- Vishing (voice phishing) and deepfake phishing attacks are on the rise as attackers leverage generative AI to amplify social engineering tactics.
- The US,
UK ,India ,Canada andGermany were the top five countries targeted by phishing scams. - The finance and insurance industry faced 27.8% of overall phishing attacks, the highest concentration among industries and a staggering 393% year-over-year increase.
- Microsoft remains the most imitated brand, with 43.1% of phishing attempts targeting it.
“Phishing remains a persistent and often underestimated threat within the cybersecurity landscape, growing more sophisticated as threat actors harness cutting-edge advancements in generative AI and manipulate trusted platforms to intensify attacks,” said Deepen Desai, CSO and Head of
In 2023,
Financial industry faces a nearly 400% increase in attacks
The finance and insurance sector experienced the highest number of overall phishing attempts, amounting to a 393% increase of attacks from the previous year. Reliance on digital financial platforms provides ample opportunities for threat actors to carry out phishing campaigns and exploit vulnerabilities in this sector.
The manufacturing industry also experienced a significant uptick (31%) in phishing attacks from 2022 to 2023, underscoring the growing awareness of the industry's vulnerability. As manufacturing processes become more reliant on digital systems and interconnected technologies like IoT/OT, the risk of exploitation by threat actors seeking unauthorized access or disruption also grows.
Microsoft remains the most impersonated brand used in phishing attacks
ThreatLabz researchers identified enterprise brands such as Microsoft, OneDrive, Okta, Adobe and SharePoint as prime targets for impersonation due to their widespread usage and the value associated with acquiring user credentials for these platforms.
Microsoft (43%) emerged as the top imitated enterprise brand in 2023, with its OneDrive (12%) and SharePoint (3%) platforms also ranking in the top five—serving as lucrative targets for cybercriminals aiming to exploit Microsoft’s vast user base.
How a
Organizations can implement a
- Preventing compromise: TLS/SSL inspection at scale, AI-powered browser isolation and policy-driven access controls prevent access to suspicious websites.
- Eliminating lateral movement: Users connect directly to applications, not the network, while AI-powered app segmentation limits the blast radius of a potential incident.
- Shutting down compromised users and insider threats: Inline inspection prevents private application exploit attempts, and integrated deception capabilities detect the most sophisticated attackers.
- Stopping data loss: Inspection of data in-motion and at-rest prevents potential theft by an active attacker.
For a deeper dive into best practices for protecting your organization and to download the full Zscaler ThreatLabz 2024 Phishing Report, visit http://www.zscaler.com/campaign/threatlabz-phishing-report.
Methodology
Zscaler ThreatLabz analyzed 2 billion blocked phishing transactions between January and
About
Media Contact
press@zscaler.com
A photo accompanying this announcement is available at https://www.globenewswire.com/NewsRoom/AttachmentNg/a3ef271b-d70a-462e-92b9-848fb70e37e4
Top Phishing Targets
Top 10 countries that experienced the phishing attempts
2024 GlobeNewswire, Inc., source