SlashNext has released its latest report, “Prepare for 2025: 2024 Phishing Intelligence Report,” designed to help organizations prepare for upcoming scams. Analyzing billions of threats across email and mobile channels—such as Business Email Compromise (BEC), malicious links, attachments, QR codes, and AI-driven language attacks—the report provides a detailed overview of the changing phishing landscape and the tactics most used by cybercriminals in the past year. It also outlines key recommendations for organizations to enhance their security defenses for 2025.
Key Findings from the 2024 Phishing Intelligence Report:
- Credential Phishing Soars by 703%: Credential theft attacks surged dramatically in the second half of 2024, signaling a sharp escalation in the use of sophisticated phishing kits and social engineering tactics.
- Massive Uptick in Email-Based Attacks: Overall, email-based threats rose by 202% in the latter half of the year, with individual users receiving at least one advanced phishing link per week capable of bypassing traditional network security controls.
- Zero-Day Dominance: Of all embedded malicious links observed, 80% were previously unknown zero-day threats—underscoring the limitations of static threat intelligence and signature-based detection methods.
- Frequent User Exposure:Â During peak periods, users faced an average of 3-6 threats per week, and annually, up to 600 mobile threats per user. Social engineering-based attacks rose by 141% in the last six months, reinforcing the need for real-time, adaptive security measures.
“In early 2024, we witnessed a sharp spike in attacks as adversaries quickly learned to integrate AI into their phishing strategies, resulting in far higher volumes of advanced and effective threats,” said Stephen Kowski, Field CTO, SlashNext. “By the second half of the year, the growth in attack volume was more gradual but still persistent. We fully anticipate this upward trajectory will continue into 2025, especially as our threat research team uncovers new, advanced phishing kits freely available on the Dark Web.”
Looking ahead to 2025, we expect this rapid evolution to accelerate, with AI-generated attacks becoming more sophisticated and harder to detect, while attackers increasingly target messaging platforms beyond email, including business collaboration tools, SMS, and social media. The bottom line is phishing isn’t an email-only problem anymore; it is a broader messaging security problem that requires a fundamental shift in how organizations approach threat detection and prevention.
The volatile nature of threat categories—ranging from novel phishing links and cleverly disguised attachments to expertly engineered natural language scams—means that what’s effective for attackers can change on a near-weekly basis.
“Traditional security measures are overwhelmed by the sheer volume and adaptability of these threats,” continued Kowski. “Organizations need a comprehensive, proactive security strategy backed by real-time detection and mitigation technologies to stay ahead of increasingly agile attackers.”
Read the full 2024 Phishing Intelligence Report and learn more about how organizations can prepare for the 2025 phishing landscape here.
Related News: