Kaspersky blocks over 893 million phishing attempts in 2024

In 2024, Kaspersky's security solutions were instrumental in blocking over 893 million phishing attempts, marking a 26% rise from the figures recorded in 2023.

Cybercriminals have been leveraging the brand power of popular companies such as Booking, Airbnb, TikTok, and Telegram to execute schemes intended to extract user credentials or to install malware on the devices of unsuspecting victims. These schemes have been part of larger efforts by cyber attackers to exploit brand recognition for malicious gain.

The data shows that both individual and corporate users experienced attacks involving malicious email attachments on over 125 million occasions throughout the year. Such attacks frequently involved emails that housed password-protected archives with malicious content or SVG images posing as innocuous graphics. The financial and data compromise resulting from these fraudulent activities underscores the significant threats they pose.

According to Kaspersky, an increase in phishing attempts was particularly notable during the months of May through July, coinciding with the holiday season. This period traditionally attracts scams related to fake airline and hotel bookings, deceptive tour packages, and offers that appear too good to be true, aimed at luring travellers.

Kaspersky's experts noted the prevalent strategy among cybercriminals to imitate the websites of well-known brands, with a particular focus observed on TikTok. A notable campaign targeted TikTok Shop users by setting up fraudulent login pages designed to capture sellers' credentials.

Furthermore, scammers have been found to exploit current events and trending topics, such as the cryptocurrency game Hamster Kombat and TON wallets, to legitimise their fraud schemes. This trend extends to the use of fake celebrity images to falsely promote competitions offering lucrative prizes to fans, which have not materialised.

Olga Svistunova, a Security Expert at Kaspersky, highlighted, "While the core mechanics of phishing and scams remain unchanged, attackers constantly refine their disguises. They capitalize on trending news, hype-driven topic, and even combine branding from multiple companies on a single phishing page to enhance efficiencies of their campaigns. AI-driven tools help them to create highly convincing fake websites, making fraud harder to detect. These evolving tactics pose a growing risk – not just to financial security but also to personal identity protection. As a result, vigilance and the use of robust cybersecurity solutions have never been more crucial."

The menace of spam also continues to escalate with nearly half of the emails in corporate mailboxes counted as spam, amounting to 47% of global traffic, which indicates a 1.27 percentage point increase from the previous year. Experts have observed a variety of email threats, including fraudulent court appeals and deals, counterfeit official notifications, as well as unsolicited advertisements. Notably, much of the spam involves advertisements for AI solutions, webinars, online promotion services, and follower-boosting schemes.

To mitigate the risks of phishing and scams, Kaspersky advises users to approach emails and links with caution, ensuring they trust the source before engaging. Users are also encouraged to verify the authenticity of a website's URL, looking closely for subtle alterations in its spelling. Deploying a reliable security solution is highly recommended to help detect and block spam and phishing campaigns effectively.