Top phishing attacks in 2024 and the latest phishing scams: What you need to know

Spotting a scam used to be simple. Poor grammar and formatting, typos and pixelated logos. Today though, scammers are using such sophisticated tools and tactics which make traditional security measures look like bicycle locks in the lucrative world of cybercrime.

Phishing scams have become so common, they’re now Australia’s leading cyber threat, with cybercriminals stealing $477 million from everyday Australians in 2023 alone. This astounding figure reflects how these scams have grown. Using AI to create at speed and scale, today’s cyber criminals craft messages so seemingly real and perfectly timed, that even the most tech-savvy among us pause before clicking delete. 

Why phishing scams are everywhere

These attacks are so common because they work – and they work incredibly well; 91% of all cyber attacks begin with a phishing email. In 2023, over 108,600 Australians reported phishing incidents, making it our country’s most prevalent form of scam. 

Cybercriminals don’t need advanced hacking capabilities anymore to pull off a successful phishing attack. They just need to push the right emotional buttons. Whether it’s urgency, golden opportunity, or authority, these tactics bypass our usual careful nature to trigger quick action. 

Even the most careful people can fall victim when a scam email hits the right emotional buttons, which is why human oversight contributes to 95% of successful cyber security breaches. These aren’t always random attempts either. Called social engineering, they’re studying our daily habits, anticipating our reactions, and striking at moments when we’re most likely to let our guard down.

Microsoft and Google are the top brands being impersonated in phishing attempts, with Microsoft accounting for 38% of all brand phishing attempts in Q1 2024.

Top phishing attacks in 2024

Modern phishing comes in many forms, these are today’s most common phishing tricks.

Regular phishing emails impersonating trusted brands. These mass-market scams have authentic-looking logos, urgent deadlines, and offers to lure you in

Targeted spear phishing attacks use your personal information and mention things like your workplace or boss by name, recent purchase details, your children’s school or events you’ve attended

Whaling schemes are aimed at business executives with messages like urgent wire transfer requests from the CEO, confidential, legal or time-sensitive documents for immediate review and financial report requests from imitated auditors

Smishing scams through text messages sound like:

• Tap to track your package links
• Suspicious login detected alerts
• Limited time offers
• Vote now to claim prize 
• Payment declined notifications

Vishing fraud via phone calls come from fake tech support about your computer, fraud departments regarding suspicious charges or organisations demanding outstanding payment.

The StrelaStealer phishing campaign

The StrelaStealer campaign affected over 100 organisations in the US and Europe using convincing emails with malicious attachments which appeared like normal invoices or bills. When opened, these attachments install hidden software that steals email login information from popular email programs. What makes it particularly dangerous is its ability to constantly update and change its tactics to avoid detection by security software, showing how cybercriminals are becoming more advanced in their methods.

Exploiting today’s headlines

Cybercriminals are masters of manipulation, and nothing works better than tapping into current events that already have us concerned. You may come across convincing scams around:

• Federal election updates (confirm your voting registration)
• Cost of living relief scams (claim your energy rebate now)
• Natural disaster support schemes (flood relief payment available)
• Medicare and NDIS changes (update required for extra benefits)
• Interest rate effects (urgent mortgage relief available).

These attacks work because they mirror legitimate communications we could expect to see. The new generation of scams goes far beyond basic email tricks. Cybercriminals can now:

• Creating pixel-perfect copies of bank websites that even include the correct security certificates
• Using AI to craft personalised messages that match companies’ exact writing styles
• Timing attacks to coincide with your real purchases and deliveries
• Building scams that adapt and change based on how you interact with them
• Exploiting trusted platforms like Google Docs and Microsoft 365 to bypass security filters.

Why your antivirus and browser security might miss modern scams

The hard truth is traditional security is falling short in protecting people from modern scams like the ones that feature in the top phishing attacks in 2024. Antivirus software cleans up after an attack and standard browser security catches only known threats. Modern phishing scams require real-time protection to detect and prevent, rather than react to them after they’ve infiltrated. 

Traditional security tools can only spot known threats. But modern scammers:

• Host their scams on legitimate cloud services
• Use real company domains through compromised accounts
• Create websites that appear and disappear within hours
• Deploy AI-powered tools that automatically adjust to avoid detection
• Build scams that only activate when certain conditions are met.

More advanced algorithm technologies are now available and work proactively to detect the above to: 

• Analyse every webpage and identify suspicious patterns you visit before you interact 
• Verify the authenticity of web pages you visit
• Alert you to suspicious links before you enter information
• Spot fake websites even when they look identical to real ones
• Block malicious content before it reaches your device
• Update hourly with the latest cyber threat intelligence

Cybercriminals are constantly innovating. This is why we built Sapher Shield. After seeing too many Australians fall victim to increasingly sophisticated scams (over 108,600 reported incidents in 2023 alone), we knew there had to be a way to stay steps ahead.

Want to see how real-time protection works? Try Sapher Shield free for 30 days and experience worry-free browsing for yourself.