SlashNext: Credential Phishing Up 703% in H2 2024

SlashNext, which offers next-gen AI cloud email and communications security, posted a new report: Prepare for 2025: 2024 Phishing Intelligence Report. This document was created to help organizations anticipate and prepare for scams in the next year.

The report spans billions of analyzed threats – across email and mobile channels, including BEC, malicious links, attachments, QR codes and AI-driven natural language attacks – offering a comprehensive look at the evolving phishing landscape and the vectors most exploited by cybercriminals in the past year. It also  identified necessary considerations for organizations seeking to strengthen security defense against those attacks.

Key findings include:

  • Credential phishing instances growing 703 percent in the 2024 H2, signaling a sharp escalation in the use of sophisticated phishing kits and social engineering tactics.
  • Email-based threats rose by 202 percent later in 2024, with individual users receiving at least one advanced phishing link per week capable of bypassing traditional network security controls.
  • 80 percent of embedded malicious links were previously unknown, zero-day threats.
  • Users faced an average of three-six threats per week, and annually, up to 600 mobile threats per user. Social engineering-based attacks rose by 141 percent in the last six months, reinforcing the need for real-time, adaptive security measures.

“In early 2024, we witnessed a sharp spike in attacks as adversaries quickly learned to integrate AI into their phishing strategies, resulting in far higher volumes of advanced and effective threats,” said Stephen Kowski, field CTO, SlashNext. “By the second half of the year, the growth in attack volume was more gradual but still persistent. We fully anticipate this upward trajectory will continue into 2025, especially as our threat research team uncovers new, advanced phishing kits freely available on the dark web.”

Looking forward, SlashNext expects acceleration in this rapid evolution, with AI-generated attacks becoming more sophisticated and harder to detect, while attackers increasingly target messaging platforms beyond email, including business collaboration tools, SMS and social media.

“Traditional security measures are overwhelmed by the sheer volume and adaptability of these threats,” continued Kowski. “Organizations need a comprehensive, proactive security strategy backed by real-time detection and mitigation technologies to stay ahead of increasingly agile attackers.”