Kaspersky’s security solutions blocked over 893 million phishing attempts in 2024 – a 26% increase from 2023, when the total stood at nearly 710 million. The surge in attempts (shown in the graph below) between May-July is traditionally tied to the holiday season when fraudsters frequently try to lure travelers with scams involving fake airline and hotel bookings, deceptive tour packages and too-good-to-be-true offers.
Experts observed a range of phishing and scam schemes aimed at stealing data, money and installing malicious software. In 2024, cybercriminals often mimicked the websites of well-known brands like Booking, Airbnb, TikTok, Telegram, and others. One ongoing campaign, for example, has been targeting TikTok Shop users. Cybercriminals created fake login pages designed to steal sellers’ credentials. Additionally, scammers capitalized on trending news, orchestrating fraud schemes involving the hype topics, for example cryptocurrency game Hamster Kombat and TON wallets.
Fraudulent schemes also tended to capitalize on fake celebrity images in 2024, falsely promoting giveaways of valuable prizes to fans that were never delivered. The trend persists in 2025.
“While the core mechanics of phishing and scams remain unchanged, attackers constantly refine their disguises. They capitalize on trending news, hype-driven topic, and even combine branding from multiple companies on a single phishing page to enhance efficiencies of their campaigns. AI-driven tools help them to create highly convincing fake websites, making fraud harder to detect. These evolving tactics pose a growing risk – not just to financial security but also to personal identity protection. As a result, vigilance and the use of robust cybersecurity solutions have never been more crucial,” says Olga Svistunova, a security expert at Kaspersky.
Spam and malicious email campaigns
According to Kaspersky data, both individuals and corporate users encountered malicious email attachments more than 125 million times in 2024.
Cybercriminals used various tactics in email campaigns targeting businesses, as observed by experts. These included sending emails with password-protected archives containing malicious content and SVG images disguised as harmless graphics, and many other schemes. Attackers lured victims into clicking on malicious content through fake court appeals, fake deals, counterfeit official notifications and more.
Nearly every second email in a corporate mailbox – 47% of global traffic, marking a 1.27 percentage point increase from the previous year – was spam. While spam includes different email threats, including those mentioned above, it is not always malicious and consists mostly of unsolicited advertisements. Experts note that corporate spam trends of the last year prominently feature advertisements for AI solutions, related webinars, online promotion services, follower-boosting schemes and more.
𝐒𝐭𝐚𝐲 𝐢𝐧𝐟𝐨𝐫𝐦𝐞𝐝 𝐰𝐢𝐭𝐡 𝐨𝐮𝐫 𝐥𝐚𝐭𝐞𝐬𝐭 𝐮𝐩𝐝𝐚𝐭𝐞𝐬 𝐛𝐲 𝐣𝐨𝐢𝐧𝐢𝐧𝐠 𝐭𝐡𝐞 WhatsApp Channel now! 👈📲
𝑭𝒐𝒍𝒍𝒐𝒘 𝑶𝒖𝒓 𝑺𝒐𝒄𝒊𝒂𝒍 𝑴𝒆𝒅𝒊𝒂 𝑷𝒂𝒈𝒆𝐬 👉 Facebook, LinkedIn, Twitter, Instagram
