From prompt responses to self-driving cars, 2023 felt the significant impact of artificial intelligence (AI). While most of it was for the better and in the name of advancement, darker areas – like the world of online threats – took advantage of new and advanced capabilities.
As we shift to 2024, AI has revolutionized the ways of cybercriminals, enabling them to launch more sophisticated and targeted attacks than ever before.
Specifically, AI-powered tools have allowed cybercriminals to automate various aspects of their operations, including reconnaissance, attack execution, and evasion techniques. These attackers can now leverage AI algorithms to analyze vast amounts of data, identify vulnerabilities, and exploit holes with precision and speed.
Throughout 2023, Bolster’s threat research team gathered more than 10 billion threat intel data points to publish the 2024 edition of our Phishing Statistics and Online Scams report, which highlights how the world was impacted by external threats, including which industries were hit the hardest, what types of threats were the most common, and how we can prepare our businesses for the next year.
With an over 94% increase in phishing and scam activity since 2020, it’s important to take note of these trends to better your corporate defense. Notable spikes, such as the 2.2 million fraudulent sites detected in just August alone, are indicators of the types of activities that threat actors are likely to engage in.
This post will provide an overview of the top stats, trends, and takeaways, with our 2024 State of Phishing and Online Scam report diving deep into the fraud data we collected for the year of 2023—covering what it means for your business, and highlighting how you can prevent attacks in 2024 and beyond.
2023 Phishing Statistics: A Year Ripe with Opportunity
With phishing sites reaching record-breaking numbers in almost 20 countries around the world, and some of the most well-known brands targeted more than ever before (we found over 1.2 million scams targeting Amazon alone), there’s no doubt that generative AI leads to more hacker activity.
This past year’s cyber attacks also highlighted the state of the market; whether it was the vulnerability of the workforce and widespread market strain resulting in layoffs, or shift to online shopping by consumers, wherever the targets went, fraud followed.
All said, there was a significant increase in the total number of unique phishing and scam pages, soaring from 10.5 million to 13.4 million representing a 27.8% increase in global phishing activities compared to 2022.
The below trends shed light on the alarming fact that phishing and online fraud not only continue to pose a persistent and growing threat to individuals and organizations worldwide, but that key environmental conditions provide “perfect storm” scenarios for cybercriminals.
Key trends revealed in the report
1. Financial crisis provided plenty of opportunity for large scale phishing attacks. Phishing attacks directly targeted banks, startups, and impacted consumers after the collapse of banking giants in March 2023. Consumers and businesses already facing a high-pressure environment had to remain diligent against emotionally-driven attacker activity capitalizing on FUD (fear, uncertainty, and doubt).
2. Brand impersonations took place on a massive scale. A major brand impersonation scam campaign with over 6,000 active phishing sites targeting 100+ well-known brands was uncovered in June 2023. The Bolster research team estimated that some of the scam sites had been active since 2020 and have caused considerable financial and brand damage.
3. Holiday seasons were still the peak months for new consumer scams. During the busy 2023 holiday season, our research team identified a USPS scam campaign targeting consumers with fake shipping notifications. Unlike 2022 where scammers were issuing fake gift cards en masse, 2023 showed an uptick in fake delivery service scams. By targeting a widespread service during the busiest time of year for online sales and shipping needs, hackers caught victims at a vulnerable time.
4. Hackers found opportunity in the waves of layoffs in 2023. Fake job postings targeted customers, and businesses globally, this year more than ever. With more people job searching due to market impacts in 2023, hackers didn’t hesitate to profit off these vulnerable individuals. With 2024 layoffs still riding high, we expect that this scam will continue well into the end of the year.
5. GPTs are slowly becoming a hacker’s favorite tool. From conversational AI to malware creating GPTs, our research team uncovered a large amount of AI-empowered phishing and scam campaigns in 2023. We expect this to explode in 2024 as more hackers are getting more fluent in how to use AI in their nefarious activities.
As the above shows, despite increased awareness and attempts to combat phishing, cybercriminals are continuously refining their tactics, resulting in an ever-expanding pool of malicious websites.
Our survey serves as a stark reminder that even in the face of extensive cybersecurity measures, phishing remains a pervasive problem that demands urgent attention and proactive countermeasures.
When & Where Attacks Happened
While you should always be on alert, the findings below help paint the picture of when and where attacks are most prevalent.
1. Attackers are most active in August: The period from September to November has been identified as some of the busiest months for phishing attacks, coinciding with the onset of the holiday shopping season. Bolster research has found that the three months leading up to the holiday season in December account for 20% of all phishing and scam activity for the entire year of 2023. That said, August of 2023 recorded a record high of 2.2M unique malicious websites when many Americans are off on summer vacation.
2. Large infrastructures means more places to hide: Phishing campaigns often exploit the infrastructure provided by top hosting providers, with notable names such as Cloudflare (1.2 million registrations), Amazon (1.2 million registrations), and Google (1 million registrations) being among the most commonly abused platforms. Bolster analyzed data from over 9,000 hosting providers across the world with the most abused including Amazon, Cloudflare, and Google. Here are the top 10:
3. America always wins the popularity contest: The top countries associated with hosting phishing domains include the United States (48.9 million tracked phishing activity), Germany (11.5 million tracked phishing activity), Canada (4.9 million tracked phishing activity), Russia (4.1 million tracked phishing activity), and the United Kingdom (3 million tracked phishing activity). The United States, not surprisingly, alone accounted for 47% of the world’s phishing and scam registrations.
