Cybersecurity firm, Egress, has released its Phishing Threat Trends Report for 2024, providing an in-depth analysis of key trends, fresh data, and threat intelligence insights surrounding phishing attacks.

The report highlights the evolution of payloads, the increasing role of Artificial Intelligence (AI) in cybercrime, the success of multi-channel attacks, and the lagging security of email gateways (SEGs) in an evolving threat landscape.

Millennials were found to be the primary target for cybercriminals, with the finance, legal, and healthcare industries being the most targeted. People working in Accounting and Finance teams received the most phishing emails, followed by Marketing and HR. The most targeted job role is the CEO, and 13.4% of phishing attacks impersonated someone the victim knew, such as CEOs and senior leaders.

The report also reveals a significant rise in 'quishing' (QR code phishing), from 0.8% in 2021 to 10.8% in 2024. Meanwhile, attachment-based payloads have seen a decrease, halving from 72.7% to 35.7% in the same timeframe. The report also indicates that 77% of impersonation attacks mimic well-known brands, with DocuSign being the most impersonated brand, followed by Microsoft.

16.8% of phishing attacks were found to rely solely on social engineering methods. Microsoft Teams was the second most popular platform in multi-channel attacks, accounting for 30.8%, followed by Slack (19.2%) and SMS (18.6%). AI is being utilised in nearly every aspect of cyberattacks, with a 52.2% increase in attacks getting through SEG detection from January to March 2024.

SVP of Threat Intelligence at Egress, Jack Chapman, said: “The third edition of the Egress Phishing Threat Trends Report is jam packed with crucial themes and predictions for the threat landscape for 2024. Utilising data from Egress Defend and exclusive intel from the Egress team, we look at hot topics that have dominated headlines, including the rise of QR phishing and AI-powered attacks, plus we analyse the ways cybercriminals are engineering attacks to get through detection by secure email gateways.

Chapman said cybercriminals will continue to heavily in attacks that give them the highest rewards. "Some tactics will stay the same, but where returns diminish or disappear entirely, new tactics will emerge. Looking at the trends explored in the latest report, we can say with certainty that AI-powered attacks are here to stay, and our Threat Intelligence team predicts AI will be used in some way in every phishing attack in the next 12 months, leading to lucrative paydays for cybercriminals. The Phishing Threat Trends report is an essential read for all cybersecurity teams and leaders and offers advice as well as key themes detected by Egress Defend.”