Millennials are key targets for phishing

A new report reveals that millennials are the top targets for phishing attacks, receiving 37.5 percent of phishing emails.

The latest phishing trends report from Egress also highlights the widespread adoption of AI and QR code phishing (quishing). Quishing has risen from 0.8 percent in 2021 to 10.8 percent in 2024, whereas attachment-based payloads halved from 72.7 percent to 35.7 percent in the same period.

Following initial phishing email attacks, Microsoft Teams, and Slack account for 50 percent of second steps in multi-channel attacks, and the Egress Threat Intelligence team only expects this to rise in popularity amongst cybercriminals. The use of Zoom and mobile phone calls as the second step in multi-channel attacks has increased in the first quarter of 2024 compared with the last quarter of 2023; Zoom by 33.3 percent and mobile phone calls by 31.3 percent. The Egress team predicts the use of video and audio deepfakes in cyberattacks will increase over the next 12 months and beyond.

The report also reveals that in the first three months of 2024, there was a 52.2 percent increase in the number of attacks that got through secure email gateway (SEG) detection. 68.4 percent of these attacks passed authentication checks, including DMARC.

Jack Chapman, SVP of threat intelligence at Egress, says:

The third edition of the Egress Phishing Threat Trends Report is jam packed with crucial themes and predictions for the threat landscape for 2024. Utilizing data from Egress Defend and exclusive intel from the Egress team, we look at hot topics that have dominated headlines, including the rise of QR phishing and AI-powered attacks, plus we analyze the ways cybercriminals are engineering attacks to get through detection by secure email gateways.

The one thing that won't change in 2024 is cybercriminals investing heavily in attacks that give them the highest rewards. Some tactics will stay the same, but where returns diminish or disappear entirely, new tactics will emerge. Looking at the trends explored in the latest report, we can say with certainty that AI-powered attacks are here to stay, and our Threat Intelligence team predicts AI will be used in some way in every phishing attack in the next 12 months, leading to lucrative paydays for cybercriminals.

The full report is available on the Egress site.

Image Credit: Maksim Kabakou/Shutterstock