The Rate of Phishing Attacks Is Accelerating

The rate of phishing attacks is on the rise, with spam filters identifying one phishing email every 19 seconds last year, compared to an interval of 42 seconds in the previous year.

A key factor driving this increase is artificial intelligence (AI), which has emerged as a cornerstone of fraud operations. AI expedites the deployment of phishing campaigns and enables cybercriminals to craft highly targeted messages that capture user attention more effectively.

AI can tailor logos, phrasing, signatures, and links specifically for individual victims and even generate messages in multiple languages with accurate grammar. According to a study by Cofense, over three-quarters of malicious URLs found in phishing emails were unique links.

Peppering the Message

Since their inception, phishing attempts have often mimicked major brands and entities. However, with the integration of new technologies, impersonation scams are now more effective than ever before. Bad actors can now scrape data from web sources to include personal details in messages.

Much of this data is freely available on social media platforms. Simultaneously, social platforms have become alternative channels for criminals to target victims, such as LinkedIn messages which have increasingly become a common phishing avenue. Many professionals access LinkedIn through company devices, and organizations often lack stringent filtering mechanisms comparable to email security controls.

The Primary Vector

Although phishing has emerged as the primary attack vector for cybercriminals, these initial attempts are frequently just a precursor. The Cofense report revealed that there was a 204% increase in phishing emails delivering malware last year.

Malware like infostealers or remote access trojans (RATs) can have far-reaching consequences. RATs provide cybercriminals with control over parts of the user’s system, while infostealers collect extensive behavioral data beyond just login credentials. AI can play a role in managing malware and extracting data once systems are compromised but is only scratching the surface of potential threats.

Credit bureau Experian flagged AI agents as the top fraud threat for this year, warning that agentic AI could soon autonomously handle many aspects of fraud operations.