Highlights:
- In addition to the significant rise in phishing overall, the report’s key results show that credential phishing has increased by 967%.
- On average, thirty-one thousand phishing emails are sent out daily, and 68% of them are text-based business email compromise or BEC attacks.
In the 12 months between the end of the third quarter of 2023 and the fourth quarter of 2022, there was a staggering 1,265% increase in phishing attempts, according to a new analysis published by phishing prevention business SlashNext Inc.
Based on a review of billions of threats, including link-based malware, malicious attachments, and natural language messages in email, mobile, and browser channels, the SlashNext State of Phishing 2023 report highlighted the rise. Researchers at SlashNext also studied in-depth the actions and activities of cybercriminals on the dark web, especially when it comes to using generative AI technologies.
In addition to the significant rise in phishing overall, the report’s key results show that credential phishing has increased by 967%. Credential phishing is a type of cyberattack in which perpetrators use false emails or websites to mislead victims into divulging their login credentials or personal information.
On average, thirty-one thousand phishing emails are sent out daily, and 68% of them are text-based business email compromise or BEC attacks. In such attacks, cybercriminals pose as real people or take control of business email accounts to trick victims into revealing sensitive information or making unauthorized financial transfers. Smishing, or SMS phishing, was also discovered to be involved in about 39% of all mobile-based attacks.
The report’s most notable trend is the development of generative AI. SlashNext said that ChatGPT and other AI chatbots have made it easier for hackers to create complex BEC attacks and advanced malware. The report explores the rise of “Dark LLMs” – large language models, malicious chatbots, and AI jailbreaks and how these tools have fueled the rise in phishing attacks to date.
A survey of over 300 cybersecurity experts was also conducted for the report. Nearly 50% of respondents claimed having experienced a BEC attack, 77% stated they had been the victim of phishing attempts, and 28% said they had received phishing texts using text messaging.
Mika Aalto, Co-founder and CEO of HoxHunt Oy, a platform for human risk management, stated that artificial intelligence and large language models, like ChatGPT, are being used to generate more convincing phishing messages on a large scale. According to Aalto, his company also witnessed increased attacks launched through MMS and phony social media accounts.
Aalto said, “AI lowers the technical barrier to create a convincing profile picture and impeccable text, not to mention code malware. The threat landscape is shifting incredibly fast now with the introduction of AI to the game. But the good news is that AI can also be used to defend against sophisticated attacks, and we’ve seen that good training continues to have a protective effect against AI-generated threats.”