Kaspersky’s security solutions blocked over 893-million phishing attempts in 2024 – a 26% increase from 2023, when the total stood at nearly 710-million.
The surge in attempts (shown in the graph below) between May-July is traditionally tied to the international holiday season when fraudsters frequently try to lure travelers with scams involving fake airline and hotel bookings, deceptive tour packages and too-good-to-be-true offers.
Experts observed a range of phishing and scam schemes aimed at stealing data, money and installing malicious software. In 2024, cybercriminals often mimicked the websites of well-known brands like Booking.com, Airbnb, TikTok, Telegram, and others. One ongoing campaign, for example, has been targeting TikTok Shop users.
Cybercriminals created fake login pages designed to steal sellers’ credentials. Additionally, scammers capitalised on trending news, orchestrating fraud schemes involving the hype topics, for example cryptocurrency game Hamster Kombat and TON wallets.
Fraudulent schemes also tended to capitalise on fake celebrity images in 2024, falsely promoting giveaways of valuable prizes to fans that were never delivered. The trend persists in 2025.
“While the core mechanics of phishing and scams remain unchanged, attackers constantly refine their disguises,” says Olga Svistunova, a security expert at Kaspersky. “They capitalise on trending news, hype-driven topics, and even combine branding from multiple companies on a single phishing page to enhance efficiencies of their campaigns. AI-driven tools help them to create highly convincing fake websites, making fraud harder to detect.
“These evolving tactics pose a growing risk – not just to financial security but also to personal identity protection. As a result, vigilance and the use of robust cybersecurity solutions have never been more crucial.”
According to Kaspersky data, both individuals and corporate users encountered malicious email attachments more than 125-million times in 2024.
Cybercriminals used various tactics in email campaigns targeting businesses, as observed by experts. These included sending emails with password-protected archives containing malicious content and SVG images disguised as harmless graphics, and many other schemes.
Attackers lured victims into clicking on malicious content through fake court appeals, fake deals, counterfeit official notifications and more.
Nearly every second email in a corporate mailbox – 47% of global traffic, marking a 1,27 percentage point increase from the previous year – was spam. South African users encountered 20% more malicious emails in comparison to the previous year.
While spam includes different email threats, including those mentioned above, it is not always malicious and consists mostly of unsolicited advertisements. Experts note that corporate spam trends of the last year prominently feature advertisements for AI solutions, related webinars, online promotion services, follower-boosting schemes and more.