Menlo Threat Intelligence has identified more than 752,000 browser-based phishing attacks in the past 12 months. These attacks have spanned across more than 800 enterprises and represent a 140% year-over-year increase. There was also a 130% increase in zero-hour phishing incidents.
The research also found a rise in fraud driven by generative AI, with nearly 600 cases observed. Furthermore, malicious actors are using generative AI to leverage browser flaws, steal user credentials, and circumvent conventional security measures.
Krishna Vishnubhotla, Vice President, Product Strategy at Zimperium, comments, “Phishing attacks have long exploited the mobile form factor, as attackers recognized it as the ideal environment for credential theft. Before the advent of GenAI, attackers were already adept at rapidly creating new domains to bypass traditional phishing detection tools. The focus was on speed and creating domains quickly to evade detection and launch attacks.
“However, with the rise of GenAI, phishing attacks have become more sophisticated and automated, making traditional security tools increasingly ineffective, particularly on mobile. Sophistication shows up in the form of highly realistic and personalized, well-written phishing content at scale across all mobile phishing (mishing) vectors, including audio, video, and voicemail. The automation aspect allows attackers to clone websites in seconds, making brand impersonation easier.
“Combining these capabilities with the form factor or mobile browsers, with their limited URL visibility and reliance on auto-login features, provides the perfect storm for attackers to steal credentials without raising suspicion. When you combine this, a 140% surge in browser-based phishing attacks and the 130% increase in zero-hour phishing attacks makes sense. The situation will only worsen as GenAI models improve and attackers start sharing capabilities and establishing Phishing-as-a-Service models to make money.
“Organizations must adopt real-time, AI-driven mobile security to detect and block phishing before users are compromised. Relying on outdated defenses is no longer enough—security must evolve as fast as the threats.”
Other key findings from the report include:
- Malicious actors developed nearly 1 million phishing sites per month, showing a 700% increase since 2020
- Over half of browser-based phishing attacks incorporated brand impersonation
- 75% of phishing links are hosted on trusted websites