• by Ray Schultz , Columnist, May 24, 2024

It should come as no surprise that the criminal element has also discovered generative artificial intelligence GenAI.  

There has been a 4,151% increase in malicious emails since ChatGPT was launched in November 2022, according to The State of Phishing: 2024 Mid-Year Assessment, a study by SlashNext.

In the six-month period ending in March of this year alone, there was a 341% hike in malicious emails and 856% compared to the prior 12 months, according to the study.

Legitimate email marketers are facing the threat of AI-driven inbox glut. There are so many suspicious emails coming in that consumers may be reluctant to click through at all.  

Indeed, there have been 59,000 average new threats per day from trusted domains during that six-month period. Credential phishing jumped by 217% from October 2023 to March 2024. 

Mobile phones are particularly vulnerable. Of all mobile attacks, 45% are of the smishing category.  

Business email compromise attacks grew by 29% since January of this year. 

All this has been fueled by increasing technical sophistication on the part of phishing artists. For instance, bad actors are now using CAPTCHA-based attacks.  

Wait, shouldn’t CAPTCHA prevent such attacks? Yes, but… 

“Attackers are exploiting this tool by generating thousands of domains and implementing Cloud-Flare’s CAPTCHAs to hide credential phishing forms from security protocols that are unable to bypass the CAPTCHAs,” the study claims. 

In addition, QR-based attacks have grown to the point where they now represent 11% of all malicious emails. 

“Security vendors and organizations need technology that can identify malicious QR codes in emails and all messaging channels, including personal email and mobile apps, to stop these threats before they experience a costly breach,” the study advises. 

Patrick Harr, CEO of SlashNext, concludes: "Humans have been, and will continue to be, the weakest point in any organization's security. There is a reason threat actors continue to iterate on tactics like phishing that have been around for decades – they are highly effective.”