---
title: "A Roundup of the Top Phishing Attacks in 2024 So Far | DMARC Report"
description: "A Roundup of the Top Phishing Attacks in 2024 So Far from DMARC Report explains practical steps for email authentication, domain protection, deliverability."
image: "https://dmarcreport.com/og/blog/top-phishing-attacks-in-2024-so-far.png"
canonical: "https://dmarcreport.com/blog/top-phishing-attacks-in-2024-so-far/"
---

Quick Answer

\_According to the FBI's 2022 Internet Crime Report (IC3), 300,497 US-based victims reported phishing incidents in a single year, and Business Email Compromise (BEC) caused more than $2.7 billion in direct losses. DMARC Report A Roundup of the Top Phishing Attacks in 2024 So Far

Related: [Free DMARC Checker](/tools/dmarc-checker/) ·[How to Create an SPF Record](/tools/spf-record-generator/) ·[SPF Record Format](/blog/spf-format-checker-dos-and-donts-for-email-authentication/) 

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=undefined%2Fblog%2Ftop-phishing-attacks-in-2024-so-far%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=A%20Roundup%20of%20the%20Top%20Phishing%20Attacks%20in%202024%20So%20Far&url=undefined%2Fblog%2Ftop-phishing-attacks-in-2024-so-far%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=undefined%2Fblog%2Ftop-phishing-attacks-in-2024-so-far%2F "Share on Facebook") [ ](https://reddit.com/submit?url=undefined%2Fblog%2Ftop-phishing-attacks-in-2024-so-far%2F&title=A%20Roundup%20of%20the%20Top%20Phishing%20Attacks%20in%202024%20So%20Far "Share on Reddit") [ ](mailto:?subject=A%20Roundup%20of%20the%20Top%20Phishing%20Attacks%20in%202024%20So%20Far&body=Check out this article: undefined%2Fblog%2Ftop-phishing-attacks-in-2024-so-far%2F "Share via Email") 

![A Roundup of the Top Phishing Attacks in 2024 So Far](https://media.mailhop.org/dmarcreport/images/2022/04/dmarc-alignment-6379.jpg) 

![Dmarc record 1680 150x150](https://media.mailhop.org/dmarcreport/images/2024/05/dmarc-record-1680-150x150.jpg) 

> Domain spoofing is trivially easy without DMARC enforcement, says Brad Slavin, General Manager of DuoCircle. Anyone can send email that looks like it comes from your domain. DMARC with p=reject is the only way to tell receiving servers to block unauthorized senders completely.

\_According to the [FBI’s 2022 Internet Crime Report (IC3)](https://www.ic3.gov/Media/PDF/AnnualReport/2022IC3Report.pdf), 300,497 US-based victims reported phishing incidents in a single year, and Business Email Compromise (BEC) caused more than $2.7 billion in direct losses. DMARC Report

A Roundup of the Top Phishing Attacks in 2024 So Far

```
					<button title="Play" aria-label="Play Episode" aria-pressed="false" class="play-btn">
						
```

Play Episode

```
					</button>
					<button title="Pause" aria-label="Pause Episode" aria-pressed="false" class="pause-btn hide">
						
```

Pause Episode

```
					</button>
				

					<audio preload="none" class="clip clip-13147">
						<source src="https://media.mailhop.org/dmarcreport/images/2024/05/A-Roundup-of-the-Top-Phishing-Attacks-in-2024-So-Far.mp3">
					</audio>
						

							<button class="player-btn player-btn__volume" title="Mute/Unmute">
								
```

Mute/Unmute Episode

```
							</button>
							<button data-skip="-10" class="player-btn player-btn__rwd" title="Rewind 10 seconds">
								
```

Rewind 10 Seconds

```
							</button>
							<button data-speed="1" class="player-btn player-btn__speed" title="Playback Speed" aria-label="Playback Speed">1x</button>
							<button data-skip="30" class="player-btn player-btn__fwd" title="Fast Forward 30 seconds">
								
```

