Phishing attacks up 50%, education sector most targeted: Report
Phishing is a technique that attempts to acquire sensitive data, such as bank account numbers, through a fraudulent solicitation in email or on a web site, in which the perpetrator masquerades as a legitimate business or reputable person.
By IANS | Updated:
ETtech
Phishing attacks rose nearly 50% in 2022 compared to 2021 and education was the most targeted industry, with attacks increasing by 576%, suggested a report from cloud security firm Zscaler.
Other sectors that faced the brunt were finance and government, while 2021's top target, retail and wholesale, dropped by 67%, according to the report.
Phishing is a technique that attempts to acquire sensitive data, such as bank account numbers, through a fraudulent solicitation in email or on a web site, in which the perpetrator masquerades as a legitimate business or reputable person.
The top five most targeted countries were the US, the UK, the Netherlands, Canada and Russia and the top targeted brands include Microsoft, Binance, Netflix, Facebook, and Adobe, said the report.
"Threat actors are leveraging phishing kits and AI tools to launch highly effective email, SMishing, and Vishing campaigns at scale," said Deepen Desai, global CISO and head of security at Zscaler.
AI tools like ChatGPT and phishing kits have significantly contributed to the growth of phishing, reducing the technical barriers for criminals and saving them time and resources.
The report found that a majority of modern phishing attacks rely on stolen credentials and outlined the growing threat from Adversary-in-the-Middle attacks, increased use of the InterPlanetary File System (IPFS), as well as reliance on phishing kits sourced from black markets and AI tools like ChatGPT.
Vishing, or voicemail-themed phishing campaigns, have evolved from SMS or SMiShing attacks.
Attackers are using real voice snippets of the executive team in these vishing attacks by leaving a voicemail of these pre-recorded messages.
Then, recipients are pressured into taking action, like transferring money or providing credentials. Many US-based organisations have been targeted using Vishing attacks.
Recruitment scams on LinkedIn and other job recruiting sites are also on the rise, said the report.
Microsoft was once again the most imitated brand of the year, accounting for nearly 31% of attacks as the attackers phished for access to various Microsoft corporate applications of the victim organisations.
Other sectors that faced the brunt were finance and government, while 2021's top target, retail and wholesale, dropped by 67%, according to the report.
Phishing is a technique that attempts to acquire sensitive data, such as bank account numbers, through a fraudulent solicitation in email or on a web site, in which the perpetrator masquerades as a legitimate business or reputable person.
The top five most targeted countries were the US, the UK, the Netherlands, Canada and Russia and the top targeted brands include Microsoft, Binance, Netflix, Facebook, and Adobe, said the report.
"Threat actors are leveraging phishing kits and AI tools to launch highly effective email, SMishing, and Vishing campaigns at scale," said Deepen Desai, global CISO and head of security at Zscaler.
AI tools like ChatGPT and phishing kits have significantly contributed to the growth of phishing, reducing the technical barriers for criminals and saving them time and resources.
ADVERTISEMENT
The report found that a majority of modern phishing attacks rely on stolen credentials and outlined the growing threat from Adversary-in-the-Middle attacks, increased use of the InterPlanetary File System (IPFS), as well as reliance on phishing kits sourced from black markets and AI tools like ChatGPT.
Vishing, or voicemail-themed phishing campaigns, have evolved from SMS or SMiShing attacks.
Attackers are using real voice snippets of the executive team in these vishing attacks by leaving a voicemail of these pre-recorded messages.
Then, recipients are pressured into taking action, like transferring money or providing credentials. Many US-based organisations have been targeted using Vishing attacks.
ADVERTISEMENT
Recruitment scams on LinkedIn and other job recruiting sites are also on the rise, said the report.
Microsoft was once again the most imitated brand of the year, accounting for nearly 31% of attacks as the attackers phished for access to various Microsoft corporate applications of the victim organisations.
Download
The Economic Times Business News App for the Latest News in Business, Sensex, Stock Market Updates & More.
The Economic Times Business News App for the Latest News in Business, Sensex, Stock Market Updates & More.
Download
The Economic Times News App for Quarterly Results, Latest News in ITR, Business, Share Market, Live Sensex News & More.
The Economic Times News App for Quarterly Results, Latest News in ITR, Business, Share Market, Live Sensex News & More.
Related Articles
Meta to take legal action against Israeli spyware firm NSO, foils phishing attacks2026-06-08T11:03:21Z- Nearly 9 in 10 phishing scams steal login details: What to do immediately if you fall victim to a phishing attack2026-01-17T09:06:12Z
- Phishing attack hits Zerodha’s Nithin Kamath, ‘one slip of the mind’ is all it took2025-10-16T11:56:22Z
ADVERTISEMENT
