Zscaler’s 2023 Phishing Report details the latest trends in phishing attacks, and how organizations can protect themselves from these cyber threats.
Phishing scams continue to pose a significant risk as cybercriminals adopt more advanced methods. With phishing kits and artificial intelligence (AI) tools like ChatGPT becoming widely available, it’s easier than ever for cybercriminals to create targeted campaigns, manipulate users, and obtain personal information, according to Zscaler’s newly released 2023 ThreatLabz Phishing Report.
An overall increase in phishing attempts
The report provides an in-depth analysis of recent phishing trends, observations from Zscaler’s ThreatLabz team, and best practices for protecting organizations against evolving phishing techniques. ThreatLabz evaluated a year’s worth of global phishing data from the Zscaler security cloud, which monitors over 280 billion daily transactions worldwide. The research uncovered a nearly 50 percent increase in phishing attempts in 2022 compared to 2021—a trend that’s expected to persist in 2023.
Where do most phishing scams take place?
The U.S. remains the most targeted country for phishing attacks, accounting for more than 65 percent of all attempts. However, several countries saw a rise in phishing attempts in 2022, including the UK, which experienced a staggering 269 percent surge in attacks. Other countries, such as Canada, Russia, and Japan, also saw increased phishing attempts, with Canada witnessing a 718 percent uptick. In contrast, phishing attacks in Hungary and Singapore declined by 90 percent and 48 percent, respectively.
Which industries are most targeted by phishing attacks?
Education was the most targeted sector for phishing in 2022. There was a 576 percent increase in education-related attacks due to new remote learning vulnerabilities, as well as cybercriminals targeting student loan repayment and debt relief applications. The finance and insurance sectors also experienced a 273 percent uptick, while healthcare saw a substantial increase from 31 million to over 114 million. Retail and wholesale, on the other hand, saw a 67 percent decline in attacks, which is attributed to changes in consumer behavior after a high online shopping activity in 2021.
Which brands are most often imitated in phishing scams?
Today’s sophisticated phishing scams can easily deceive unsuspecting consumers by mimicking popular brands, including productivity tools, cryptocurrency sites, social media platforms, financial institutions, and various services. ThreatLabz uncovered that Microsoft was the most imitated brand in 2022, accounting for nearly 31 percent of attacks. Leading Microsoft services targeted by cybercriminals were OneDrive, SharePoint, and Microsoft 365.
The second most imitated brand was a cryptocurrency exchange called Binance, which constituted 17 percent of attacks. Illegal streaming sites made up nearly 14 percent of attacks, experiencing spikes during major sporting events like the FIFA World Cup. COVID-themed attacks, although still present, have declined. They accounted for approximately 7 percent of phishing scams in 2021 but dropped to nearly 4 percent in 2022.
Evolving phishing trends
There were several evolving phishing trends prevalent in 2022. ThreatLabz observed voicemail-themed phishing campaigns or vishing attacks, where cybercriminals targeted users from several U.S. organizations with malicious voicemail notification emails in an attempt to steal their Microsoft 365 and Outlook credentials. Meanwhile, employment scams use fake job listings, websites, portals, and forms to target job seekers.
ThreatLabz also identified a new variation of a widespread phishing campaign using adversary in the middle (AiTM) techniques and multiple evasion tactics. Browser-in-the-browser (BiTB) attacks were on the rise as well. Such attacks imitate a login window within a primary phishing page, leading people to believe they need to enter their single sign-on (SSO) credentials to continue using a website. On top of that, ThreatLabz noticed attackers utilizing legitimate hosting services to host phishing sites and using Dynamic DNS services, which are mainly used for remote access.
Attackers were seen exploiting services designed to assist users in gathering information through forms, such as FormSubmit, an online service that simplifies the creation and management of HTML forms. Furthermore, various standalone applications and browser extensions available online have been used by cybercriminals to clone legitimate websites and alter the data exfiltration code to steal information.
2024 phishing predictions
Zscaler made five predictions for what’s to come in 2024:
- First, cybercriminals will be using AI to launch more coordinated campaigns across communication channels like email, SMS, and the web.
- Second, phishing-as-a-service (PhaaS) will grow to include customized templates, access to larger victim databases, and advanced social engineering techniques.
- Third, mobile attacks will become more prevalent, with hackers developing mobile-friendly content to extort victims financially.
- Fourth, AiTM attacks will increase as cybercriminals find ways to bypass security measures.
- Fifth, personalized attacks will become more challenging to detect, and phishing emails will appear more convincing/legitimate.
Next steps to prevent phishing attacks
The report’s findings show today’s cybercriminals are capable of infiltrating institutions and stealing sensitive data by employing advanced AI tools and techniques. Despite many organizations having strong cybersecurity measures in place, Zscaler recommends reassessing the infrastructure and adopting a zero trust approach. Zero trust fundamentally changes how users access the network and hides the attack surface by eliminating public internet protocol (IP) addresses so they’re not discoverable.
Training to build security awareness is also extremely important, and so is leveraging automated tools and simulating phishing attempts to identify existing gaps in cybersecurity. By taking these steps, organizations can identify and stop malicious activity before it causes harm.