Fast Forward 30 seconds

```
							</button>
						

							<time class="ssp-timer">00:00</time>
							
```

/

```
							<!-- We need actual duration here from the server -->
							<time class="ssp-duration" datetime="PT0H2M12S">2:12</time>
			

								<nav class="player-panels-nav">
												<button class="subscribe-btn" id="subscribe-btn-13147" title="Subscribe">Subscribe</button>
																		<button class="share-btn" id="share-btn-13147" title="Share">Share</button>
										</nav>

						
```

RSS Feed

```
							<input value="https://dmarcreport.com/feed/podcast/dmarc-report" class="input-rss input-rss-13147" title="RSS Feed URL" readonly />
						

						<button class="copy-rss copy-rss-13147" title="Copy RSS Feed URL" aria-label="Copy RSS Feed URL"></button>
					

						Share						
					

						<a href="https://www.facebook.com/sharer/sharer.php?u=https://dmarcreport.com/blog/podcast/a-roundup-of-the-top-phishing-attacks-in-2024-so-far/&t=A Roundup of the Top Phishing Attacks in 2024 So Far" target="blank" rel="noopener noreferrer" class="share-icon facebook" title="Share on Facebook">
							

						</a>
						<a href="https://twitter.com/intent/tweet?text=https://dmarcreport.com/blog/podcast/a-roundup-of-the-top-phishing-attacks-in-2024-so-far/&url=A Roundup of the Top Phishing Attacks in 2024 So Far" target="blank" rel="noopener noreferrer" class="share-icon twitter" title="Share on Twitter">
							

						</a>
						<a href="https://media.mailhop.org/dmarcreport/images/2024/05/A-Roundup-of-the-Top-Phishing-Attacks-in-2024-So-Far.mp3" target="blank" rel="noopener noreferrer" class="share-icon download" title="Download" download>
							

						</a>
					

						Link						
					

						<input value="https://dmarcreport.com/blog/podcast/a-roundup-of-the-top-phishing-attacks-in-2024-so-far/" class="input-link input-link-13147" title="Episode URL" readonly />
					

					<button class="copy-link copy-link-13147" title="Copy Episode URL" aria-label="Copy Episode URL" readonly=""></button>
					

						Embed						

					
```

/\*! This file is auto-generated \*/ ’ title=“Embed Code” class=“input-embed input-embed-13147” readonly/>

```
					<button class="copy-embed copy-embed-13147" title="Copy Embed Code" aria-label="Copy Embed Code"></button>


```

Is your mailbox flooded with [unsolicited emails](https://www.foxnews.com/tech/outsmart-spammers-finally-end-unsolicited-emails)? While most of these emails are harmless (like bulk or spam), some of them have the potential to seriously damage your entire ecosystem. Year after year, these emails are getting more **frequent and formidable**. In fact, we are only halfway into 2024, and the number of fraudulent emails that make it into the targets’ inboxes continues to surge.

A recent [report by SlashNext](https://slashnext.com/the-state-of-phishing-2024/) revealed a 341% increase in malicious emails, and \*\*AI has substantially contributed to this number.

Let us take a look at some of the most \*\*notable phishing attacks that we witnessed in 2024.

## Notable Phishing Attacks of 2024

Undoubtedly, we have come a long way in terms of technological advancements , but with this progress, the like phishing has also evolved, which certainly is not in our favor. With each passing year, cybercriminals are getting smarter at **employing new techniques**, [evading security measures](https://thenextweb.com/news/states-actors-ai-malware-evade-detection-ncsc), and infiltrating the systems of their targets, and the year 2024 is a testament to this.

_While there are many ways for cyber attackers to access private corners of your digital ecosystem, email remains the most **preferred attack vector**_.

