Fraudsters launch 38 million phishing attacks globally in 2024

Kaspersky reveals that from January to November 2024, it blocked 38,473,274 phishing attacks aimed at online shopping
A representational image. — Deposit Photos
A representational image. — Deposit Photos

Fraudsters and cybercriminals have launched over 38 million phishing attacks, targeting major marketplaces, banking service users, and tech retailers worldwide in 2024, as per a report released on Thursday (November 28).

According to Kaspersky, a Russian multinational cybersecurity firm, these attacks are part of a broader effort to exploit the surge in online shopping during major sales events scheduled in November and December.

Kaspersky’s report on phishing attacks

The cybersecurity firm revealed that from January to November 2024, it blocked an impressive 38,473,274 phishing attacks aimed at online shopping, payment systems, and banking institutions, representing a significant 25% increase over the same period in 2023.

Notably, 44.41% of these attacks targeted banking service users. Moreover, scammers also impersonate major retailers, sending deceptive emails claiming to offer exclusive discounts. 

Such emails link to fake websites that are a copy of legitimate ones, where victims typically lose money, the report revealed.

Additionally, Kaspersky’s experts disclosed that people’s desire to win prizes also results in scams, as cyber criminals send messages promoting limited-time surveys with prize draws, offering rewards like free iPhones and iPads. 

However, to create urgency, they claim only a few "chosen" users can access the deal, pressuring recipients to act immediately.

Fraudsters take advantage of this demand, attempting to steal personal data and funds. The stolen data is either exploited directly by scammers or sold on dark web marketplaces, the experts revealed.

However, to stay safe during the sales season, Kaspersky’s experts advise consumers to verify email senders before clicking links, properly check URLs for errors, and avoid entering personal information on suspicious websites.