Credential Phishing Increased by 703% in H2 2024



Catphishing CaseCredential phishing attacks surged by 703% in the second half of 2024, according to a report by SlashNext.

Phishing attacks overall saw a 202% increase during the same period.

“Since June, the number of attacks per 1,000 mailboxes each week has increased linearly,” the researchers write.

“Currently, we are capturing close to one advanced attack per mailbox each week. As we reach the 1,000 threshold, this translates to nearly one advanced attack for every single mailbox each month. This steady increase indicates a substantial volume problem that individual efforts cannot handle effectively.”

The researchers believe the increase is partially due to the proliferation of phishing kits, which allow criminals to launch sophisticated attacks with little effort.

“Throughout the year, we’ve shown evidence of attackers having access to unique phishing kits designed to evade detection, automate their processes, and target victims at scale,” SlashNext says. “Our data shows that these diverse phishing methods have been consistently employed from the beginning to the end of the year.

Since our mid-year report, there has been a remarkable 202% increase in the number of phishing messages delivered per 1,000 mailboxes. This trend underscores a significant shift in email security dynamics. We are now operating in what can be described as a ‘volume game,’ where the sheer number of attacks overwhelms traditional security measures.”

The researchers predict that these attacks will continue to increase throughout 2025, as threat actors incorporate AI tools to improve the efficiency of their attacks.

“Looking ahead to 2025, we expect this rapid evolution to accelerate, with AI-generated attacks becoming more sophisticated and harder to detect, while attackers increasingly target messaging platforms beyond email, including business collaboration tools, SMS, and social media,” SlashNext says. “The bottom line is phishing isn’t an email-only problem anymore; it is a broader messaging security problem that requires a fundamental shift in how organizations approach threat detection and prevention.”

KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

SlashNext has the story.


Stop Advanced Phishing Attacks with KnowBe4 Defend

KnowBe4 Defend takes a new approach to email security by addressing the gaps in M365 and Secure Email Gateways (SEGs). Defend helps you respond to threats quicker, dynamically improve security and stop advanced phishing threats. It reduces admin overhead, enhances detection and engages users to build a stronger security culture.

BreachSim LogoWith KnowBe4 Defend you can:

  • Reduce risk of data breaches by detecting threats missed by M365 and SEGs
  • Free up admin resources by automating email security tasks
  • Educate users with color-coded banners to turn risks into teachable moments
  • Continuously assess and dynamically adapt security detection reducing admin overhead
  • Leverage live threat intelligence to automate training and simulations

Request a Demo

PS: Don't like to click on redirected buttons? Cut and paste this link in your browser:

https://www.knowbe4.com/products/defend-demo



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews