Shipra Sanganeria
Published on: April 24, 2025
Key Takeaways
- 2023 was the worst year on record for phishing attacks, with nearly five million incidents reported.
- Up to September 2024, there were a total of 2.77 million phishing attacks that year alone.
- AI-generated phishing emails have an open rate of about 78%, with 21% of recipients clicking on harmful links or attachments within the email.
- Generative AI tools can speed up the process of engineering phishing attacks by at least 40%.
- LLMs can reduce the costs of creating phishing scams by up to 95%, while achieving the same or greater success.
- Over the past three years, deepfake attacks have increased by 2,137%, rising from 0.1% to 6.5% of all fraud attempts detected.
- In the third quarter of 2024, social media platforms were the sector most frequently targeted by phishing attacks.
- Gift card scams were the most popular scam type in the third quarter of 2024, accounting for 40.4% of all attacks.
- In the third quarter of 2024, the most popular free email client used in BEC attacks was Google’s Gmail, accounting for 83.1% of all free email accounts set up by scammers.
- On average, it takes a user around 60 seconds to fall for a phishing scam.
Introduction
Phishing scams have been a persistent threat since the mid-1990s, developing in tandem with digital media such as email and online banking. As technology continues to advance, phishers adapt their strategies to exploit new tools and vulnerabilities, making their attacks smarter, more targeted, and increasingly difficult to detect.
In this article, the researchers at Safety Detectives explore how phishing scams have transformed over time, especially with the advent of AI technology, highlighting the growing sophistication and challenges these scams pose to digital security.
Phishing in 2024: Smarter, Not More Frequently Reported
While phishing attacks remain one of the most pervasive cyber threats, 2024 marked a slight decline in reported frequency, especially compared to 2023 — the worst year for phishing on record.
The Anti-Phishing Working Group (APWG), an international consortium dedicated to sharing data and raising awareness on cybercrime, reported a total of 2.77 million phishing attacks by September of 2024. 963,994 of those attacks happened in the first quarter of the year, significantly lower than the record high of 1,624,144 attacks in the first quarter of 2023.
In the second quarter of 2024, the number of phishing attacks further decreased to 877,536. However, APWG pointed out that this decrease might be due to certain email providers blocking messages from users trying to report to APWG and other anti-abuse actors.
In the third quarter of 2024, phishing attacks reached 932,923, a 6% increase compared to the previous quarter. Data for the last quarter of the year hasn’t been released yet.
Two emerging trends that demonstrate the developing nature of phishing attacks are vishing and smishing, which have seen significant increases throughout 2024.
Vishing, or voice phishing, involves scammers using phone calls to deceive victims into revealing sensitive information. The scammers often masquerade as representatives from trusted organizations to gain their victim’s confidence.
Vishing incidents increased by more than 28% from the second to third quarter of 2024. This rise could be attributed to the effectiveness of direct communication with victims, which allows scammers to bypass traditional email security filters.
Smishing, or SMS phishing, involves sending SMS messages that contain malicious links or that ask for personal details. These messages aim to deceive recipients into divulging sensitive information.
Smishing incidents increased by more than 22% in the third quarter of 2024. This growth reflects the shift toward mobile-based phishing due to the increasing difficulty of reaching victims via email.
Since phishing is closely linked to email campaigns, the APWG report also collects data on unique phishing email campaigns conducted by cybercriminals. They are tracked by counting email lures with different subject lines.
In September 2024, the number of unique phishing email campaigns was reported to be 25,358, a 31% decrease from just two months before — 33,424. This data suggests that cybercriminals are increasingly using sophisticated techniques to avoid detection, such as varying subject lines and content in their emails.
The highest number of phishing email campaigns — 50,837 — was recorded in January but dropped by over half the following month. This points to cybercriminals potentially changing their tactics to get ahead of the typical February romance scams.
The APWG also found the number of brands targeted by phishing campaigns remained relatively steady in 2024, ranging from a minimum of 299 (July 2024) to a maximum of 324 (April 2024). By comparison, in March 2023 there were 576 targeted brands, the highest of that year. This equates to the number of affected brands having decreased by over 40% in just one year.
In the development of phishing attacks, one of the biggest trends of 2024 was the rise of AI-generated phishing scams. The advent of generative AI tools, like ChatGPT and other LLM models, has allowed scammers to craft highly personalized, more convincing, and grammatically flawless messages that mimic the writing styles of legitimate organizations.
According to research conducted by SoSafe, Europe’s leading provider of security awareness, AI-generated phishing emails have an open rate of about 78%, with 21% of recipients clicking on harmful links or attachments within the email.
However, according to Dr. Niklas Hellemann, CEO and Co-Founder of SoSafe, the greatest danger of AI phishing attacks lies in its scaling potential. SoSafe’s study found that Generative AI tools can speed up phishing attacks by at least 40%, which makes them much more scalable and dangerous than traditional phishing attacks.
Even more worryingly, research conducted by Harvard Business Review found that using LLMs can automate the entire phishing process, reducing costs by up to 95% while achieving the same or an even greater success rate.
Research suggests that scammers are also increasingly using deepfake technology to manipulate and deceive their targets. These sophisticated cyber scams use AI to create fake audio or video content, impersonating trusted individuals or organizations to manipulate victims into revealing sensitive information or transferring funds.
