Credential phishing attacks surged by 703% in the second half of 2024, according to a report by SlashNext.
Phishing attacks overall saw a 202% increase during the same period.
“Since June, the number of attacks per 1,000 mailboxes each week has increased linearly,” the researchers write.
“Currently, we are capturing close to one advanced attack per mailbox each week. As we reach the 1,000 threshold, this translates to nearly one advanced attack for every single mailbox each month. This steady increase indicates a substantial volume problem that individual efforts cannot handle effectively.”
The researchers believe the increase is partially due to the proliferation of phishing kits, which allow criminals to launch sophisticated attacks with little effort.
“Throughout the year, we’ve shown evidence of attackers having access to unique phishing kits designed to evade detection, automate their processes, and target victims at scale,” SlashNext says. “Our data shows that these diverse phishing methods have been consistently employed from the beginning to the end of the year.
Since our mid-year report, there has been a remarkable 202% increase in the number of phishing messages delivered per 1,000 mailboxes. This trend underscores a significant shift in email security dynamics. We are now operating in what can be described as a ‘volume game,’ where the sheer number of attacks overwhelms traditional security measures.”
The researchers predict that these attacks will continue to increase throughout 2025, as threat actors incorporate AI tools to improve the efficiency of their attacks.
“Looking ahead to 2025, we expect this rapid evolution to accelerate, with AI-generated attacks becoming more sophisticated and harder to detect, while attackers increasingly target messaging platforms beyond email, including business collaboration tools, SMS, and social media,” SlashNext says. “The bottom line is phishing isn’t an email-only problem anymore; it is a broader messaging security problem that requires a fundamental shift in how organizations approach threat detection and prevention.”
KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
SlashNext has the story.
How BreachSim works:
