A Phishing Report from a cybersecurity firm has revealed a sharp evolution in phishing tactics, with attackers now focusing on precision over volume. While global phishing activity saw a 20% decline in 2024, the report warns that this apparent dip is misleading. Phishing campaigns are becoming smarter, more personalized, and harder to detect especially with human-centric lures targeting high-value departments like HR, payroll, and finance.
The report is based on the analysis of over 2 billion phishing attempts blocked by firm’s cloud security platform over the past year, offering a deep look into how phishing has matured into a tool for focused social engineering, often using fake tech support, job offers, and cryptocurrency alerts as entry points.
Algoritha: The Most Trusted Name in BFSI Investigations and DFIR Services
Phishing Volume Drops, But Attacks Are Smarter and More Dangerous
Phishing in the United States dropped by nearly 32% in 2024, largely due to improved adoption of email security protocols like DMARC and Google’s sender authentication filters, which alone blocked 265 billion unauthenticated emails. Despite this progress, the US still remains the most targeted country globally.
Meanwhile, phishing attacks on the education sector skyrocketed by 224%, with attackers exploiting academic calendars, exam periods, and financial aid deadlines. The firm notes that many institutions in the sector continue to run on outdated infrastructure and lack adequate defenses, making them soft targets.
Another significant threat area is cryptocurrency scams. Fake wallets and decoy platforms are being used to lure victims into credential harvesting traps. These phishing pages often mimic legitimate transaction notifications, deceiving users into entering wallet passwords and other sensitive data.
Top Phishing Tactics: Voice Scams, CAPTCHAs, and Fake Job Offers
Among the notable trends identified in the report is the rise of voice phishing, or vishing. Attackers are now placing fake support calls pretending to be from internal IT teams, tricking employees into handing over login details on the spot. The firm also observed a growing use of CAPTCHA challenges on phishing sites designed to make them appear more credible and bypass automated detection tools.
Job scams continue to thrive across platforms like LinkedIn and Telegram. Attackers impersonate recruiters or technical support agents, often using live chats and fake onboarding documents to build trust. In 2024 alone, the firm recorded over 159 million such phishing attempts globally.
Zero Trust Strategy Crucial as Attackers Refine Their Methods
The firm warns that phishing is no longer a mass-mail nuisance, but a carefully engineered attack vector. Firm’s Zero Trust Exchange platform actively prevents both initial compromise and lateral movement even when phishing attempts bypass traditional defenses. It uses features like real-time decryption of encrypted traffic, dynamic access controls, and browser isolation to block sophisticated phishing payloads and contain damage from compromised accounts.
The company highlights that the next phase of phishing will continue targeting human vulnerability, with attackers refining psychological tactics and focusing on platforms with high user trust. Organizations are being urged to strengthen internal awareness, reduce over-permissive access, and invest in zero trust architecture to stay ahead.
About the author – Ayush Chaurasia is a postgraduate student passionate about cybersecurity, threat hunting, and global affairs. He explores the intersection of technology, psychology, national security, and geopolitics through insightful writing