Highlights:

  • The Zscaler ThreatLabz 2024 Phishing Report delves deeply into the realm of phishing, covering the latest tactics and strategies to stay ahead of this threat.
  • The sophistication of AI allegedly enables phishers to deceive even the most vigilant users.

A recent Zscaler security report cautions about the swift advancement and growing complexity of phishing attacks, especially with the use of artificial intelligence, which allows for extremely convincing and precise targeted attacks.

The Zscaler ThreatLabz 2024 Phishing Report delves deeply into the realm of phishing, exploring the most recent tactics employed and strategies to address this threat proactively. AI emerges as a central focus in the report, highlighting its role as a ‘paradigm shift’ in cybercrime, especially within the domain of phishing schemes.

As generative AI becomes increasingly accessible, cybercriminals are leveraging it to swiftly create remarkably convincing phishing campaigns, surpassing previous levels of complexity and efficacy. By employing AI algorithms, threat actors can rapidly sift through extensive datasets to customize their attacks, effortlessly replicating legitimate communications and websites with alarming precision.

The sophistication offered by AI purportedly enables phishers to deceive even the most vigilant users. The report cautions that AI’s influence in reshaping the cyber threat landscape seems limitless, continuously redefining the boundaries of what is achievable in the realm of cyberattacks.

In addition to aiding in the creation of convincing messages, AI is increasingly being utilized in vishing attacks, where criminals employ deepfake technology to generate authentic-looking audio and video content. Vishing attacks, a form of phishing that uses voice communication to deceive individuals into divulging sensitive information by impersonating legitimate entities or authorities, now benefit from AI and deepfakes, allowing attackers to mimic real individuals within a targeted organization.

In the realm of technology, attackers are increasingly employing AI to automate phishing attacks. This utilization of AI is said to complicate efforts to detect and respond to these attacks, rendering them progressively more challenging to identify and address.

Additional discoveries outlined in the report reveal that Zscaler observed a 58.2% surge in global phishing attempts in 2023. In addition to the rise in vishing incidents, other emerging tactics included recruitment scams and browser-in-the-browser attacks.

Phishing attacks primarily targeted the U.S. last year, with the U.K., India, Canada, and Germany following closely behind. The finance sector bore the brunt, representing 27.8% of all phishing attacks and witnessing a staggering 393% year-over-year increase. Manufacturing ranked second at 21%.

Microsoft Corp. emerged as the most impersonated brand, with 43.1% of all phishing attempts directed at it. Additionally, Microsoft’s OneDrive and SharePoint brands were among the top five targets.

The report ends by offering guidance on ways for companies and users to combat phishing. Suggestions encompass regular training for employees to recognize phishing attempts, employing call-blocking and filtering tools to deter suspicious calls, and implementing multifactor authentication to enhance security measures.