Kaspersky reports nearly 900 million phishing attempts in 2024 as cyber threats increase

Kaspersky’s security solutions blocked over 893 million phishing attempts in 2024 – a 26% increase from 2023, when the total stood at nearly 710 million. The surge in attempts (shown in the graph below) between May-July is traditionally tied to the holiday season when fraudsters frequently try to lure travelers with scams involving fake airline and hotel bookings, deceptive tour packages and too-good-to-be-true offers.

Attempts to click phishing links, Kaspersky security solutions, 2024

Experts observed a range of phishing and scam schemes aimed at stealing data, money and installing malicious software. In 2024, cybercriminals often mimicked the websites of well-known brands like Booking, Airbnb, TikTok, Telegram, and others. One ongoing campaign, for example, has been targeting TikTok Shop users. Cybercriminals created fake login pages designed to steal sellers’ credentials. Additionally, scammers capitalized on trending news, orchestrating fraud schemes involving the hype topics, for example cryptocurrency game Hamster Kombat and TON wallets.

An example of a TikTok shop phishing

Fraudulent schemes also tended to capitalize on fake celebrity images in 2024, falsely promoting giveaways of valuable prizes to fans that were never delivered. The trend persists in 2025.

Examples of fake celebrities’ social media posts

“While the core mechanics of phishing and scams remain unchanged, attackers constantly refine their disguises. They capitalize on trending news, hype-driven topic, and even combine branding from multiple companies on a single phishing page to enhance efficiencies of their campaigns. AI-driven tools help them to create highly convincing fake websites, making fraud harder to detect. These evolving tactics pose a growing risk – not just to financial security but also to personal identity protection. As a result, vigilance and the use of robust cybersecurity solutions have never been more crucial,” says Olga Svistunova, a security expert at Kaspersky.

Spam and malicious email campaigns

According to Kaspersky data, both individuals and corporate users encountered malicious email attachments more than 125 million times in 2024.

Cybercriminals used various tactics in email campaigns targeting businesses, as observed by experts. These included sending emails with password-protected archives containing malicious content and SVG images disguised as harmless graphics, and many other schemes. Attackers lured victims into clicking on malicious content through fake court appeals, fake deals, counterfeit official notifications and more.

Nearly every second email in a corporate mailbox – 47% of global traffic, marking a 1.27 percentage point increase from the previous year – was spam. While spam includes different email threats, including those mentioned above, it is not always malicious and consists mostly of unsolicited advertisements. Experts note that corporate spam trends of the last year prominently feature advertisements for AI solutions, related webinars, online promotion services, follower-boosting schemes and more.

To learn more about spam and phishing threat landscape, visit Securelist.com.

In order to avoid becoming a victim of phishing, scam or malicious messages, Kaspersky experts advise the following:

• Only open emails and click links if you are sure you can trust the sender.
  
• When a sender is legitimate, but the content of the message seems strange, it is worth checking with the sender via an alternative means of communication.
  
• Check the spelling of a website’s URL if you suspect you are faced with a phishing page. If you are, the URL may contain mistakes that are hard to spot at first glance, such as a 1 instead of I or 0 instead of O.
  
• Use a proven security solution when surfing the web. Thanks to access to international threat intelligence sources, these solutions are capable of spotting and blocking spam and phishing campaigns.