• Conversation hijacking: Up 70% from 2022, attackers monitor compromised accounts to craft convincing messages, impacting 0.5% of attacks.

• Business email compromise (BEC): Increased to 10.6% from 8%, targeting money transfers via impersonation.

• Extortion: Accounted for 2.7% of attacks, threatening victims with exposure of sensitive content.

Gmail dominated at 22% of attacks, mainly for BEC scams. Bit.ly was most used for URL shortening, facilitating disguised malicious links. QR code phishing rose to 5% in late 2023, leveraging personal devices outside corporate security.