Phishing Trends and Statistics: A Deep Dive into 2024

  • Maya Pillai
    • Share

    The 2024 Phishing Landscape report provides a comprehensive analysis of the current state of phishing attacks, shedding light on the methods and tactics employed by cybercriminals. This blog will delve into the key statistics and trends outlined in the report, offering insights into the pervasive nature of phishing and its impact on organizations worldwide.

    According to the report, the number of phishing attacks has continued to increase. Between May 2022 and April 2023, there were 1,850,392 reported phishing attacks. This figure rose to 1,897,952 in the following year, marking a 3% increase. Although this represents the smallest annual growth since the study began in 2020, the persistent rise in phishing incidents underscores the ongoing challenge faced by cybersecurity professionals.

    Malicious Domain Registrations

    Phishing attacks are often facilitated through malicious domain registrations. The report highlights that the number of phishing attacks associated with malicious domain registrations saw a slight increase of 0.4%, from 1,049,389 to 1,053,735. Interestingly, while the total number of unique domain names reported for phishing decreased by 1%, the number of maliciously registered phishing domains surged by 21%, from 725,520 to 878,111. 

    A significant trend observed in the report is the increased use of subdomain providers by phishers. Subdomain providers offer services on a domain name owned by the provider, allowing users to create their own DNS space. These services are often free, making them an attractive option for cybercriminals. The number of phishing attacks using subdomain providers skyrocketed by 51%, from 302,086 to 454,948. This increase highlights the adaptability of phishers in exploiting alternative supply chain resources.

    Economic Impact of Phishing

    Phishing attacks have severe financial implications for businesses and individuals alike. The Phishing Trends 2024 report cites IBM, stating that the average cost of a single phishing-related data breach is estimated at $4.5 million. Furthermore, business email compromise phishing attacks alone accounted for losses of $3 billion in the United States in 2022. These figures illustrate the substantial economic burden posed by phishing and the critical need for robust cybersecurity measures.

    Phishing Domains and Hosting Networks

    The Phishing Trends 2024 exhibits detailed statistics on the prevalence of phishing domains across various hosting networks. It notes that the number of top-level domains (TLDs) where phishing domains were reported increased by 3%, from 699 to 720. Additionally, the number of generic top-level domain (gTLD) registrars with domains under management reported for phishing rose by a staggering 63%, from 1,200 to 1,951. This surge indicates that phishers are increasingly targeting a broader range of domain registrars and hosting networks.

    The Evolution of Phishing Tactics

    Phishers are continually evolving their tactics to evade detection and maximize their impact. The report mentions that phishers often avoid registering domain names containing the brand name they are attacking. Instead, they embed the names of brands elsewhere in the URLs, such as in the URL path. This tactic helps them evade detection by brand owners who scan zone files for matches. Out of the 1.1 million domains used for phishing, only about 53,000 contained a match for the brand keyword, accounting for less than 5%.

    Vulnerable Populations and Phishing

    Phishing disproportionately affects vulnerable populations. The FBI reported nearly 300,000 complaints related to phishing in 2023, making it the most reported cybercrime for the past five years. Senior citizens, in particular, are heavily targeted, with those aged 60 and above suffering financial losses of nearly $3.4 billion in 2023. This amount is three times more than the losses experienced by adults aged 30-39 and significantly higher than those in other age groups.

    The Persistence of Phishing

    Despite efforts to combat phishing, such as URL and ad blocking services, phishing remains a persistent threat. Google’s Safe Browsing service lists more than 1.8 million phishing sites and sends over 3 million warnings to users daily. However, the data suggests that these warnings are often misunderstood or ignored by users, highlighting the need for increased awareness and education on recognizing phishing attempts.

    The 2024 Phishing trends report paints a sobering picture of the current state of phishing. The rise in phishing attacks, the increasing use of subdomain providers, and the substantial economic impact underscore the critical need for robust cybersecurity measures. Organizations must remain vigilant and proactive in their efforts to combat phishing, employing advanced detection techniques and educating users on recognizing and avoiding phishing attempts. By understanding the tactics and trends outlined in this report, businesses can better protect themselves and their users from the ever-present threat of phishing. 

    Author

    • Maya Pillai is a tech writer with 20+ years of experience curating engaging content. She can translate complex ideas into clear, concise information for all audiences.

      View all posts

    You Might also Like

    The Importance of Strong, Secure Passwords
    Maya Pillai August 9, 2024
    Phishing Landscape 2024: A Comprehensive Analysis
    Maya Pillai July 26, 2024
    Cybersecurity in India: Strategic Measures to Bolster Digital Defenses
    Maya Pillai June 5, 2024
    Post Comment