Cybersecurity experts have identified a significant increase in phishing attacks, with an alarming 202% rise in overall phishing messages during the second half of 2024. Additionally, a substantial 703% surge in credential phishing attacks was observed in the same period, according to SlashNext’s 2024 Phishing Intelligence Report.
The study’s key findings reveal that users encounter an average of one advanced phishing attack per mailbox every week, highlighting a concerning trend. Mobile users are also facing up to 600 threats annually, showcasing a shift towards multichannel phishing approaches rather than relying solely on email-based attacks.
Among the various attack vectors, link-based phishing remains the most prevalent method, with 80% of malicious links falling under the category of zero-day threats. These newly created URLs are designed to evade traditional detection methods, posing a significant challenge for cybersecurity defenses.
The report categorizes phishing tactics into three main groups: link-based threats, text-based threats, and file-based threats. Link-based threats, which often involve zero-day URLs, are identified as the leading attack vector. Text-based threats are growing in sophistication, with tactics like business email compromise and invoice scams becoming more prevalent. File-based threats are increasingly utilizing techniques such as HTML smuggling to evade detection.
Live scanning revealed that most link-based attacks involve zero-day URLs that are created shortly before being used, bypassing conventional signature-based defenses. This emphasizes the need for organizations to deploy real-time threat analysis tools to combat evolving phishing tactics.
Nicole Carignan, vice president of strategic cyber AI at Darktrace, highlighted the constant innovation by threat actors to launch malicious campaigns. She noted a rise in the misuse of commonly used services and platforms such as Microsoft Teams and Dropbox for phishing campaigns in 2024.
The analysis also indicates a shift in phishing tactics towards targeting platforms beyond email, including SMS, LinkedIn, and Microsoft Teams. Mobile threats like smishing and malicious links in messaging apps are on the rise, with users facing an average of one mobile threat per week and peaks of three to six during high-activity periods.
As attackers increasingly leverage AI to generate sophisticated phishing campaigns, organizations must reassess their security frameworks. The SlashNext report predicts a rise in threats across messaging platforms, with attackers exploiting collaboration tools and social engineering tactics. This evolution necessitates a comprehensive, automated approach to detect and mitigate threats at scale.
Darren Guccione, CEO of Keeper Security, emphasized the importance of adopting passwordless authentication and passkeys to enhance security measures. These technologies reduce reliance on traditional passwords, which are prime targets for phishing and credential-based attacks. Passkeys provide an additional layer of security through biometric or device-based authorization, making it more challenging for attackers to exploit stolen credentials.
By proactively addressing these emerging challenges, organizations can better protect sensitive data and uphold operational integrity in the face of evolving cyber threats in 2025.