Pakistan witnessed an 18% increase in phishing attempts in 2024 compared to the previous year, according to a report released by global cybersecurity firm Kaspersky. The findings highlight a growing concern as cybercriminals continue to exploit well-known brands to steal credentials and install malware.
The report further revealed that phishing attacks globally surged by 26% in 2024, with users encountering over 125 million attacks involving malicious email attachments. Kaspersky noted that a significant portion of these attacks took place in Pakistan, underscoring the increasing sophistication of cyber threats in the region.
A notable trend observed in the report was the seasonal spike in phishing activity between May and July. This period, traditionally linked to holiday bookings and travel, saw an increase in fraudulent schemes targeting travelers with fake airline and hotel bookings, deceptive tour packages, and other scams offering seemingly irresistible deals.
Phishing, a prevalent cyber-attack method, involves deceiving individuals into divulging sensitive information such as usernames, passwords, credit card details, and other personal data. Attackers typically impersonate trustworthy entities via emails, text messages, or fake websites to trick unsuspecting users into sharing confidential information.
Kaspersky’s report highlighted that cybercriminals are increasingly leveraging well-established brands to execute their scams. Platforms like Booking.com, Airbnb, TikTok, and Telegram were among the most exploited by attackers aiming to steal credentials or distribute malware. One ongoing phishing campaign was found to be specifically targeting TikTok Shop users, where fraudsters created counterfeit login pages designed to capture seller credentials.
Additionally, scammers have been capitalizing on trending news and digital trends to craft their fraud strategies. For example, cryptocurrency-related phishing scams centered around the popular blockchain-based game Hamster Kombat and TON wallets have been used to lure unsuspecting victims into fraudulent schemes.
While phishing techniques remain largely the same, Kaspersky warned that cybercriminals are continuously refining their tactics. Attackers are increasingly blending branding from multiple companies on a single phishing page to make their campaigns more convincing. This tactic enhances their ability to bypass user skepticism and security measures.
Olga Svistunova, a security expert at Kaspersky, emphasized the role of AI-driven tools in making phishing scams more effective. According to Svistunova, artificial intelligence has enabled cybercriminals to create highly realistic fake websites, making it even more challenging for individuals to distinguish between legitimate and malicious sites. She cautioned that the evolving nature of phishing attacks presents a growing threat not only to financial security but also to personal identity protection.
To safeguard against phishing attempts, Kaspersky experts advised users to be vigilant when interacting with emails and links, especially those that appear suspicious or come from unfamiliar sources. The company stressed the importance of verifying the authenticity of messages before clicking on links or sharing personal information online.
As cyber threats continue to evolve, organizations and individuals must adopt proactive security measures to protect themselves from the increasing risk of phishing attacks. With the growing reliance on digital platforms for financial transactions, communication, and online shopping, cybersecurity awareness has become more crucial than ever.
