A new report reveals a year-on-year increase of nearly 60 percent in global phishing attacks, fueled in part by the proliferation of generative AI-driven schemes such as voice phishing (vishing) and deepfake phishing.
The report from Zscaler ThreatLabz shows that in 2023 the US (55.9 percent), UK (5.6 percent) and India (3.9 percent) are the top countries targeted by phishing scams. The high level of phishing in the US is attributable to its advanced digital infrastructure, large population of internet-connected users and extensive use of online financial transactions.
“Phishing remains a persistent and often underestimated threat within the cybersecurity landscape, growing more sophisticated as threat actors harness cutting-edge advancements in generative AI and manipulate trusted platforms to intensify attacks,” says Deepen Desai, global chief information security officer at Zscaler. “In this context, the latest ThreatLabz insights are more crucial than ever for informing our strategies and strengthening phishing defenses. These findings emphasize the need for organizations to adopt a proactive layered approach that integrates a robust zero trust architecture with advanced AI-powered phishing prevention controls to effectively counteract these evolving threats.”
The finance and insurance sector experienced the highest number of overall phishing attempts, amounting to a 393 percent increase of attacks from the previous year. The manufacturing sector also experienced a significant uptick (31 percent) in phishing attacks from 2022 to 2023, underscoring the growing awareness of the industry’s vulnerability. As manufacturing processes become more reliant on digital systems and interconnected technologies like IoT/OT, the risk of exploitation by threat actors seeking unauthorized access or disruption also grows.
Microsoft (43 percent) emerges as the top imitated enterprise brand in 2023, with its OneDrive (12 percent) and SharePoint (three percent) platforms also ranking in the top five, acting as lucrative targets for cybercriminals aiming to exploit Microsoft’s vast user base.
The full report is available from the Zscaler site.
Image credit: peshkov/depositphotos.com