Here are some of the most severe email-based phishing attacks of 2024 that you should know about:

## Microsoft and Google Phishing Attacks

A [recent report](https://blog.checkpoint.com/security/microsoft-and-google-top-the-list-in-q1-2024-phishing-attacks-check-point-research-highlights-a-surge-in-cyber-threats/) by Check Point unveiled that Microsoft and Google are the major brands susceptible to being spoofed to execute phishing attacks. In the first quarter of 2024, **Microsoft accounted for 38%** of all attempted [brand phishing attempts](https://www.infosecurity-magazine.com/news/microsoft-impersonated-brand/), making it the top target, followed by **Google at 11%**. What’s more interesting is that most of these attacks typically involved seemingly legitimate emails, meticulously crafted to trick recipients into providing their login credentials or other sensitive information.

## Pepco Social Engineering Attack

_Apart from tech giants, threat actors continue to target retail businesses in 2024_. One such incident happened in February 2024, when Pepco Group, a **major European retailer**, lost around [€15.5 million in a devastating attack.](https://www.helpnetsecurity.com/2024/02/28/pepco-phishing-bec-attack/) According to the COO of OSP Cyber Academy , Irene Coyle, the incident was likely a phishing attack that involved fraudsters spoofing legitimate employee emails to deceive the **finance staff into transferring funds**.

Although there isn’t much clarity on the specifics of the technique, it is speculated that the attack was executed by employing [state-of-the-art AI](https://medium.com/60-leaders/what-is-the-ai-state-of-the-art-b60227856cf2) tools that made it \*\*difficult for the victims to see through the deceit and prevent themselves from falling prey.

## Malware Disguised as a Bank Payment Notice

[In March 2024](https://thehackernews.com/2024/03/alert-new-phishing-attack-delivers.html), a new [phishing campaign](https://thehackernews.com/2024/05/latrodectus-malware-loader-emerges-as.html) emerged that used a novel loader malware to deliver **Agent Tesla**, which plays the role of an information stealer and keylogger. _This attack was uncovered by Trustwave SpiderLabs, which identified that the attack chain began with a \*\*phishing email masquerading as a bank payment notice._ The message was so well crafted that it successfully compelled the users to open an archive file attachment.

This seemingly benign attachment concealed the malicious loader, which used [obfuscation techniques](https://www.techtarget.com/searchsecurity/definition/obfuscation#:~:text=Obfuscation%20means%20to%20make%20something,code%20is%20one%20obfuscation%20method.) to evade detection, [bypass antivirus](https://cyberpedia.reasonlabs.com/EN/antivirus%20bypass.html) defenses, and deploy Agent Tesla to \*\*steal sensitive data from the affected server.

## StrelaStealer Phishing Attacks

Recently, a new wave of phishing attacks has come to the surface that has affected over [100 organizations across the European Union and the United States](https://thehackernews.com/2024/03/new-strelastealer-phishing-attacks-hit.html). According to the researchers at Palo Alto Networks’ Unit 42, these attacks stem from \*\*spam emails with attachments that deliver the StrelaStealer malware .

_The approach behind this attack is so uncomplicated yet sophisticated that it escaped the purview of the employees of more than 100 companies_. In an attempt to evade detection, the attackers simply changed the file format of the attachment and successfully managed to achieve their \*\*malicious intentions of stealing email login data across sectors like finance, government, and manufacturing.

## Learning From the Mistakes

With email being one of the most common channels of communication for the good, bad, and ugly, [email-based phishing attacks](https://www.helpnetsecurity.com/2024/05/21/phishing-statistics-2024/) are here to stay! But this does not mean you cannot protect your organization from **succumbing to such attacks**.

Follow these tips to \*\*mitigate the risk of email-based phishing attacks and strengthen your [security posture](https://crowdstrike.com/cybersecurity-101/secops/security-posture/).

