2023 Phishing Report Reveals 47.2% Surge in Phishing Attacks Last Year

Phishing attacks continue to be one of the most significant threats facing organizations today. As businesses increasingly rely on digital communication channels, cybercriminals exploit vulnerabilities in email, SMS, and voice communications to launch sophisticated phishing attacks. With the COVID-19 pandemic leading to a surge in remote work over the past several years, the risk of phishing attacks has only increased.

The latest phishing report from Zscaler ThreatLabz reveals that phishing attacks are still on the rise, detailing a 47.2% increase in phishing attacks in 2022 compared to the previous year, a result of cybercriminals using increasingly sophisticated techniques to launch large-scale attacks. Education was the most targeted industry in 2022, with attacks increasing by 576%, while the retail and wholesale sector dropped by 67% from 2021. 

Microsoft brands, including OneDrive and Sharepoint, along with crypto exchange Binance and illegal streaming services, were targeted the most. The United States, the United Kingdom, the Netherlands, Russia, and Canada were the top five most targeted countries. Based on the analysis of 280 billion daily transactions and 8 billion daily blocked attacks, the report highlights the growing use of phishing kits and AI tools to launch highly effective campaigns that bypass traditional security models, including MFA.

Zscaler ThreatLabz publishes this report year after year to help organizations recognize the social engineering tactics and sophisticated coding used in phishing attacks to prevent costly data breaches. The findings continue to emphasize the need for organizations to re-examine their cybersecurity infrastructure and take proactive measures to mitigate the growing threat of phishing scams and the techniques they leverage. 

For example, this year’s report identifies the rise in the use of phishing kits sourced from black markets and chatbot AI tools like ChatGPT, which allow attackers to easily develop more targeted phishing campaigns that manipulate users into sharing their security credentials. With the increased prevalence of AI and PaaS offerings, cybercriminals have an easier time compromising institutions and accessing sensitive data for extortion.

The report also highlights the evolution of phishing attacks beyond SMS phishing (SMiShing) to using voicemail-related phishing (Vishing) to lure victims into opening malicious attachments. Additionally, sophisticated adversary-in-Middle (AiTM) attacks are helping attackers bypass multi-factor authentication (MFA security measures).

To combat these threats, organizations must adopt a Zero Trust architecture that significantly minimizes the attack surface, prevents compromise, and reduces the blast radius in case of a successful attack. By implementing a Zero Trust approach, organizations can ensure that every user, application, device, and network is verified before being granted access to sensitive data.

The 2023 report also provides actionable insights and expert advice on how organizations can employ security best practices to protect themselves from phishing attacks. It highlights the importance of educating employees on the risks of phishing and the need for strong password policies and MFA. Additionally, the report recommends implementing a cloud-based email security solution that uses AI and machine learning to detect and block phishing attacks.

To learn more about the latest phishing threats and how to protect your organization, download the 2023 ThreatLabz Phishing Report today.