Security experts have reported a 341% increase in malicious phishing links, business email compromise (BEC), QR code and attachment-based threats in the past six months.
This data comes from SlashNext’s mid-year The State of Phishing 2024 report, which also identified an 856% increase in malicious email and messaging threats over the previous 12 months. Since the launch of ChatGPT in November 2022, there has been a 4151% surge in malicious phishing messages.
“A bad actor can utilize ChatGPT in a number of ways, including to create convincing phishing emails,” warned Darren Guccione, CEO and co-founder at Keeper Security.
“Not only can the tools help bad actors create content such as a believable phishing email or malicious code for a ransomware attack, but they can do so quickly and easily. The least-defended organizations will be particularly vulnerable, as the volume of attacks will likely continue to increase.”
The report also identified a 217% increase in credential harvesting phishing attacks and a 29% rise in BEC attacks over the past six months.
CAPTCHA-based attacks are also increasing, with attackers using CloudFlare’s CAPTCHAs to conceal credential harvesting forms.
Additionally, cybercriminals are exploiting trusted services like Microsoft SharePoint, AWS and Salesforce to hide phishing and malware. QR code-based attacks now account for 11% of all malicious emails, often integrated into legitimate infrastructures.
“For protection, [consumers] should download tools to their laptops, desktops and mobile devices to help identify malicious emails,” said Krishna Vishnubhotla, vice president of product strategy at Zimperium. “This is a good starting point. Once that’s done, the real work begins, which includes developing better cyber hygiene.”