## How Do You Implement Multi-Factor Authentication (MFA)?

Gone are the days of [single-factor authentication](https://www.techtarget.com/searchsecurity/definition/single-factor-authentication-SFA). As email ecosystems and attacks targeting these ecosystems become more complex, it is clear that we need a solution that offers comprehensive and layered protection. _Multi-factor authentication (MFA), like a two-step verification process, checks these boxes and makes it significantly harder for attackers to gain unauthorized access_.

## How Do You Maintain Your Software Regularly?

An often-overlooked way to prevent phishing attacks is to ensure that all software, including [email clients](https://en.wikipedia.org/wiki/Email%5Fclient) and security tools, are **kept up to date**. This simple step can help you identify and patch any \*\*new or existing vulnerabilities that attackers could potentially exploit.

## Conduct Employee Training

It is important that your employees recognize and understand the threats looming over the digital landscape, the latest tactics used in phishing attacks, and more. Regular training sessions among your teams can prove to be a big leap toward cultivating a culture of [cyber resilience](https://www.business-standard.com/economy/news/5-ways-to-increase-cyber-resilience-against-increasingly-diverse-threats-124011100676%5F1.html). The sessions should cover everything about **email-based phishing attacks** \- how to identify suspicious emails, links, and attachments, how to respond to them, and most importantly, how to report them.

![Dmarc report](https://media.mailhop.org/dmarcreport/images/2024/05/dmarc-report-9597.jpg) 

## Prioritize Email Authentication

Implementing [email authentication protocols](https://dmarcreport.com/what-is-dmarc/) ([SPF](https://dmarcreport.com/what-is-spf/), [DKIM](https://dmarcreport.com/what-is-dkim/), and DMARC) is a robust and non-negotiable approach to minimizing the risks of email phishing attacks. By properly configuring these protocols, you can ensure that incoming emails are validated, thereby **reducing the risks of phishing attacks**, spoofed emails, and [email impersonation](https://today.ucsd.edu/story/forwarding%5Fbased%5Fspoofing).

## To Sum Up

Now that you are aware of the most notable phishing attacks of 2024, it is crucial to strategically leverage this information to adopt a **proactive approach to cybersecurity**.

While this might seem like a complex endeavor, you can \*\*trust our team at [DMARCReport](https://dmarcreport.com/) to solve your [email authentication](https://dmarcreport.com/blog/why-email-security-matters-and-how-to-get-it-right/) woes.

Need help? [Reach out to us](https://dmarcreport.com/contact/) today to safeguard your organization’s **digital assets**!

## Topics

[ dkim ](/tags/dkim/)[ DMARC ](/tags/dmarc/)[ email security ](/tags/email-security/)[ SPF ](/tags/spf/) 

![Vasile Diaconu](https://media.mailhop.org/dmarcreport/images/team/vasile-diaconu.jpg) 

[ Vasile Diaconu ](/authors/vasile-diaconu/) 

Operations Lead

Operations Lead at DuoCircle. Runs project management, developer coordination, and technical support execution for DMARC Report.

[LinkedIn Profile →](https://www.linkedin.com/in/vasile-diaconu/) 

## Take control of your DMARC reports

Turn raw XML into actionable dashboards. Start free - no credit card required.

[Start Free Trial](https://app.dmarcreport.com/) [Check Your DMARC Record](/tools/dmarc-checker/) 

## Related Articles

[  Foundational 8m  10 Critical Learnings From Verizon’s 2021 DBIR - A DMARCReport Perspective  Nov 25, 2025 ](/blog/10-critical-learnings-from-verizons-2021-dbir-a-dmarcreport-perspective/)[  Foundational 12m  10 DNS Blacklist Insights That Improve Email Security And Deliverability Fast  Nov 14, 2025 ](/blog/10-dns-blacklist-insights-to-improve-email-security-and-deliverability/)[  Foundational 12m  10 Email Spoofing Detection Tools That Dramatically Improve Brand Protection  Nov 11, 2025 ](/blog/10-email-spoofing-detection-tools-that-dramatically-improve-brand-protection/)[  Foundational 12m  10 Reasons SPF Filtering Is Critical For Email Security  Nov 19, 2025 ](/blog/10-reasons-spf-filtering-is-critical-for-email-security/)

```json
{"@context":"https://schema.org","@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138898167","https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.g2.com/products/dmarc-report/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc","https://www.trustradius.com/products/duocircle/reviews"],"aggregateRating":{"@type":"AggregateRating","ratingValue":"4.8","reviewCount":"470","bestRating":"5","worstRating":"1","url":"https://www.g2.com/products/dmarc-report/reviews"},"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://dmarcreport.com/support/"},"knowsAbout":["DMARC","DMARC Reporting","DMARC Aggregate Reports","DMARC Forensic Reports","Sender Policy Framework","DKIM","Email Authentication","Email Security","DNS Management","Email Deliverability"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"DMARC Report","url":"https://dmarcreport.com","description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","publisher":{"@type":"Organization","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}}
```

```json
[{"@context":"https://schema.org","@type":"BlogPosting","headline":"A Roundup of the Top Phishing Attacks in 2024 So Far","description":"A Roundup of the Top Phishing Attacks in 2024 So Far from DMARC Report explains practical steps for email authentication, domain protection, deliverability.","url":"https://dmarcreport.com/blog/top-phishing-attacks-in-2024-so-far/","datePublished":"2024-05-24T09:49:12.000Z","dateModified":"2026-04-16T15:53:43.000Z","dateCreated":"2024-05-24T09:49:12.000Z","author":{"@type":"Person","@id":"https://dmarcreport.com/authors/vasile-diaconu/#person","name":"Vasile Diaconu","url":"https://dmarcreport.com/authors/vasile-diaconu/","jobTitle":"Operations Lead","description":"Vasile Diaconu is the Operations Lead at DuoCircle, the company behind DMARC Report and AutoSPF. He coordinates between engineering, product, and technical support - running project management, interfacing with developers on customer-reported issues, and making sure work that comes in through the support channel actually gets closed out. Vasile sits at the intersection of customer feedback and engineering execution, giving him a direct view of which email authentication problems customers hit most often in production.","image":"https://media.mailhop.org/dmarcreport/images/team/vasile-diaconu.jpg","knowsAbout":["SaaS Operations","Technical Support Coordination","Customer Issue Resolution","Engineering Program Management","Deployment Operations"],"worksFor":{"@type":"Organization","name":"DMARC Report","url":"https://dmarcreport.com"},"sameAs":["https://www.linkedin.com/in/vasile-diaconu/"]},"publisher":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138898167","https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.g2.com/products/dmarc-report/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc","https://www.trustradius.com/products/duocircle/reviews"],"aggregateRating":{"@type":"AggregateRating","ratingValue":"4.8","reviewCount":"470","bestRating":"5","worstRating":"1","url":"https://www.g2.com/products/dmarc-report/reviews"},"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://dmarcreport.com/support/"},"knowsAbout":["DMARC","DMARC Reporting","DMARC Aggregate Reports","DMARC Forensic Reports","Sender Policy Framework","DKIM","Email Authentication","Email Security","DNS Management","Email Deliverability"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://dmarcreport.com/blog/top-phishing-attacks-in-2024-so-far/"},"articleSection":"foundational","keywords":"dkim, DMARC, email security, SPF","wordCount":1390,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/dmarcreport/images/2022/04/dmarc-alignment-6379.jpg","caption":"A Roundup of the Top Phishing Attacks in 2024 So Far","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}]
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://dmarcreport.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://dmarcreport.com/blog/"},{"@type":"ListItem","position":3,"name":"Foundational","item":"https://dmarcreport.com/foundational/"},{"@type":"ListItem","position":4,"name":"A Roundup of the Top Phishing Attacks in 2024 So Far","item":"https://dmarcreport.com/blog/top-phishing-attacks-in-2024-so-far/"}]}
```