A new report released today by phishing protection company SlashNext Inc. finds that there has been a whopping 1,265% increase in phishing attacks in the 12 months from the fourth quarter of 2022 to the end of the third quarter of 2023.

The increase was the lede in the SlashNext State of Phishing 2023 report, which was based on the analysis of billions of threats, including link-based, malicious attachments and natural language messages in email, mobile and browser channels. SlashNext researchers also conducted in-depth research into cybercriminal behavior and activity on the dark web, particularly as it relates to leveraging generative artificial intelligence tools. 

Key findings in the report, along with the big increase in overall phishing, include the researchers finding a 967% increase in credential phishing. Credential phishing is a form of cyberattack that involves attackers tricking individuals into providing their login details or personal information, typically through deceptive emails or fake websites.

On average, 31,000 phishing attacks are sent on a daily basis, with 68% of all phishing emails text-based business email compromise or BEC attacks — those that involve cybercriminals impersonating or hijacking business email accounts to deceive victims into making unauthorized transfers of funds or revealing sensitive information. Some 39% of all mobile-based attacks were also found to involve SMS phishing, also known as smishing.

The biggest trend highlighted in the report is the rise of generative AI. SlashNext noted that for cybercriminals, AI chatbots like ChatGPT have lowered the barriers for creating sophisticated BEC attacks and improved malware. The report delves into the emergence of “Dark LLMs” — dark large language models, malicious chatbots and AI jailbreaks — and how these tools have contributed to the increase in phishing to date.

In addition, more than 300 cybersecurity professionals were also surveyed for the report. Close to half said they had received a BEC attack, 77% said they had been the targets of phishing attacks, and 28% reported receiving phishing messages via text messages.

Mika Aalto, co-founder and chief executive officer at human risk management platform company HoxHunt Oy, told SliconANGLE that AI and large language models such as ChatGPT are being used to create more convincing phishing messages at large scale and that his company is also seeing an increase in attacks initiated via fake social media accounts and MMS.

“AI lowers the technical barrier to create a convincing profile picture and impeccable text, not to mention code malware,” Aalto said. “The threat landscape is shifting incredibly fast now with the introduction of AI to the game. But the good news is that AI can also be used to defend against sophisticated attacks and we’ve seen that good training continues to have a protective effect against AI-generated threats.”

Image: SlashNext