The following report provides an analysis of the Phishing trends and emerging tactics used by cybercriminals, as well as insights on how these attacks impacted different industries based on our findings in 2024. Furthermore, it examines key developments, highlights notable cases, and offers insights into how organizations and individuals can mitigate risks of becoming a victim of Phishing threats.
Cybercrime never stands still – and neither do we. Every Phishing attempt we block and every suspicious pattern we investigate helps us to better understand how attackers operate. This report shares some insights on what we have seen across our network traffic in 2024 – the trends, tactics, and signals that stood out. By learning from these, we’re building stronger, faster, and more effective ways to respond. It’s part of our ongoing effort to turn what we observe into action, and to keep improving every step of the way.
Understanding the motives and types of Phishing attacks
Phishing is a form of cybercrime in which attackers for example impersonate legitimate entities to deceive individuals into revealing sensitive information such as login credentials, financial data, or personal details. Typically executed through emails, fraudulent websites, or social engineering tactics – Phishing exploits human trust to bypass security measures. As cyber threats evolve, Phishing remains one of the most prevalent and damaging attack vectors, affecting individuals, businesses, and governments worldwide.
Cybercriminals engage in Phishing attacks primarily for financial gain, but their motives can also include espionage, data theft, or disruption of critical operations or infrastructure. By deceiving victims into revealing sensitive information such as usernames, passwords, and financial details, attackers can commit fraud, identity theft, or sell stolen data on the dark web. Phishing is the most common data breach vector, accounting for 15% of all data breaches according to IBM’s Cost of a Data Breach report.
Depending on the target of the attack, Phishing can be separated into the following two types: mass (or bulk) commodity attacks and targeted (also called spear Phishing) attacks. Phishing commodity attacks refer to large-scale, low-cost Phishing campaigns that use readily available tools, services, and kits to target a broad audience. Examples of the commodity attacks typically include global or regional brands, e.g. fake Microsoft or PayPal login pages. Thus, commodity Phishing is a widespread attack method that relies on mass distribution, hoping that a fraction of recipients will become victims. The content of the messages is often not customized to a specific recipient but contains generic lures, e.g. unpaid invoices, or package delivery notifications. To distribute commodity Phishing, cybercriminals typically use email addresses collected from data breaches, leaked databases, web scraping, or bought on dark web marketplaces.
Spear Phishing, on the other hand, is a highly targeted attack designed to compromise specific individuals or organizations. These attacks require more effort and research, making them significantly more successful. Cybercriminals tailor their approach based on the victim’s job role, company, or even personal interests, increasing the chances of deception. Spear Phishing attacks often focus on executives, employees with access to financial data, or IT administrators. Data gathering is usually conducted via social media, company websites, and other publicly available sources. These types of Phishing messages are distributed to specifically selected email addresses and messages tend to be highly personalized. The hacking of the ICANN social media account to promote $DNS cryptocurrency, is an example of cyberattack which began with a targeted Phishing email campaign.
Observed Phishing activity
The commoditization of Phishing has led to the emergence of PhaaS (Phishing as a service) platforms, where cybercriminals offer comprehensive Phishing kits for sale on the dark web. The Phishing kits are collections of tools and scripts designed to facilitate Phishing campaigns (e.g. creation of websites and distribution of Phishing emails). This trend has lowered the entry barrier for less-experienced attackers, contributing to a global surge in Phishing activities. Such platforms often include dashboards, technical support, and even subscription models, mirroring legitimate SaaS business practices. As a result, threat actors with limited technical expertise can now orchestrate highly effective and scalable phishing operations with minimal effort.
Most targeted brands
Our threat researchers have looked at Phishing telemetry for the top impersonated brands of 2024. Cyber criminals often leverage Phishing kits to create fraudulent web pages of well-known brands to lure victims into revealing their sensitive information. In the last year we saw … Download the full report below.
Let’s discuss how cyan can help!
Contact us today to learn more
Report
Send download link to: