In 2024, multinational cybersecurity and anti-virus provider Kaspersky detected an 18% increase in phishing attempts in Pakistan compared to the year prior.
In its annual compilation of cyber-threat statistics, the company said it had blocked 26% more phishing attempts globally in 2024 compared to 2023. Every second email in corporate mailboxes was spam, it said, adding cybercriminals continued to capitalize on well-known brands like Booking, Airbnb, TikTok and Telegram to steal credentials or install malware. Additionally, users encountered more than 125 million attacks involving malicious email attachments.
According to the report, Kaspersky’s security solutions blocked over 893 million phishing attempts globally in 2024—a 26% increase the nearly 710 million attempts in 2023. It cited a surge in phishing attempts between May and July are tied to the holiday season, when fraudsters frequently try to lure travelers with scams involving fake airline and hotel bookings, deceptive tour packages and too-good-to-be-true offers.
Providing examples, Kaspersky referred to an ongoing campaign targeting TikTok Shop users through fake login pages designed to steal credentials. Additionally, scammers capitalized on trending news, orchestrating fraud schemes involving hype topics such as cryptocurrency game Hamster Kombat and TON wallets.
Fraudulent schemes also tended to capitalize on fake celebrity images in 2024, falsely promoting nonexistent giveaways of valuable prizes to fans. The trend persists in 2025.
“While the core mechanics of phishing and scams remain unchanged, attackers constantly refine their disguises,” said Olga Svistunova, a security expert at Kaspersky. “They capitalize on trending news, hype-driven topics, and even combine branding from multiple companies on a single phishing page to enhance efficiencies of their campaigns. A.I.-driven tools help them to create highly convincing fake websites, making fraud harder to detect. These evolving tactics pose a growing risk—not just to financial security but also to personal identity protection,” she said. Vigilance and robust cybersecurity solutions are crucial to avoid such scams, she advised.
Data compiled by Kaspersky shows both individuals and corporate users received over 125 million malicious email attachments in 2024, with cybercriminals using various tactics such as sending emails with password-protected archives containing malicious content and SVG images disguised as harmless graphics. Attackers lured victims into clicking on malicious content through fake court appeals, fake deals, counterfeit official notifications and more.
In order to avoid becoming a victim of phishing, scam or malicious messages, Kaspersky experts have advised internet users to only open emails and click links if they can trust the sender. Additionally, they have advised checking with the sender through alternate means of communication if the content of their message seems strange. The organization has urged users to check the spelling of a website’s URL if they suspect a phishing page.