Data from Signicat’s 2024 “The Battle Against AI-Driven Identity Fraud” report suggests that over the past three years, deepfake attacks have increased by 2137%, rising from 0.1% to 6.5% of all fraud attempts detected.
Sectors Most Targeted by Phishing
According to the APWG, in the third quarter of 2024, social media platforms were the most frequently targeted sector, accounting for 30.5% of all phishing attacks. The same was the case for the first and second quarters of the year, with social media making up 37.4% and 32.9% of all phishing attacks, respectively.
This suggests that cybercriminals prefer to deceive their targets by using fake identities or profiles on these platforms.
SAAS (Software as a Service), and in particular Webmail, was the second most targeted sector throughout 2024, accounting for 21.2% of phishing attacks in the third quarter of the year.
While still heavily targeted, the financial sector saw a decline in phishing attacks, making up 13% of all attacks in the third quarter of 2024. By comparison, in the third quarter of 2023, it was the most targeted sector, accounting for 24.9% of all attacks.
This decline could be attributed to financial institutions implementing stronger security measures like two-factor authentication, which can significantly decrease the success rate of phishing attacks.
The Most Successful Phishing Scams in 2024
According to APWG, gift card scams were the most popular scam type in the third quarter of 2024, accounting for 40.4% of all attacks. In these scams, cybercriminals trick victims into purchasing gift cards from popular platforms like Amazon, Netflix, or Google Play and convince their target to share the redeeming codes, allowing the scammer to steal the funds.
The second most common scam is the advance-fee fraud, where scammers convince victims to make upfront payments for goods, services, or financial gains that never materialize. Both these scams rely on the Business Email Compromise (BEC) tactic, in which cybercriminals impersonate employees of large organizations to trick their targets into providing the information needed to execute the scam.
In the third quarter of 2024, an alarming new trend of extortion emails demanding cryptocurrency as payment emerged, which was not present in the previous two quarters.
These scams are similar to the traditional extortion scams, in which fraudsters demand money in exchange for not sharing embarrassing information about the victim. However, these scams are now becoming more sophisticated, often including the victim’s phone number, home address, and even a Google Street View of their home.
The Role of Free Webmail Providers in Phishing
In the last couple of years, free webmail clients like Google and Microsoft have implemented strong cybersecurity measures for creating free email accounts, including phone number verification. Despite these efforts, cybercriminals continue to find ways to bypass security measures and use the platforms for phishing scams.
According to Fortra, a leading cybersecurity platform, around 70% of BEC attacks are launched using a free email client. The remaining 30% used a combination of maliciously registered domains and compromised email accounts.
In the third quarter of 2024, the most popular free email client used in BEC attacks was Google’s Gmail, accounting for 83.1% of all free email accounts set up by scammers, an increase from 72.4% the previous quarter. Microsoft comes at a distant second, making up 9.5% of all free email accounts used for BEC attacks.
When it comes to the domain names registrars used to run their BEC attacks, fraudsters prefer Squarespace and NameCheap, which account for 34.1% and 23.8% of all attacks, respectively. Other popular registrars used by scammers include Hostinger, GoDaddy, NameSilo, Enom, and PDR. These platforms allow scammers to create realistic-looking phishing sites, further deceiving their victims into providing sensitive information.
How Long Does It Take Users to Fall for a Phishing Scam?
According to Verizon’s 2024 Data Breach Investigations Report, the overall rate of reporting phishing scams has increased over the last couple of years. In 2020, 20% of users in simulation engagements reported phishing, while 11% of the users who clicked the email reported as well.
The report found that the average time it takes for users to fall for a phishing email is just one minute. This includes 21 seconds to click on a phishing link and an additional 28 seconds to enter their data on a phishing site.
Could a New Email Provider (Like Xmail) Worsen Phishing?
While a new email service like Xmail (a proposed service from Elon Musk) could potentially offer innovative features and improvements over existing services, it may also pose significant risks related to phishing and other cyberattacks.
Cybercriminals could exploit the excitement and anticipation surrounding a new email service like Xmail by impersonating it in phishing campaigns. The mere mention of Xmail by Elon Musk has already sparked speculation and curiosity, which could make users more susceptible to scams.
Another question that arises is: Would users trust an Elon Musk-backed email service more than Gmail? On one hand, Musk’s popularity in some circles and his influence in the tech world could lead some users to switch to a service associated with him. This trust could also be exploited by cybercriminals, who might use Musk’s reputation to make phishing scams appear more legitimate.
On the other hand, Gmail’s long-standing dominance and integration with other Google services have created a strong user base that is deeply entrenched in the Google ecosystem. For many users, especially businesses, switching to a new email service would require significant incentives, such as substantial improvements in privacy, security, or user experience.
To mitigate the risks associated with phishing, users should remain vigilant about unsolicited emails claiming to offer access to new services like Xmail. Users need to verify the source of emails, avoid clicking on suspicious links, and never provide login credentials in response to unsolicited requests. Additionally, enabling two-factor authentication and maintaining strong, unique passwords can significantly enhance your security.
Conclusion
Phishing scams have become more sophisticated and targeted as technology advances. As phishers continue to adapt their tactics, individuals and organizations alike need to stay vigilant and implement robust security measures to protect against these ever-evolving threats. By staying informed and proactive, we can reduce the impact of phishing scams and make our digital lives safer.
