AI-powered phishing campaigns to multi-channel approach.
The risk to your organisation and sophisticated phishing threats are increasing.
Here, we will examine some of the report’s key findings, the industries and demographics most at risk, and the evolution of payloads from 2021 to date.
Download the latest Phishing Threat Trends Report (April 2024) here:
Key findings:
1. Preferred times for phishing attacks
- Sunday has become the favoured day for phishing emails, accounting for 22% of attacks.
- Friday closely follows with 19% of attacks.
- Notably, 9th February is the most phished day of the year.
2. Target profiles
- Millennials are the primary target group for phishing attacks.
- Gen X is also closely targeted.
- CEOs are at the highest risk among job roles, followed by financial and accounting professionals.
- Several industries are key targets focusing on finance, legal and healthcare sectors.
3. Technical Evasion Techniques
- 20.2% of phishing emails employ technical measures to evade detection by Microsoft 365 and secure email gateways.
- Impersonation attacks are prevalent, with 77.2% masquerading as well-known brands like Docusign and Microsoft.
4. QR Codes and Payload Evolution
- QR code phishing (also known as “quishing”) has surged, accounting for 10.8% of phishing email payloads in the past three months (up from 0.8% in 2021).
- Organizations need effective countermeasures to combat this type of attack.
5. Phishing Payloads
- Ransomware prevalence has doubled since 2021, constituting 32.6% of attachment-based payloads.
- In contrast, malware has declined significantly, now at 30.6%.
6. Multi-Channel Attacks
- Attackers use multiple communication channels for follow-up attacks:
- Microsoft Teams: 30.8%
- Slack: 19.2%
- SMS: 18.6%
7. AI-powered attacks continue to emerge
- AI’s increasing role in cyberattacks poses significant challenges for cybersecurity professionals.
- Deepfakes and generative AI chatbots raise concerns among cybersecurity leaders.
- Deepfakes concern: 63% of cyber security leaders worry about using deepfakes in cyberattacks.
- 61% are worried about cybercriminals using generative AI chatbots to enhance their phishing campaigns.
- AI’s role in identifying targets, crafting convincing phishing emails, and creating personalised malware is unprecedented.
- The Threat Intelligence teams predict that AI will soon be used in the majority of phishing attacks.
8. Bypassing Secure Email Gateways (SEGs)
- From January to March 2024, there has been an alarming 52.2% spike in attacks evading SEG detection.
- Shockingly, 68.4% of these attacks successfully manage to pass essential authentication checks like DMARC.
- These threats frequently originate from compromised third-party accounts, some even within the target’s own supply chain.
This emphasises why many organisations are rapidly investing in integrated cloud email security (ICES) products that can detect a broader spectrum of phishing attacks.
The 2024 report on Phishing Threat Trends provides a thought-provoking insight into the diverse realm of phishing strategies in 2024. It unveils a noticeable increase in the sophistication of attacks, utilising traditional vulnerabilities as well as novel techniques such as AI-generated attacks and multi-channel approaches. As a result, numerous organisations are contemplating the adoption of an ICES solution, replacing their SEG, to effectively detect and counteract the most advanced threats.
Learn more in the latest Phishing Threat Trend Report
Note: Unless otherwise cited, all statistics in the report have been generated using data from Egress Defend, the integrated cloud email security (ICES) solution that detects the full spectrum of advanced phishing attacks.