Islamabad : In 2024, Kaspersky blocked 26% more phishing attempts worldwide compared to the previous year. Every second email in the corporate mailboxes was spam. Cybercriminals continued to capitalize on well-known brands like Booking, Airbnb, TikTok and Telegram to steal credentials or install malware. Additionally, users encountered more than 125 million attacks involving malicious email attachments.
Kaspersky’s security solutions blocked over 893 million phishing attempts globally in 2024 – a 26% increase from 2023, when the total stood at nearly 710 million. In Pakistan an increase of 18% in phishing attempts in 2024 compared to 2023 was registered. The surge in attempts between May-July is traditionally tied to the holiday season when fraudsters frequently try to lure travelers with scams involving fake airline and hotel bookings, deceptive tour packages and too-good-to-be-true offers.
One ongoing campaign, for example, has been targeting TikTok Shop users. Cybercriminals created fake login pages designed to steal sellers’ credentials. Additionally, scammers capitalized on trending news, orchestrating fraud schemes involving the hype topics, for example cryptocurrency game Hamster Kombat and TON wallets.
Fraudulent schemes also tended to capitalize on fake celebrity images in 2024, falsely promoting giveaways of valuable prizes to fans that were never delivered. The trend persists in 2025.
“While the core mechanics of phishing and scams remain unchanged, attackers constantly refine their disguises. They capitalize on trending news, hype-driven topic, and even combine branding from multiple companies on a single phishing page to enhance efficiencies of their campaigns. AI-driven tools help them to create highly convincing fake websites, making fraud harder to detect. These evolving tactics pose a growing risk – not just to financial security but also to personal identity protection. As a result, vigilance and the use of robust cybersecurity solutions have never been more crucial,” says Olga Svistunova, a security expert at Kaspersky.
According to Kaspersky data, both individuals and corporate users encountered malicious email attachments more than 125 million times in 2024. Cybercriminals used various tactics in email campaigns targeting businesses, that included sending emails with password-protected archives containing malicious content and SVG images disguised as harmless graphics, and many other schemes. Attackers lured victims into clicking on malicious content through fake court appeals, fake deals, counterfeit official notifications and more.
Nearly every second email in a corporate mailbox – 47% of global traffic, marking a 1.27 percentage point increase from the previous year – was spam. Experts note that corporate spam trends of the last year prominently feature advertisements for AI solutions, related webinars, online promotion services, follower-boosting schemes and more.
In order to avoid becoming a victim of phishing, scam or malicious messages, Kaspersky experts advise to only open emails and click links if you are sure you can trust the sender. When a sender is legitimate, but the content of the message seems strange, it is worth checking with the sender via an alternative means of communication. Also check the spelling of a website’s URL if you suspect you are faced with a phishing page. It’s advisable to use a proven security solution like Kaspersky Premium when surfing the web. Thanks to access to international threat intelligence sources, these solutions are capable of spotting and blocking spam and phishing campaigns.
To learn more about spam and phishing threat landscape, visit Securelist.com.