4. Registrars are a hotbed for cybercriminals: Phishing attackers often rely on specific domain registrars to facilitate their illicit activities. Some of the top registrars frequently exploited by cybercriminals for phishing attacks include GoDaddy.com (1 million phishing attacks), Namecheap (447K phishing attacks), and 101domain (183K phishing attacks). Bolster saw phishing activity among 7000 registrars across the world with the top 10 registrars listed below:
5. Explosion of TLDs means more typosquat attacks: Bolster research finds that cybercriminals continue to leverage the familiarity and trust associated with the .com TLD to deceive unsuspecting victims. Despite the availability of numerous alternative TLDs, such as .xyz and others, the enduring popularity of .com for malicious activities underscores the need for continuous vigilance and robust cybersecurity measures to combat phishing attacks. The below table shows the top 10 TLDs used in phishing attacks in 2023 versus 2022.
6. Layoffs give rise to fake job scams: With post-COVID-19 digitalization and a growth in remote work seekers, threat actors are often seen preying on individual job ambitions (and the weaknesses in the job market). Cybercriminals construct sophisticated employment offers that often imitate well-known organizations to trick prospective employees into providing personal information or completing financial transactions without the pretense of paying for training or application fees. The rise of fake job scams are quite intricate and often come in variations.
7. Tech, finance, and entertainment are top targeted verticals: Phishing attacks have become a prevalent threat across all industries, but technology companies, finance companies, and entertainment companies have emerged as the top targeted verticals. While an interest in tech and finance might be obvious, cybercriminals exploit users’ trust in popular entertainment brands too, aiming to deceive them into sharing personal information, financial details, or login credentials.
Learn more about how AI is transforming finance
8. User credentials are still the hot ticket item: Speaking of credentials, Bolster has identified 19 categories of scams that pose the biggest threats to organizations and consumers. The top five scams identified by Bolster are login pages (2.9 million attacks), gaming scams (281K attacks), gift card scams (245K attacks), tech support scams (196K attacks), and fake online stores (175K attacks). Login page scams, used to steal sensitive information, involve luring users into giving away their login credentials through fake login pages.
9. Impersonations are reaching an all-time high: Impersonation attacks have been on the rise in recent years, with cybercriminals exploiting the trust and authority of individuals to deceitfully gain access to sensitive information or funds. Executive impersonations, in particular, have skyrocketed in the past year, with criminals posing as executives to trick employees into revealing confidential information, authorizing fraudulent transactions, or participating in false wire transfers. For instance, according to Bolster data, impersonation attacks have jumped 28x more on LinkedIn in 2023 than in 2022. According to the Anti-Phishing Working Group, phishing attacks on social media platforms exploded in late 2023, and constituted 42.8 percent of all phishing attacks.
What to Expect in 2024
It’s one thing to know “where we have been,” but the knowledge isn’t much if you don’t let it tell you where we are going. Of course, it’s not possible to completely predict the activity of hackers, but with this data, we can make informed guesses based on the trends of recent years to help construct the best cyber risk defense.
Our top phishing and fraud predictions for 2024 include:
1. An increase in multichannel attacks: Hackers are getting smarter and are continuing to test new and evolving avenues of attack. Multi-channel phishing attacks are predicted to increase in the coming years as consumers and businesses continue to improve their methods of defense.
2. More TLDs means more challenges with detecting typosquat attacks. With the introduction of numerous new TLDs beyond the traditional .com, .net, and .org, cybercriminals have gained greater flexibility in creating deceptive websites and email addresses that closely mimic legitimate domains. This allows them to carry out more convincing phishing campaigns, tricking unsuspecting users into disclosing sensitive information or performing fraudulent actions.
3. Layoffs will continue the wave of fake job scams. We continue to witness widespread layoffs across various industries, leading to a surge in unemployment rates and a significant influx of job seekers. Unfortunately, this challenging environment has also given rise to the continued use of fake job scams, targeting vulnerable individuals in search of employment. Cybercriminals exploit the desperation and eagerness of job seekers by posing as legitimate employers or recruitment agencies, offering enticing job opportunities that turn out to be fraudulent.
4. Impersonations will continue to skyrocket. In 2023, attackers were increasingly utilizing social media platforms as a launchpad for their malicious activities, posing a greater threat than ever before. One prevalent tactic that gained momentum is impersonation attacks, where cybercriminals create fake profiles or pages that mimic legitimate individuals, organizations, or brands to deceive unsuspecting users. These impersonation attacks are designed to trick victims into disclosing sensitive information, clicking on malicious links, or engaging in fraudulent transactions, exploiting the trust and connectivity that social media fosters.
Learn more: Checking links for phishing
5. AI-powered cyber attacks: With the increasing adoption of artificial intelligence by cybersecurity professionals, it is anticipated that cybercriminals will also harness the power of AI to carry out more sophisticated and targeted attacks. AI-powered malware and botnets may become more prevalent, utilizing machine learning algorithms to evade detection and autonomously adapt to security defenses. These AI-driven attacks could exploit vulnerabilities, conduct reconnaissance, and employ advanced evasion techniques, making them highly challenging to detect and mitigate.
Reclaiming Peace of Mind
With the doom and gloom provided by the 2023 trends and 2024 phishing threats predictions, we can reclaim peace of mind by embracing recommendations on how you can protect your business from threats:
- Utilize automated defense tools
- Lean on community defense tools and resources
- Create an omnichannel protection program
- Use AI to your advantage
- Reduce the amount of time hackers go undetected
While it’s critical to protect your business from the predicted threats for 2024, it’s also important to note the importance of over cyber-risk preparedness and proactive defense.
Download the entire 2024 edition of our Phishing and Online Scams report to learn even more about the different trends, predictions, and recommendations, and to view the many additional data points, statistics, and examples we’ve uncovered and provided.
You can also request an AI security platform demo to analyze phishing and scam threats to your business with securely trained LLM technology from Bolster.