Malicious emails increase over 300 percent

The last six months has seen a 341 percent increase in malicious emails, including an alarming spike in phishing, BEC, and other message-based attacks fueled by the continued growth of generative AI.

The latest State of Phishing Report from SlashNext finds that since the launch of ChatGPT in November 2022, there has been a 4,151 percent increase in malicious emails sent.

In the same period there has also been a 217 percent increase in credential harvesting phishing attacks and a 29 percent increase in BEC attacks. Mobile phones have emerged as the most utilized and vulnerable communications channel, with 45 percent of all mobile threats now being reported as SMS smishing attacks.

"Humans have been, and will continue to be, the weakest point in any organization's security," says Patrick Harr, CEO of SlashNext. "There is a reason threat actors continue to iterate on tactics like phishing that have been around for decades -- they are highly effective. According to Verizon's 2024 Data Breach Investigations Report, humans are increasingly falling for phishing attacks and it now takes a median time of only 21 seconds for a user to click on a malicious link, and only another 28 seconds to then enter their personal data. We know from our research these attacks are getting a boost from generative AI tools that are readily available. Threat actors are using gen AI to customize messages for their victims, write more convincing messages, and dramatically accelerate the speed and volume of these attacks with little to no added cost."

CAPTCHA-based attacks, particularly using CloudFlare, are also on the rise and they are being used to mask credential harvesting forms. Attackers are generating thousands of domains and implementing CloudFlare’s CAPTCHAs to hide credential phishing forms from security protocols that are unable to bypass theCAPTCHAs.

You can get the full report from the SlashNext site.

Image credit: denismagilov/depositphotos.com